Red Hat Enterprise Linux Automation with Ansible

RH294

Welcome

Course Objectives and Structure

Schedule

Chapter 1: Introducing Ansible

Goal: Describe the fundamental concepts of Ansible and how it is used, and install development tools from Red Hat Ansible Automation Platform.

Objectives:

Describe the motivation for automating Linux administration tasks with Ansible, fundamental Ansible concepts, and the basic architecture of Ansible.
Install Ansible on a control node and describe the distinction between community Ansible and Red Hat Ansible Automation Platform.

Automating Linux Administration with Ansible

Automation and Linux System Administration

What Is Ansible?

Ansible: The Language of DevOps

Ansible across the application lifecycle

Ansible Concepts and Architecture

Getting Support for Ansible

The Ansible Way

Use Cases

Quiz: Automating Linux Administration with Ansible

Installing Ansible

Ansible and Red Hat Ansible Automation Platform

Red Hat Ansible Automation Platform 2 Overview

User experience: Adapting execution environments to your needs

Preparing a Control Node

Preparing Managed Hosts

Guided Exercise: Installing Ansible

Summary

Automation helps you mitigate human error and ensure that your IT infrastructure is in a consistent, correct state.
Ansible is an open source automation platform that can adapt to many workflows and environments.
Red Hat Ansible Automation Platform is a fully supported version of Ansible that also includes a number of additional components and tools to help you develop, deploy, and manage your automation code.
Ansible can be used to manage many types of systems, including servers running Linux, servers running Microsoft Windows, and network devices.
Ansible Playbooks are human-readable text files that describe the desired state of an IT infrastructure.

Summary (continued)

Ansible connects to managed hosts using standard network protocols such as SSH, and runs code or commands on the managed hosts to ensure that they are in the state specified.
Ansible is built around an agentless architecture in which the Ansible software is only installed on a control node and in automation execution environments.
Automation content navigator (ansible-navigator) is a key tool that helps you develop and run your Ansible automation code.

Chapter 2: Implementing an Ansible Playbook

Goal: Create an inventory of managed hosts, write a simple Ansible Playbook, and run the playbook to automate tasks on those hosts.

Objectives:

Describe Ansible inventory concepts and manage a static inventory file.
Describe where Ansible configuration files are located, how Ansible selects them, and edit them to apply changes to default settings.
Write a basic Ansible Playbook and run it using the automation content navigator.
Write a playbook that uses multiple plays with per-play privilege escalation, and effectively use automation content navigator to find new modules in available Ansible Content Collections and use them to implement tasks for a play.

Building an Ansible Inventory

Defining the Inventory

Specifying Managed Hosts with a Static Inventory

Dynamic Inventories

Guided Exercise: Building an Ansible Inventory

Managing Ansible Configuration Files

Configuring Ansible

Managing Ansible Settings

Managing Settings for Automation Content Navigator

Configuration File Comments

Guided Exercise: Managing Ansible Configuration Files

Writing and Running Playbooks

Ansible Playbooks

Formatting an Ansible Playbook

Finding Modules for Tasks

Running Playbooks

Guided Exercise: Writing and Running Playbooks

Implementing Multiple Plays

Writing Multiple Plays

Remote Users and Privilege Escalation in Plays

Selecting Modules

YAML Syntax

Guided Exercise: Implementing Multiple Plays

Lab: Implementing an Ansible Playbook

Summary

A play is an ordered list of tasks that run against hosts selected from the inventory.
A playbook is a text file that contains a list of one or more plays to run in order.
Ansible Playbooks are written in YAML format.
Ansible plays are idempotent, which means they avoid making any changes if they detect that the current state matches the desired final state.
YAML files are structured using space indentation to represent the data hierarchy.
Tasks are implemented using standardized code packaged as Ansible modules.

Summary (continued)

Ansible modules are packaged into Ansible Content Collections, which are a distribution format for Ansible content that can include playbooks, roles, modules, and plug-ins.
The ansible-navigator doc command can list modules in your automation execution environments, and provide documentation and example code snippets of how to use them in playbooks.
The ansible-navigator run command is used to run playbooks and validate playbook syntax.

Chapter 3: Managing Variables and Facts

Goal: Write playbooks that use variables to simplify management of the playbook and facts to reference information about managed hosts.

Objectives:

Create and reference variables that affect particular hosts or host groups, the play, or the global environment, and describe how variable precedence works.
Encrypt sensitive variables using Ansible Vault, and run playbooks that reference Vault-encrypted variable files.
Reference data about managed hosts using Ansible facts, and configure custom facts on managed hosts.

Managing Variables

Introduction to Ansible Variables

Naming Variables

Defining Variables

Variables in Playbooks

Host Variables and Group Variables

Overriding Variables from the Command Line

Using Dictionaries as Variables

Capturing Command Output with Registered Variables

Guided Exercise: Managing Variables

Managing Secrets

Introducing Ansible Vault

Playbooks and Ansible Vault

Guided Exercise: Managing Secrets

Managing Facts

Describing Ansible Facts

Ansible Facts Injected as Variables

Turning off Fact Gathering

Gathering a Subset of Facts

Creating Custom Facts

Creating Variables from Other Variables

Using Magic Variables

Guided Exercise: Managing Facts

Lab: Managing Variables and Facts

Summary

Ansible variables help you reuse values across files in an entire Ansible project.
You can define variables for hosts and host groups in the inventory file.
You can define variables for plays and tasks in the playbook or in external files.
Extra variables are defined on the command line and take precedence over all other variables.
You can use the register keyword to capture the output of a command in a variable.
Ansible Vault provides one way to protect sensitive data, such as password hashes and private keys that are used by your Ansible Playbooks.
Ansible facts are variables that Ansible automatically discovers from a managed host.

Chapter 4: Implementing Task Control

Goal: Manage task control, handlers, and task errors in Ansible Playbooks.

Objectives:

Use loops to write efficient tasks and use conditions to control when to run tasks.
Implement a task that runs only when another task changes the managed host.
Control what happens when a task fails, and what conditions cause a task to fail.

Writing Loops and Conditional Tasks

Task Iteration with Loops

Running Tasks Conditionally

Combining Loops and Conditional Tasks

Guided Exercise: Writing Loops and Conditional Tasks

Implementing Handlers

Ansible Handlers

Describing the Benefits of Using Handlers

Guided Exercise: Implementing Handlers

Handling Task Failure

Managing Task Errors in Plays

Guided Exercise: Handling Task Failure

Lab: Implementing Task Control

Summary

Loops are used to iterate over a set of values, such as a simple list of strings, or a list of dictionaries.
Conditionals are used to execute tasks or plays only when certain conditions have been met.
Handlers are special tasks that execute at the end of the play if notified by other tasks.
Handlers are only notified when a task reports that it changed something on a managed host.

Summary (continued)

Tasks can be configured to handle error conditions by ignoring task failure, forcing handlers to be called even if the task failed, marking a task as failed when it succeeded, or overriding the behavior that causes a task to be marked as changed.
Blocks are used to group tasks as a unit and to execute other tasks depending upon whether all the tasks in the block succeed.

Chapter 5: Deploying Files to Managed Hosts

Goal: Deploy, manage, and adjust files on hosts managed by Ansible.

Objectives:

Create, install, edit, and remove files on managed hosts, and manage the permissions, ownership, SELinux context, and other characteristics of those files.
Deploy files to managed hosts that are customized by using Jinja2 templates.

Modifying and Copying Files to Hosts

Describing File Modules

Automation Examples with Files Modules

Guided Exercise: Modifying and Copying Files to Hosts

Deploying Custom Files with Jinja2 Templates

Templating Files

Introduction to Jinja2

Building a Jinja2 Template

Deploying Jinja2 Templates

Managing Templated Files

Control Structures

Variable Filters

Guided Exercise: Deploying Custom Files with Jinja2 Templates

Lab: Deploying Files to Managed Hosts

Summary

The file management modules in the ansible.builtin and ansible.posix Ansible Content Collections enable you to accomplish most tasks related to file management, such as creating, copying, editing, and modifying permissions and other attributes of files.
Several file management modules can set the permissions mode and SELinux context for files.
You can use Jinja2 templates to dynamically construct files for deployment.

Summary (continued)

A Jinja2 template is usually composed of two elements: variables and expressions. Those variables and expressions are replaced with values when the Jinja2 template is rendered.
You use the ansible.builtin.template module to deploy Jinja2 templates to managed hosts.
Jinja2 filters transform template expressions from one kind or format of data into another.

Chapter 6: Managing Complex Plays and Playbooks

Goal: Write playbooks for larger, more complex plays and playbooks.

Objectives:

Write sophisticated host patterns to efficiently select hosts for a play.
Manage large playbooks by importing or including other playbooks or tasks from external files, either unconditionally or based on a conditional test.

Selecting Hosts with Host Patterns

Referencing Inventory Hosts

Guided Exercise: Selecting Hosts with Host Patterns

Including and Importing Files

Managing Large Playbooks

Including or Importing Files

Importing Playbooks

Importing and Including Tasks

Defining Variables for External Plays and Tasks

Guided Exercise: Including and Importing Files

Lab: Managing Complex Plays and Playbooks

Summary

Host patterns are used to specify the managed hosts to be targeted by plays.
You can specify a list of multiple host patterns in the hosts directive of a play.
You can use the import_playbook feature to incorporate external play files into playbooks.
You can use the include_tasks or import_tasks features to incorporate external task files into playbooks.
When you include content, Ansible processes it dynamically as content is reached. When you import content, Ansible preprocesses it before the run starts.

Chapter 7: Simplifying Playbooks with Roles and Ansible Content Collections

Goal: Use Ansible Roles and Ansible Content Collections to develop playbooks more quickly and to reuse Ansible code.

Objectives:

Describe the purpose of an Ansible Role, its structure, and how roles are used in playbooks.
Create a role in a playbook's project directory and run it as part of one of the plays in the playbook.
Select and retrieve roles from external sources such as Git repositories or Ansible Galaxy, and use them in your playbooks.
Obtain a set of related roles, supplementary modules, and other content from an Ansible Content Collection and use them in a playbook.
Write playbooks that take advantage of system roles for Red Hat Enterprise Linux to perform standard operations.

Describing Role Structure

Structuring Ansible Playbooks with Roles

Examining the Ansible Role Structure

Defining Variables and Defaults

Using Ansible Roles in a Play

Quiz: Describing Role Structure

Creating Roles

The Role Creation Process

Creating the Role Directory Structure

Defining the Role Content

Changing a Role's Behavior with Variables

Defining Role Dependencies

Guided Exercise: Creating Roles

Deploying Roles from External Content Sources

External Content Sources

Introducing Ansible Galaxy

The Ansible Galaxy Command Line Tool

Finding Community-managed Roles in Ansible Galaxy

Ansible Galaxy search screen

Ansible Galaxy search results example

Managing Downloaded Roles

Guided Exercise: Deploying Roles from External Content Sources

Getting Roles and Modules from Content Collections

Ansible Content Collections

Installing Ansible Content Collections

Using Resources from Ansible Content Collections

Guided Exercise: Getting Roles and Modules from Content Collections

Reusing Content with System Roles

System Roles

Installing the System Roles Ansible Content Collection

Example: Time Synchronization Role

Example: SELinux Role

Using System Roles with Ansible Core Only

Guided Exercise: Reusing Content with System Roles

Lab: Simplifying Playbooks with Roles and Ansible Content Collections

Summary

Ansible roles help you to reuse and share Ansible code.
Ansible Content Collections_ distribute related roles, modules, and other Ansible plug-ins that you can use in Ansible projects and automation execution environments.
You use the ansible-galaxy command to manage Ansible roles and Ansible Content Collections.
Red Hat provides Red Hat Certified Ansible Content Collections through a cloud-based service, automation hub. Red Hat and its partners support these Ansible Content Collections.
You can distribute Red Hat Certified Ansible Content Collections or your own Ansible Content Collections from an on-premise private automation hub.
Ansible Galaxy provides a library of third-party Ansible roles and Ansible Content Collections that are managed by the community and unsupported by Red Hat.

Summary (continued)

System roles (redhat.rhel_system_roles) are provided as an RPM package or as an Ansible Content Collection that consists of several roles intended to help you configure managed host subsystems on multiple versions of Red Hat Enterprise Linux.
Roles and Ansible Content Collections that a project needs can be specified by requirements.yml files, and can be installed in your Ansible project manually by using ansible-galaxy.

Chapter 8: Troubleshooting Ansible

Goal: Troubleshoot playbooks and managed hosts.

Objectives:

Troubleshoot generic issues with a new playbook and repair them.
Troubleshoot failures on managed hosts when running a playbook.

Troubleshooting Playbooks

Debugging Playbooks

Examining Values of Variables with the Debug Module

Reviewing Playbooks for Errors

Reviewing Playbook Artifacts and Log Files

Initial replay screen

Play results by machine and task

Task results for a specific machine

Task results for successful fact gathering

Guided Exercise: Troubleshooting Playbooks

Troubleshooting Ansible Managed Hosts

Troubleshooting Connections

Using Check Mode as a Testing Tool

Testing with Modules

Running Ad Hoc Commands with Ansible

Guided Exercise: Troubleshooting Ansible Managed Hosts

Lab: Troubleshooting Ansible

Summary

The ansible-navigator command can produce playbook artifact files that store information about runs in JSON format.
Use the ansible-navigator replay command to review play execution.
The ansible.builtin.debug module can provide additional debugging information when you run a playbook (for example, the current value for a variable).

Summary (continued)

You can specify the -v option of the ansible-navigator run command one or more times to provide several levels of additional output verbosity. This is useful for debugging Ansible tasks when running a playbook.
The --check option enables Ansible modules that support check mode to display the changes to be performed, instead of applying those changes to the managed hosts.

Chapter 9: Automating Linux Administration Tasks

Goal: Automate common Linux system administration tasks with Ansible.

Objectives:

Subscribe systems, configure software channels and repositories, enable module streams, and manage RPM packages on managed hosts.
Manage Linux users and groups, configure SSH, and modify Sudo configuration on managed hosts.
Manage service startup, schedule processes with at, cron, and systemd, reboot managed hosts with reboot, and control the default boot target on managed hosts.
Partition storage devices, configure LVM, format partitions or logical volumes, mount file systems, and add swap spaces.
Configure network settings and name resolution on managed hosts, and collect network-related Ansible facts.

Managing Software and Subscriptions

Managing Packages with Ansible

Registering and Managing Systems with Red Hat Subscription Management

Configuring an RPM Package Repository

Guided Exercise: Managing Software and Subscriptions

Managing Users and Authentication

The User Module

The Group Module

The Known Hosts Module

The Authorized Key Module

Configuring Sudo Access for Users and Groups

Guided Exercise: Managing Users and Authentication

Managing the Boot Process and Scheduled Processes

Scheduling Jobs for Future Execution

Managing Services

Setting the Default Boot Target

Rebooting Managed Hosts

Guided Exercise: Managing the Boot Process and Scheduled Processes

Managing Storage

Mounting Existing File Systems

Configuring Storage with the Storage System Role

Managing Partitions and File Systems with Tasks

Ansible Facts for Storage Configuration

Guided Exercise: Managing Storage

Managing Network Configuration

Configuring Networking with the Network System Role

Configuring Networking with Modules

Ansible Facts for Network Configuration

Guided Exercise: Managing Network Configuration

Lab: Automating Linux Administration Tasks

Summary

The ansible.builtin.yum_repository module configures a Yum repository on a managed host. For repositories that use public keys, you can verify that the key is available with the ansible.builtin.rpm_key module.
The ansible.builtin.user and ansible.builtin.group modules create users and groups respectively on a managed host.
The ansible.builtin.known_hosts module configures SSH known hosts for a server and the ansible.posix.authorized_key modules configures authorized keys for user authentication.
The ansible.builtin.cron module configures system or user Cron jobs on managed hosts.

Summary (continued)

The ansible.posix.at module configures One-off at jobs on managed hosts.
The redhat.rhel_system_roles Red Hat Certified Ansible Content Collection includes two particularly useful system roles: storage, which supports the configuration of LVM logical volumes, and network, which enables the configuration of network interfaces and connections.