RH354 - ch03s08

Bookmark this page

Guided Exercise: Automating with RHEL System Roles

In this exercise, you will use one of the Red Hat Enterprise Linux system roles in conjunction with a normal task to configure time synchronization and the time zone on your servers.

Outcomes

You should be able to:

Install the Red Hat Enterprise Linux system roles.
Find and use the RHEL system roles documentation.
Use the rhel-system-roles.timesync role in a playbook to configure time synchronization on remote hosts.

Scenario Overview

Your organization maintains two data centers: one in the United States (Chicago) and one in Finland (Helsinki). To aid log analysis of database servers across data centers, ensure that the system clock on each host is synchronized using Network Time Protocol. To aid time-of-day activity analysis across data centers, ensure that each database server has a time zone corresponding to the host's data center location.

Time synchronization has the following requirements:

Use the NTP server located at classroom.example.com. Enable the iburst option to accelerate initial time synchronization.
Use the chrony package for time synchronization.

From workstation, run the command lab tools-automating start to prepare the environment for this exercise. This creates the working directory, tools-automating, and populates it with an Ansible configuration file and host inventory.

[student@workstation ~]$ lab tools-automating start

Log in to your workstation host as student. Verify that ansible is available, and change to the tools-automating working directory.
1. Verify that ansible is available.
```
[student@workstation ~]$ yum list installed ansible
...output omitted...
```
2. Change to the tools-automating working directory.
```
[student@workstation ~]$ cd ~/tools-automating
[student@workstation tools-automating]$ 
```

Install the RHEL system roles on the control node, workstation.lab.example.com. Verify the location of the installed roles on the control node.

Use ansible-galaxy to verify that no roles are initially available. The empty output indicates that no roles were found.
```
[student@workstation tools-automating]$ ansible-galaxy list
...output omitted...
[student@workstation tools-automating]$ 
```

Install the rhel-system-roles package.

[student@workstation tools-automating]$ sudo yum install rhel-system-roles
...output omitted...
Is this ok [y/N]: y
...output omitted...

Use ansible-galaxy to verify that system roles are available.

[student@workstation tools-automating]$ ansible-galaxy list
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.timesync, (unknown version)
- rhel-system-roles.kdump, (unknown version)
- rhel-system-roles.network, (unknown version)
- rhel-system-roles.postfix, (unknown version)
- rhel-system-roles.selinux, (unknown version)
- rhel-system-roles.timesync, (unknown version)

Roles are located in the /usr/share/ansible/roles directory. A role beginning with linux-system-roles is a symlink to the matching rhel-system-roles role.

Create a playbook, configure_time.yml, with one play that targets the database_servers host group. Include the rhel-system-roles.timesync role in the roles section of the play.
The contents of the configure_time.yml now matches:
```
---
- name: Time Synchronization
  hosts: database_servers

  roles:
    - rhel-system-roles.timesync
```

The role documentation contains a description of each role variable, including its default value. Determine the role variables to override to meet the time synchronization requirements.

Place role variable values in a file named timesync.yml. Because these variable values apply to all inventory hosts, place the file in the group_vars/all subdirectory.

Review the Role Variables section of the README.md file for the rhel-system-roles.timesync role.

[student@workstation tools-automating]$ cat \
> /usr/share/doc/rhel-system-roles/timesync/README.md
...output omitted...
Role Variables
--------------

...output omitted...
# List of NTP servers
timesync_ntp_servers:
  - hostname: foo.example.com   # Hostname or address of the server
    minpoll: 4                  # Minimum polling interval (default 6)
    maxpoll: 8                  # Maximum polling interval (default 10)
    iburst: yes                 # Flag enabling fast initial synchronization
                                # (default no)
    pool: no                    # Flag indicating that each resolved address
                                # of the hostname is a separate NTP server
                                # (default no)
...output omitted...
# Name of the package which should be installed and configured for NTP.
# Possible values are "chrony" and "ntp". If not defined, the currently active
# or enabled service will be configured. If no service is active or enabled, a
# package specific to the system and its version will be selected.
timesync_ntp_provider: chrony

Create the group_vars/all subdirectory.

[student@workstation tools-automating]$ mkdir -pv group_vars/all
mkdir: created directory 'group_vars'
mkdir: created directory 'group_vars/all'

Create a new file group_vars/all/timesync.yml using a text editor. Add variable definitions to satisfy the time synchronization requirements. The file now contains:
```
---
#rhel-system-roles.timesync variables for all hosts

timesync_ntp_provider: chrony

timesync_ntp_servers:
  - hostname: classroom.example.com
    iburst: yes
```

Insert a task to set the time zone for each host. Ensure that the task uses the timezone module and executes after the rhel-system-roles.timesync role.
Because hosts may not belong to the same time zone, use a variable (host_timezone) for the time zone name.
1. Review the Examples section of the timezone module documentation.
```
[student@workstation tools-automating]$ ansible-doc timezone | grep -A 4 "EXAMPLES"
EXAMPLES:
- name: set timezone to Asia/Tokyo
  timezone:
    name: Asia/Tokyo
```
2. Add a task to the post_tasks section of the play in the configure_time.yml playbook. Model the task after the documentation example, but use the host_timezone variable for the time zone name.
  The documentation in ansible-doc timezone recommends a restart of the Cron service if the module changes the timezone, to make sure Cron jobs run at the right times. Add a notify keyword to the task, with an associated value of restart crond. The post_tasks section of the play should read:
```
  post_tasks:
    - name: Set timezone
      timezone:
        name: "{{ host_timezone }}"
      notify: restart crond
```
3. Add the restart crond handler to the Time Synchronization play. The complete playbook now contains:
```
---
- name: Time Synchronization
  hosts: database_servers

  roles:
    - rhel-system-roles.timesync

  post_tasks:
    - name: Set timezone
      timezone:
        name: "{{ host_timezone }}"
      notify: restart crond

  handlers:
    - name: restart crond
      service:
        name: crond
        state: restarted
```

For each data center, create a file named timezone.yml that contains an appropriate value for the host_timezone variable. Use the timedatectl list-timezones command to find the valid time zone string for each data center.

Create the group_vars subdirectories for the na_datacenter and europe_datacenter host groups.

[student@workstation tools-automating]$ mkdir -pv \
> group_vars/{na,europe}_datacenter
mkdir: created directory 'group_vars/na_datacenter'
mkdir: created directory 'group_vars/europe_datacenter'

Use the timedatectl list-timezones command to determine the time zone for both the US and European data centers:

[student@workstation tools-automating]$ timedatectl list-timezones | grep Chicago
America/Chicago
[student@workstation tools-automating]$ timedatectl list-timezones | grep Helsinki
Europe/Helsinki

Create the timezone.yml for both data centers:

[student@workstation tools-automating]$ echo "host_timezone: America/Chicago" > \
> group_vars/na_datacenter/timezone.yml
[student@workstation tools-automating]$ echo "host_timezone: Europe/Helsinki" > \
> group_vars/europe_datacenter/timezone.yml

The final file structure of the ~/tools-automating folder should look similar to the following tree command output:

[student@workstation tools-automating]$ tree ~/tools-automating
/home/student/tools-automating/
├── ansible.cfg
├── configure_time.yml
├── group_vars
│   ├── all
│   │   └── timesync.yml
│   ├── europe_datacenter
│   │   └── timezone.yml
│   └── na_datacenter
│       └── timezone.yml
├── inventory
└── roles
    └── requirements.yml

5 directories, 7 files

Run the playbook. Some tasks will result in errors, because they attempt to stop services that are not running in this exercise. The timesync system role would typically expect to find and stop the deprecated NTP services.

[student@workstation tools-automating]$ ansible-playbook configure_time.yml

PLAY [Time Synchronization] **************************************************

TASK [Gathering Facts] *******************************************************
ok: [serverb.lab.example.com]
ok: [servera.lab.example.com]

TASK [rhel-system-roles.timesync : Check if only NTP is needed] **************
ok: [servera.lab.example.com]
ok: [serverb.lab.example.com]

...output omitted...

TASK [rhel-system-roles.timesync : Enable timemaster] ************************
skipping: [servera.lab.example.com]
skipping: [serverb.lab.example.com]

RUNNING HANDLER [rhel-system-roles.timesync : restart chronyd] ***************
changed: [servera.lab.example.com]
changed: [serverb.lab.example.com]

TASK [Set timezone] **********************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]

RUNNING HANDLER [restart crond] **********************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]

PLAY RECAP *******************************************************************
servera.lab.example.com    : ok=17   changed=6    unreachable=0    failed=0
serverb.lab.example.com    : ok=17   changed=6    unreachable=0    failed=0

Verify the time zone settings of each server. Use the Ansible command module to see the output of the timedatectl command on all the database servers.

Note

The actual time-zones listed will vary depending on the time of year, and whether daylight savings is active.

[student@workstation tools-automating]$ ansible database_servers -m command -a timedatectl
serverb.lab.example.com | CHANGED | rc=0 >>
               Local time: Thu 2019-06-13 05:10:57 EEST
           Universal time: Thu 2019-06-13 02:10:57 UTC
                 RTC time: Thu 2019-06-13 02:10:56
                Time zone: Europe/Helsinki (EEST, +0300)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

servera.lab.example.com | CHANGED | rc=0 >>
               Local time: Wed 2019-06-12 21:10:57 CDT
           Universal time: Thu 2019-06-13 02:10:57 UTC
                 RTC time: Thu 2019-06-13 02:10:56
                Time zone: America/Chicago (CDT, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Each server has a time zone setting based on its geographic location.

Finish

Run the lab tools-automating finish command to clean up the managed host.

[student@workstation ~]$ lab tools-automating finish

This concludes the guided exercise.

Discuss RHEL 8 New Features for Experienced Linux Administrators

Go to community

Welcome to the Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH354.Read more about Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators here.

Revision: rh354-8.0-0e36520