Red Hat Enterprise Linux Automation with Ansible
In this exercise, you troubleshoot task failures that are occurring on one of your managed hosts when running a playbook.
Outcomes
You should be able to troubleshoot managed hosts.
As the student user on the workstation machine, use the lab command to prepare your system for this exercise.
This command prepares your environment and ensures that all required resources are available.
[student@workstation ~]$ lab start troubleshoot-host
Procedure 8.2. Instructions
Change into the
/home/student/troubleshoot-host/directory.[student@workstation ~]$
cd ~/troubleshoot-host/[student@workstation troubleshoot-host]$Run the
mailrelay.ymlplaybook using check mode.[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout mailrelay.yml --checkPLAY [Create mail relay servers] *********************************************** ...output omitted... TASK [Check main.cf file] ****************************************************** ok: [servera.lab.example.com] TASK [Verify main.cf file exists] ********************************************** ok: [servera.lab.example.com] => { "msg": "The main.cf file exists" } ...output omitted... TASK [Start and enable mail services] ******************************************fatal: [servera.lab.example.com]: FAILED! => {"changed": false, "msg": "Could not find the requested service postfix: host"}...output omitted... PLAY RECAP ********************************************************************* servera.lab.example.com : ok=5 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0The
verify main.cf file existstask uses theansible.builtin.statmodule. It confirms thatmain.cfexists on theservera.lab.example.comhost.The
Start and enable mail servicestask failed. It could not start thepostfixservice because you ran the playbook using check mode and therefore the play did not install thepostfixpackage.Important
The task failed because earlier tasks in the play did not ensure that
postfixwas installed on theserverahost, because you ran the playbook in check mode. This failure happened because the playbook did not actually make changes to the host that it normally would have if you ran it normally.Run the playbook again, but without specifying check mode. The error in the
Start and enable mail servicestask should disappear and the playbook should run successfully.[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout mailrelay.ymlPLAY [Create mail relay servers] *********************************************** ...output omitted... TASK [Check main.cf file] ****************************************************** ok: [servera.lab.example.com] TASK [Verify main.cf file exists] ********************************************** ok: [servera.lab.example.com] => { "msg": "The main.cf file exists" } TASK [Start and enable mail services] ******************************************changed: [servera.lab.example.com]...output omitted... PLAY RECAP ********************************************************************* servera.lab.example.com : ok=8 changed=5 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0Edit the
mailrelay.ymlplaybook and add a task to enable thesmtpservice through the firewall. Add the task as the last task, before the handlers....output omitted... - name: Postfix firewalld config ansible.posix.firewalld: state: enabled permanent: true immediate: true service: smtp ...output omitted...
Run the
mailrelay.ymlplaybook. Thepostfix firewalld configtask runs with no errors.[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout mailrelay.ymlPLAY [Create mail relay servers] *********************************************** ...output omitted... TASK [Postfix firewalld config] ************************************************ changed: [servera.lab.example.com] PLAY RECAP ********************************************************************* servera.lab.example.com : ok=8 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0Use
telnetto test if the SMTP service is listening on port TCP/25 on theservera.lab.example.comhost. Disconnect when you are finished.[student@workstation troubleshoot-host]$
telnet servera.lab.example.com 25Trying 172.25.250.10... Connected to servera.lab.example.com. Escape character is '^]'. 220 servera.lab.example.com ESMTP Postfixquit221 2.0.0 Bye Connection closed by foreign host.Run the
samba.ymlplaybook. The first task fails with an error related to an SSH connection problem.[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout samba.ymlPLAY [Install a samba server] ************************************************** TASK [Gathering Facts] ********************************************************* fatal: [servera.lab.exammple.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host servera.lab.exammple.com port 22: Connection timed out", "unreachable": true} PLAY RECAP ********************************************************************* servera.lab.exammple.com : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0 Please review the log for errors.Make sure that you can connect to the
servera.lab.example.commanaged host as thedevopsuser using SSH, and that the correct SSH keys are in place. Log off again when you have finished.[student@workstation troubleshoot-host]$
ssh devops@servera.lab.example.com...output omitted... [devops@servera ~]$exitlogout Connection to servera.lab.example.com closed.That is working normally.
Test to see if you can run modules on the
servera.lab.example.commanaged host by using an ad hoc command that runs theansible.builtin.pingmodule.[student@workstation troubleshoot-host]$
ansible servera.lab.example.com \>-m ansible.builtin.pingservera.lab.example.com | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }Based on the preceding output, that is also working, and successfully connected to the managed host.
This should suggest to you that the problem is not with the SSH configuration and credentials, or with the ad hoc command that you used. So the question now is why the ad hoc command worked and the
ansible-navigatorcommand did not. There might be a problem with the play in the playbook, or with the inventory.Rerun the
samba.ymlplaybook with-vvvvto get more information about the run. An error is issued because theservera.lab.example.commanaged host is not reachable.[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout -vvvv samba.ymlansible-playbook [core 2.13.0] config file = /home/student/troubleshoot-host/ansible.cfg configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Sep 13 2021, 08:18:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 3.0.3 libyaml = True Using /home/student/troubleshoot-host/ansible.cfg as config file ...output omitted... PLAYBOOK: samba.yml ************************************************************ Positional arguments: /home/student/troubleshoot-host/samba.yml verbosity: 4 connection: smart timeout: 10 become_method: sudo tags: ('all',) inventory: ('/home/student/troubleshoot-host/inventory',) forks: 5 1 plays in /home/student/troubleshoot-host/samba.yml PLAY [Install a samba server] ************************************************** TASK [Gathering Facts] ********************************************************* task path: /home/student/troubleshoot-host/samba.yml:2 <servera.lab.exammple.com> ESTABLISH SSH CONNECTION FOR USER: devops ...output omitted... fatal: [servera.lab.exammple.com]: UNREACHABLE! => {"changed": false,"msg": "Failed to connect to the host via ssh: OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021\r\ndebug1: Reading configuration data /home/runner/.ssh/config\r\ndebug1: /home/runner/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host servera.lab.exammple.com originally servera.lab.exammple.com\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/runner/.ssh/config\r\ndebug1: /home/runner/.ssh/config line 1: Applying options for *\r\ndebug2: add_identity_file: ignoring duplicate key ~/.ssh/lab_rsa\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host servera.lab.exammple.com originally servera.lab.exammple.com\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/runner/.ansible/cp/d4775f48c9\" does not exist\r\ndebug2: resolving \"servera.lab.exammple.com\" port 22\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to servera.lab.exammple.com [3.130.253.23] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: connect to address 3.130.253.23 port 22: Connection timed out\r\ndebug1: Connecting to servera.lab.exammple.com [3.130.204.160] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: connect to address 3.130.204.160 port 22: Connection timed out\r\nssh: connect to host servera.lab.exammple.com port 22: Connection timed out","unreachable": true} PLAY RECAP ********************************************************************* servera.lab.exammple.com : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0 Please review the log for errors.Investigate the
inventoryfile for errors.If you look at the
[samba_servers]group,servera.lab.example.comis misspelled (with an extram). Correct this error as shown below:[samba_servers]
servera.lab.example.com...output omitted...Run the playbook again and all tasks should succeed.
[student@workstation troubleshoot-host]$
ansible-navigator run \>-m stdout samba.ymlPLAY [Install a samba server] ************************************************** TASK [Gathering Facts] ********************************************************* ok: [servera.lab.example.com] TASK [Install samba] *********************************************************** changed: [servera.lab.example.com] TASK [Install firewalld] ******************************************************* ok: [servera.lab.example.com] TASK [Debug install_state variable] ******************************************** ok: [servera.lab.example.com] => { "msg": "The state for the samba service is installed" } TASK [Start firewalld] ********************************************************* ok: [servera.lab.example.com] TASK [Configure firewall for samba] ******************************************** changed: [servera.lab.example.com] TASK [Deliver samba config] **************************************************** changed: [servera.lab.example.com] TASK [Start samba] ************************************************************* changed: [servera.lab.example.com] PLAY RECAP ********************************************************************* servera.lab.example.com : ok=8 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
This concludes the section.
Red Hat Linux Automation with Ansible (RH294)
Haley_Ruccio
24 lip 2023
Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.
3
1
980
curl finds no route to host?
TPeters
23 lip 2023
I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?
1
6
1702
Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community
cschunke
18 lip 2023
We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.
8
1
351