RH415 - ch02s05

Ensure that your workstation is prepared to use Ansible and is configured with an appropriate configuration file and inventory, and use a provided playbook to ensure that several servers are in the correct configuration.

Outcomes

Install the ansible-navigator package.
Configure and use Ansible inventories and ansible.cfg files.
Confirm that Ansible is working correctly and can connect to managed hosts.
Run Ansible Playbooks to configure managed hosts.

As the student user on the workstation machine, use the lab command to prepare your environment for this exercise, and to ensure that all required resources are available.

[student@workstation ~]$ lab start ansible-review

Instructions

On the workstation machine, install the ansible-navigator package that provides automation content navigator, to use that machine as your control node.
Install the ansible-navigator package on the workstation machine.
[student@workstation ~]$ sudo dnf install ansible-navigator [sudo] password for student: student ...output omitted... Is this ok [y/N]: y ...output omitted... Complete!
Ensure that the execution environment container image is downloaded for the ansible-navigator tool.
Note
You do not need to download the ee-supported-rhel9 execution environment, because it is preloaded in your classroom.
Use the ansible-navigator tool to list the container images.
[student@workstation ~]$ ansible-navigator images
Press Esc to exit the image list.
Image Tag Execution environment Created Size 0│ee-supported-rhel9 latest True 4 months ago 1.63 GB ^b/PgUp page up ^f/PgDn page down ↑↓ scroll esc back [0-9] goto :help help
Create the /home/student/ansible-review directory.
[student@workstation ~]$ mkdir ~/ansible-review

Navigate to the /home/student/ansible-review directory.

[student@workstation ~]$ cd ~/ansible-review
[student@workstation ansible-review]$

In the /home/student/ansible-review directory, create an Ansible configuration file named ansible.cfg. Use the following values.
Section Directive Value
defaults inventory ./inventory
remote_user ansible-labuser
privilege_escalation become true
become_method sudo
become_user root
become_ask_pass false
[student@workstation ansible-review]$ cat ansible.cfg [defaults] inventory = ./inventory remote_user = ansible-labuser [privilege_escalation] become = true become_method = sudo become_user = root become_ask_pass = false
In the /home/student/ansible-review directory, create the inventory file. Use the following values.
Group Host
prod servera
serverb
test workstation
webserver:children prod
test
[student@workstation ansible-review]$ cat inventory [prod] servera serverb [test] workstation [webserver:children] prod test

Section	Directive	Value
defaults	inventory	./inventory
remote_user	ansible-labuser
privilege_escalation	become	true
become_method	sudo
become_user	root
become_ask_pass	false

Group	Host
prod	servera
serverb
test	workstation
webserver:children	prod
test

List all the managed hosts that are present in the inventory.

[student@workstation ansible-review]$ ansible-navigator inventory \
    -m stdout --graph
@all:
  |--@ungrouped:
  |--@webserver:
  |  |--@prod:
  |  |  |--servera
  |  |  |--serverb
  |  |--@test:
  |  |  |--workstation

In the /home/student/ansible-review directory, create an Ansible Playbook file named webserver.yml. The playbook acts on all hosts in the prod host group. Create the following tasks:

Install the httpd package.
Start the firewalld service.
Create the index.html file with some content.
Use the firewalld Ansible module to enable the http service.

Start the httpd service.

[student@workstation ansible-review]$ cat webserver.yml
---
- name: Start a webserver
  hosts: prod
  tasks:
    - name: Install httpd package
      yum:
        name: httpd
        state: present

    - name: Start firewalld service
      service:
        name: firewalld
        state: started
        enabled: true

    - name: Copy content
      copy:
        content: "Welcome to RH415 webserver\n"
        dest: /var/www/html/index.html

    - name: Add http service to firewalld
      firewalld:
        service: http
        state: enabled
        immediate: true
        permanent: true

    - name: Start httpd service
      service:
        name: httpd
        state: started
        enabled: true
...

Before running your playbook, validate the webserver.yml playbook syntax. Correct any reported errors before continuing.

[student@workstation ansible-review]$ ansible-navigator run -m stdout \
	webserver.yml --syntax-check
playbook: /home/student/ansible-review/webserver.yml

Run the webserver.yml playbook. Read through the generated output to ensure that all tasks completed successfully.

[student@workstation ansible-review]$ ansible-navigator run -m stdout \
	webserver.yml
PLAY [Start a webserver] *******************************************************

TASK [Gathering Facts] *********************************************************
ok: [serverb]
ok: [servera]

TASK [Install httpd package] ***************************************************
changed: [serverb]
changed: [servera]

TASK [Start firewalld service] *************************************************
ok: [serverb]
ok: [servera]

TASK [Copy content] ************************************************************
changed: [serverb]
changed: [servera]

TASK [Add http service to firewalld] *******************************************
changed: [serverb]
changed: [servera]

TASK [Start httpd service] *****************************************************
changed: [serverb]
changed: [servera]

PLAY RECAP *********************************************************************
servera   : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
serverb   : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Use the curl command to verify that both servera.lab.example.com and serverb.lab.example.com are configured as HTTPD servers.

[student@workstation ansible-review]$ curl servera.lab.example.com
Welcome to RH415 webserver
[student@workstation ansible-review]$ curl serverb.lab.example.com
Welcome to RH415 webserver

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade ansible-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish ansible-review

Discuss Red Hat Security: Linux in Physical, Virtual, and Cloud

Go to community

Welcome to the Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) group!

Deanna

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Linux in Physical, Virtual, and Cloud! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH415.Read more about Red Hat Security: Linux in Physical, Virtual, and Cloud here.

415

Revision: rh415-9.2-a821299

Red Hat Security: Linux in Physical, Virtual, and Cloud

Lab: Automating Configuration and Remediation with Ansible

Note