Red Hat Enterprise Linux Automation with Ansible
Manage service startup, schedule processes with
at,cron, andsystemd, reboot managed hosts withreboot, and control the default boot target on managed hosts.
Red Hat Enterprise Linux provides several mechanisms that you can use to schedule commands to run at some point in the future.
The at command schedules jobs that run once at a specified time.
The Cron subsystem schedules jobs to run on a recurring schedule, either in a user's personal crontab file, in the system Cron configuration in /etc/crontab, or as a file in /etc/cron.d.
The systemd subsystem also provides timer units that can start service units on a set schedule.
Quick one-time scheduling is done with the ansible.posix.at module.
You create the job to run at a future time, and it is held until that time to execute.
Table 9.3. Options for the ansible.posix.at Module
| Option | Comments |
|---|---|
command
| The command to schedule to run in the future. |
count
| The integer number of units from now that the job should run.
(Must be used with units.) |
units
| Specifies whether count is measured in minutes, hours, days, or weeks. |
script_file
| An existing script file to schedule to run in the future. |
state
| The default value (present) adds a job; absent removes a matching job if present. |
unique
| If set to yes, then if a matching job is already present, a new job is not added. |
In the following example, the task shown uses at to schedule the userdel -r tempuser command to run in 20 minutes.
- name: Remove tempuser
ansible.posix.at:
command: userdel -r tempuser
count: 20
units: minutes
unique: yesYou can configure a command that runs on a repeating schedule by using Cron.
To set up Cron jobs, use the ansible.builtin.cron module.
The name option is mandatory, and is inserted in the crontab as a description of the repeating job.
It is also used by the module to determine if the Cron job already exists, or which Cron job to modify or delete.
Some commonly used parameters for the ansible.builtin.cron module include:
Table 9.4. Options for the ansible.builtin.cron Module
| Options | Comments |
|---|---|
name
| The comment identifying the Cron job. |
job
| The command to run. |
minute, hour, day, month, weekday
| The value for the field in the time specification for the job in the crontab entry.
If not set, "*" (all values) is assumed. |
state
| If set to present, it creates the Cron job (the default); absent removes it. |
user
| The Cron job runs as this user.
If cron_file is not specified, the job is set in that user's crontab file. |
cron_file
| If set, create a system Cron job in cron_file.
You must specify user and a time specification.
If you use a relative path, then the file is created in /etc/cron.d. |
This first example task creates a Cron job in the testing user's personal crontab file.
It runs their personal backup-home-dir script at 16:00 every Friday.
You could log in as that user and run crontab -l after running the playbook to confirm that it worked.
- name: Schedule backups for my home directory
ansible.builtin.cron:
name: Backup my home directory
user: testing
job: /home/testing/bin/backup-home-dir
minute: 0
hour: 16
weekday: 5In the following example, the task creates a system Cron job in the /etc/cron.d/flush_bolt file that runs a command as root to flush the Bolt cache every morning at 11:45.
- name: Schedule job to flush the Bolt cache
ansible.builtin.cron:
name: Flush Bolt cache
cron_file: flush_bolt
user: "root"
minute: 45
hour: 11
job: "php ./app/nut cache:clear"Warning
Do not use cron_file to modify the /etc/crontab file.
The file you specify must only be maintained by Ansible and should only contain the entry specified by the task.
The ansible.builtin.systemd module can be used to enable or disable existing systemd timer units that run recurring jobs (usually systemd service units that eventually exit).
The following example disables and stops the systemd timer that automatically populates the dnf package cache on Red Hat Enterprise Linux 9.
- name: Disable dnf makecache
ansible.builtin.systemd:
name: dnf-makecache.timer
state: stopped
enabled: noYou can choose between two modules to manage services or reload daemons: ansible.builtin.systemd and ansible.builtin.service.
The ansible.builtin.service module is intended to work with a number of service-management systems, including systemd, Upstart, SysVinit, BSD init, and others.
Because it provides a generic interface to the initialization system, it offers a basic set of options to start, stop, restart, and enable services and other daemons.
- name: Start and enable nginx
ansible.builtin.service:
name: nginx
state: started
enabled: yesThe ansible.builtin.systemd module is designed to work with systemd only, but it offers additional configuration options specific to that system and service manager.
The following example that uses ansible.builtin.systemd is equivalent to the preceding example that used ansible.builtin.service:
- name: Start nginx
ansible.builtin.systemd:
name: nginx
state: started
enabled: yesThe next example reloads the httpd daemon, but before it does that it runs systemctl daemon-reload to reload the entire systemd configuration.
- name: Reload web server
ansible.builtin.systemd:
name: httpd
state: reloaded
daemon_reload: yesThe ansible.builtin.systemd module cannot set the default boot target.
You can use the ansible.builtin.command module to set the default boot target.
- name: Change default systemd target
hosts: all
gather_facts: false
vars:
systemd_target: "multi-user.target" 
tasks:
- name: Get current systemd target
ansible.builtin.command:
cmd: systemctl get-default 
changed_when: false 
register: target 
- name: Set default systemd target
ansible.builtin.command:
cmd: systemctl set-default {{ systemd_target }} 
when: systemd_target not in target['stdout'] 
become: true 
| This variable holds the name of the default target you want. |
| This gets the current target. |
| Because this is just gathering information, the task should never report |
| The |
| This command sets the default target. |
| Skip this task if the current default target is already the desired default target. This ensures the task is idempotent. |
| This is the only task in this play that requires |
You can use the dedicated ansible.builtin.reboot module to reboot managed hosts during playbook execution.
This module reboots the managed host, and waits until the managed host comes back up before continuing with playbook execution.
The module determines that a managed host is back up by waiting until Ansible can run a command on the managed host.
The following simple example immediately triggers a reboot:
- name: Reboot now ansible.builtin.reboot:
By default, the playbook waits up to 600 seconds before deciding that the reboot failed, and another 600 seconds before deciding that the test command failed. You can adjust this value so that the timeouts are each 180 seconds. For example:
- name: Reboot, shorten timeout
ansible.builtin.reboot:
reboot_timeout: 180Some other useful options to the module include:
Table 9.5. Options for the ansible.builtin.reboot Module
| Options | Comments |
|---|---|
pre_reboot_delay
| The time to wait before reboot. On Linux, this is measured in minutes, and if less than 60, is rounded down to 0. |
msg
| The message to display to users before reboot. |
test_command
| The command used to determine whether the managed host is usable and ready for more Ansible tasks after reboot.
The default is whoami. |
References
ansible.builtin.cron module - Manage cron.d and crontab entries — Ansible Documentation
ansible.builtin.reboot module - Reboot a machine — Ansible Documentation
ansible.builtin.service module - Manage services — Ansible Documentation
ansible.builtin.systemd module - Manage systemd units — Ansible Documentation
