Red Hat System Administration III: Linux Automation

RH294

Welcome

Course Objectives and Structure

Schedule

Orientation to the Classroom Lab Environment

Internationalization

Chapter 1: Introducing Ansible

Goal: Describe the fundamental Ansible concepts and how it is used, and install Red Hat Ansible Engine.

Objectives:

• Describe the motivation for automating Linux administration tasks with Ansible, fundamental Ansible concepts, and Ansible’s basic architecture.

• Install Ansible on a control node and describe the distinction between community Ansible and Red Hat Ansible Engine.

Quiz: Automating Linux Administration with Ansible

Guided Exercise: Installing Ansible

Summary

• Automation is a key tool to mitigate human error and quickly ensure that your IT infrastructure is in a consistent, correct state.
• Ansible is an open source automation platform that can adapt to many different workflows and environments.
• Ansible can be used to manage many different types of systems, including servers running Linux, Microsoft Windows, or UNIX, and network devices.
• Ansible Playbooks are human-readable text files that describe the desired state of an IT infrastructure.
• Ansible is built around an agentless architecture in which Ansible is installed on a control node and clients do not need any special agent software.
• Ansible connects to managed hosts using standard network protocols such as SSH, and runs code or commands on the managed hosts to ensure that they are in the state specified by Ansible.

Chapter 2: Deploying Ansible

Goal: Configure Ansible to manage hosts and run ad hoc Ansible commands.

Objectives:

• Describe Ansible inventory concepts and manage a static inventory file.

• Describe where Ansible configuration files are located, how Ansible selects them, and edit them to apply changes to default settings.

• Run a single Ansible automation task using an ad hoc command and explain some use cases for ad hoc commands.

Guided Exercise: Building an Ansible Inventory

Guided Exercise: Managing Ansible Configuration Files

Guided Exercise: Running Ad Hoc Commands

Lab: Deploying Ansible

Summary

• Any system upon which Ansible is installed and which has access to the required configuration files and playbooks to manage remote systems (managed hosts) is called a control node.
• Managed hosts are defined in the inventory. Host patterns are used to reference managed hosts defined in an inventory.
• Inventories can be static files or dynamically generated by a program from an external source, such as a directory service or cloud management system.
• Ansible looks for its configuration file in a number of places in order of precedence. The first configuration file found is used; all others are ignored.
• The ansible command is used to perform ad hoc commands on managed hosts.
• Ad hoc commands determine the operation to perform through the use of modules and their arguments, and can make use of Ansible's privilege escalation features.

Chapter 3: Implementing Playbooks

Goal: Write a simple Ansible Playbook and run it to automate tasks on multiple hosts.

Objectives:

• Write a basic Ansible Playbook and run it using the ansible-playbook command.

• Write a playbook that uses multiple plays and per-play privilege escalation.

• Effectively use ansible-doc to learn how to use new modules to implement tasks for a play.

Guided Exercise: Writing and Running Playbooks

Guided Exercise: Implementing Multiple Plays

Lab: Implementing Playbooks

Summary

• A play is an ordered list of tasks, which runs against hosts selected from the inventory.
• A playbook is a text file that contains a list of one or more plays to run in order.
• Ansible Playbooks are written in YAML format.
• YAML files are structured using space indentation to represent the data hierarchy.
• Tasks are implemented using standardized code packaged as Ansible modules.
• The ansible-doc command can list installed modules, and provide documentation and example code snippets of how to use them in playbooks.
• The ansible-playbook command is used to verify playbook syntax and run playbooks.

Chapter 4: Managing Variables and Facts

Goal: Write playbooks that use variables to simplify management of the playbook, and facts to reference information about the managed hosts.

Objectives:

• Create and reference variables that affect particular hosts or host groups, the play, or the global environment, and describe how variable precedence works.

• Encrypt sensitive variables using Ansible Vault, and run playbooks that reference Vault-encrypted variable files.

• Reference data about managed hosts using Ansible facts, and configure custom facts on managed hosts.

Guided Exercise: Managing Variables

Guided Exercise: Managing Secrets

Guided Exercise: Managing Facts

Lab: Managing Variables and Facts

Summary

• Ansible variables allow administrators to reuse values across files in an entire Ansible project.
• Variables can be defined for hosts and host groups in the inventory file.
• Variables can be defined for playbooks by using facts and external files. They can also be defined on the command line.
• The register keyword can be used to capture the output of a command in a variable.
• Ansible Vault is one way to protect sensitive data such as password hashes and private keys for deployment using Ansible Playbooks.
• Ansible facts are variables that are automatically discovered by Ansible from a managed host.

Chapter 5: Implementing Task Control

Goal: Manage task control, handlers, and task errors in Ansible Playbooks.

Objectives:

• Implement loops to write efficient tasks to control when to run tasks.

• Implement a task that runs only when another task changes the managed host.

• Control what happens when a task fails, and what conditions cause a task to fail.

Guided Exercise: Writing Loops and Conditional Tasks

Guided Exercise: Implementing Handlers

Guided Exercise: Handling Task Failure

Lab: Implementing Task Control

Summary

• Loops are used to iterate over a set of values, for example, a simple list of strings, or a list of either hashes or dictionaries.
• Conditionals are used to execute tasks or plays only when certain conditions have been met.
• Handlers are special tasks that execute at the end of the play if notified by other tasks.
• Handlers are only notified when a task reports that it changed something on a managed host.
• Tasks are configured to handle error conditions by ignoring task failure, forcing handlers to be called even if the task failed, mark a task as failed when it succeeded, or override the behavior that causes a task to be marked as changed.
• Blocks are used to group tasks as a unit and to execute other tasks depending upon whether or not all the tasks in the block succeed.

Chapter 6: Deploying Files to Managed Hosts

Goal: Deploy, manage, and adjust files on hosts managed by Ansible.

Objectives:

• Create, install, edit, and remove files on managed hosts, and manage permissions, ownership, SELinux context, and other characteristics of those files.

• Customize files using Jinja2 templates, and deploy them to managed hosts.

Guided Exercise: Modifying and Copying Files to Hosts

Guided Exercise: Deploying Custom Files with Jinja2 Templates

Lab: Deploying Files to Managed Hosts

Summary

• The Files modules library includes modules that allow you to accomplish most tasks related to file management, such as creating, copying, editing, and modifying permissions and other attributes of files.
• You can use Jinja2 templates to dynamically construct files for deployment.
• A Jinja2 template is usually composed of two elements: variables and expressions. Those variables and expressions are replaced with values when the Jinja2 template is rendered.
• Jinja2 filters transform template expressions from one kind or format of data into another.

Chapter 7: Managing Large Projects

Goal: Write playbooks that are optimized for larger and more complex projects.

Objectives:

• Write sophisticated host patterns to efficiently select hosts for a play or ad hoc command.

• Describe the nature and purpose of dynamic inventories and then install and use an existing script as an Ansible dynamic inventory source.

• Tune the number of simultaneous connections that Ansible opens to managed hosts and how Ansible processes groups of managed hosts through the play’s tasks.

• Manage large playbooks by importing or including playbooks and tasks from external files, either unconditionally or based on a conditional test.

Guided Exercise: Selecting Hosts with Host Patterns

Guided Exercise: Managing Dynamic Inventories

Guided Exercise: Configuring Parallelism

Guided Exercise: Including and Importing Files

Lab: Managing Large Projects

Summary

• Host patterns are used to specify the managed hosts to be targeted by plays or ad hoc commands.
• Dynamic inventory scripts can be used to generate dynamic lists of managed hosts from directory services or other sources external to Ansible.
• The forks parameter in the Ansible configuration file sets the maximum number of parallel connections to managed hosts.
• The serial parameter can be used to implement rolling updates across managed hosts by defining the number of managed hosts in each rolling update batch.
• You can use the import_playbook feature to incorporate external play files into playbooks.
• You can use the include_tasks or import_tasks features to incorporate external task files into playbooks.

Chapter 8: Simplifying Playbooks with Roles

Goal: Use Ansible roles to develop playbooks more quickly and to reuse Ansible code.

Objectives:

• Describe what a role is, how it is structured, and how you can use it in a playbook.

• Create a role in a playbook’s project directory and run it as part of one of the plays in the playbook.

• Select and retrieve roles from Ansible Galaxy or other sources, such as a Git repository, and use them in your playbooks.

• Write playbooks that take advantage of Red Hat Enterprise Linux System Roles to perform standard operations.

Quiz: Describing Role Structure

Guided Exercise: Reusing Content with System Roles

Guided Exercise: Creating Roles

Guided Exercise: Deploying Roles with Ansible Galaxy

Lab: Simplifying Playbooks with Roles

Summary

• Roles organize Ansible code in a way that allows reuse and sharing.
• Red Hat Enterprise Linux System Roles are a collection of tested and supported roles intended to help you configure host subsystems across versions of Red Hat Enterprise Linux.
• Ansible Galaxy is a public library of Ansible roles written by Ansible users. The ansible-galaxy command can search for, display information about, install, list, remove, or initialize roles.
• External roles needed by a playbook may be defined in the roles/requirements.yml file. The ansible-galaxy install -r roles/requirements.yml command uses this file to install the roles on the control node.

Chapter 9: Troubleshooting Ansible

Goal: Troubleshoot playbooks and managed hosts.

Objectives:

• Troubleshoot generic issues with a new playbook and repair them.

• Troubleshoot failures on managed hosts when running a playbook.

Guided Exercise: Troubleshooting Playbooks

Guided Exercise: Troubleshooting Ansible Managed Hosts

Lab: Troubleshooting Ansible

Summary

• Ansible provides built-in logging. This feature is not enabled by default.
• The log_path parameter in the default section of the ansible.cfg configuration file specifies the location of the log file to which all Ansible output is redirected.
• The debug module provides additional debugging information while running a playbook (for example, current value for a variable).
• The -v option of the ansible-playbook command provides several levels of output verbosity. This is useful for debugging Ansible tasks when running a playbook.
• The --check option enables Ansible modules with check mode support to display the changes to be performed, instead of applying those changes to the managed hosts.
• Additional checks can be executed on the managed hosts using ad hoc commands.

Chapter 10: Automating Linux Administration Tasks

Goal: Automate common Linux system administration tasks with Ansible.

Objectives:

• Subscribe systems, configure software channels and repositories, and manage RPM packages on managed hosts.

• Manage Linux users and groups, configure SSH, and modify Sudo configuration on managed hosts.

• Manage service startup, schedule processes with at, cron, and systemd, reboot, and control the default boot target on managed hosts.

• Partition storage devices, configure LVM, format partitions or logical volumes, mount file systems, and add swap files or spaces.

Guided Exercise: Managing Software and Subscriptions

Guided Exercise: Managing Users and Authentication

Guided Exercise: Managing the Boot Process and Scheduled Processes

Guided Exercise: Managing Storage

Guided Exercise: Managing Network Configuration

Lab: Automating Linux Administration Tasks

Summary

• The yum_repository module configures a Yum repository on a managed host. For repositories that use public keys, you can verify that the key is available with the rpm_key module.
• The user and group modules create users and groups respectively on a managed host. You can configure authorized keys for a user with the authorized_key module.
• Cron jobs can be configured on managed hosts with the cron module.
• Ansible supports the configuration of logical volumes with the lvg, and lvol modules. The parted and filesystem modules support respectively the partition of devices and creation of filesystems.
• Red Hat Enterprise Linux 8 includes the network system role which supports the configuration of network interfaces on managed hosts.

Chapter 11: Comprehensive Review

Lab: Deploying Ansible

Lab: Creating Playbooks

Lab: Creating Roles and Using Dynamic Inventory

Appendix: Supplementary Topics

Appendix: Ansible Lightbulb Licensing