User:Tom/RHCS EX407: Difference between revisions
| Line 305: | Line 305: | ||
===== Variables in a role ===== | ===== Variables in a role ===== | ||
roles: | roles: | ||
| Line 313: | Line 311: | ||
http_port: 8080 | http_port: 8080 | ||
===== Variables in a loop ===== | |||
- name: "loop through list" | - name: "loop through list" | ||
debug: | debug: | ||
Revision as of 13:38, 24 April 2019
Red Hat Certified Specialist in Ansible Automation exam
Exam based on RedHat 7.3. and Ansible 2.3.
Objectives
- Using Ansible inventories to define groups of hosts
- Creating Ansible playbooks
- Using Ansible playbooks to configure systems to a specified state
- Creating and using Ansible templates to create customized configuration files for hosts
- Creating Ansible roles
- Using Ansible Vault in playbooks to protect sensitive data
- Installing Ansible Tower and using it to manage systems
Study points for the exam
To help you prepare, the exam objectives highlight the task areas you can expect to see covered in the exam. Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
Candidates should have the following skills and abilities: Understand core components of Ansible Inventories Modules Variables Facts Plays Playbooks Configuration files
Run ad-hoc Ansible commands Use both static and dynamic inventories to define groups of hosts Utilize an existing dynamic inventory script Create Ansible plays and playbooks Know how to work with commonly used Ansible modules Use variables to retrieve the results of running a commands Use conditionals to control play execution Configure error handling Create playbooks to configure systems to a specified state Selectively run specific tasks in playbooks using tags
Create and use templates to create customized configuration files Work with Ansible variables and facts Create and work with roles Download roles from an Ansible Galaxy and use them Manage parallelism Use Ansible Vault in playbooks to protect sensitive data Install Ansible Tower and use it to manage systems Use provided documentation to look up specific information about Ansible modules and commands
- rhel system roles.
- create repo with rum and gpg key.
- use variables in inventory or playbook.
- copy: content
- --- name hosts tasks.
- inventory children.
Training
- Course introduction - Introduce and review the course.
- Introduce Ansible - Describe the terminology and architecture of Ansible.
- Deploy Ansible - Install Ansible and run ad hoc commands.
- Implement playbooks - Write Ansible plays and execute a playbook.
- Manage variables and inclusions - Describe variable scope and precedence, manage variables and facts in a play, and manage inclusions.
- Implement task control - Manage task control, handlers, and tags in Ansible playbooks.
- Implement Jinja2 templates - Implement a Jinja2 template.
- Implement roles - Create and manage roles.
- Configure complex playbooks - Configure connection types, delegations, and parallelism.
- Implement Ansible Vault - Manage encryption with Ansible Vault.
- Troubleshoot Ansible - Troubleshoot the Ansible control machine and managed nodes.
- Implement Ansible Tower - Implement Ansible Tower.
- Implement Ansible in a DevOps environment - Implement Ansible in a DevOps environment using Vagrant.
- Comprehensive review - Review tasks from the Automation with Ansible course
Zoekuit
This study guide attempts to cover topics for study in the Red Hat EX407 Red Hat Certificate of Expertise in Ansible Automation exam
Understand core components of Ansible
Inventories
[atlanta] host1 host2 [raleigh] host2 host3 [southeast:children] atlanta raleigh [southeast:vars] some_server=foo.southeast.example.com halon_system_timeout=30 self_destruct_countdown=60 escape_pods=2
Supply inventory with -i flag with commands
ansible -i inventory -m shell -a “hostname"
Can be set in ansible.cfg
inventory = /etc/ansible/hosts
Static inventory
defined in ini style [router] hostname1 ansibe_host=192.168.1.1 [webserver] hostname2 ansibe_host=192.168.1.2 [database] hostname3 ansibe_host=192.168.1.3 [appserver] hostname4 ansible_host=192.168.1.4
Dynamic inventory
returns json {
"all": {
"hosts": [
"slaves_slave1"
]
},
"_meta": {
"hostvars": {
"slaves_slave1": {
"ansible_host": "192.168.121.74"
}
}
}
}
Modules
file, stat, lineinfile etc
file module example
Module usage file:
path: /etc/config.cnf state: absent
Short hand
file: path=”/etc/config.cnf” state=”absent”
Variables
Variable can be used in inventories, playbooks, roles, defaults
Facts
Hostvars
Setup module to retrieve facts
Debug module to verify facts
Plays
Individual roles
Playbooks
File with a collection of roles/plays
Configuration files
/etc/ansible/ansible.cfg
Run ad-hoc Ansible commands ansible [groupname] [-i inventory-file] [-m module] [-a arguments] ansible all -i inventory -m shell -a “hostname”
Use both static and dynamic inventories to define groups of hosts
Static inventory take single hosts by line or ini format
Dynamic inventories return information from outside sources like AWS to gather facts about the inventory
Example for creating dynamic inventories
https://www.jeffgeerling.com/blog/creating-custom-dynamic-inventories-ansible
Utilize an existing dynamic inventory script
./inventory.py {} ./inventory.py --list {"all": {"hosts": ["slaves_slave2", "slaves_slave3", "slaves_slave4", "slaves_slave1", "slaves_slave5"]}, "_meta": {"hostvars": {"slaves_slave5": {"ansible_host": "192.168.121.32"}, "slaves_slave4": {"ansible_host": "192.168.121.29"}, "slaves_slave1": {"ansible_host": "192.168.121.218"}, "slaves_slave3": {"ansible_host": "192.168.121.34"}, "slaves_slave2": {"ansible_host": "192.168.121.119"}}}} ./inventory.py --host { "all": { "hosts": [ "slaves_slave1" ] }, "_meta": { "hostvars": { "slaves_slave1": { "ansible_host": "192.168.121.218" } } } }
Create Ansible plays and playbooks
Know how to work with commonly used Ansible modules
Use variables to retrieve the results of running a commands
Use conditionals to control play execution
Configure error handling
fail module - fail:
msg: "The system may not be provisioned according to the CMDB status." when: cmdb_status != "to-be-staged"
Create playbooks to configure systems to a specified state
Selectively run specific tasks in playbooks using tags
Create and use templates to create customized configuration files
Work with Ansible variables and facts
Create and work with roles
Download roles from an Ansible Galaxy and use them
Manage parallelism
Use Ansible Vault in playbooks to protect sensitive data
Install Ansible Tower and use it to manage systems
Use provided documentation to look up specific information about Ansible modules and commands
List of modules
Module example
Inventory
The inventory file describe your hosts in Ansible. ansible.cfg points to the inventory file:
[defaults] inventory = /etc/ansible/hosts
Contents of the inventory file:
[test] beylo db[1:9]-node web[a-t]-node
[prod] dbp webp
[both:children] test prod
Host and group variables inside the inventory. Host variables:
host1 color=red host2 color=blue
Group variables:
[all:vars] ntpserver=ntp1.example.com
[prod:vars] db_user=db2prod db_password=secret
Variables
Ansible looks for host variables in directories host_vars and group_vars. The files are named according to the corresponding host or group of hosts. Ansible expect these directories to be in the directory that contains the playbooks or in the directory adjacent to your inventory file.
File group_vars/prod (Note that there can be al group_vars/all for all groups):
db_user: db2prod db_password: secret
Refer to the variable with {{ db_user }}
Variables in a playbook
- hosts: webservers
vars:
http_port: 80
Variables in a role
roles:
- role: apache
vars:
http_port: 8080
Variables in a loop
- name: "loop through list"
debug:
msg: "An item: {{item}}"
with_items:
- 1
- 2
- 3
- name: add several users
user:
name: "{{ item }}"
groups: "wheel"
state: present
with_items:
- testuser1
- testuser2
- name: "loop through list from a variable"
debug:
msg: "An item: {{item}}"
with_items: "{{ somelist }}"
- name: more complex items to add several users
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
groups: "{{ item.groups }}"
state: present
with_items:
- { name: testuser1, uid: 1002, groups: "wheel, staff" }
- { name: testuser2, uid: 1003, groups: staff }
Dynamic inventory
If an inventory file is marked executable, Ansible will assume it is a dynamic inventory script and will execute the file instead of reading it. If you want to have both a regualr inventory and a dynamic inventory script, just put them all in the same direcory and configure Ansible to use that directory as the inventory.
Variables and facts
Define variable in playbook with a vars section.
vars: db_name: db2prd1
Or put the variables in one or more files with:
vars_files: - myvar.yml
And myvar.yml would like:
db_name: db2prd1
Use the debug module to print out a variable:
- debug: var=db_name
Iets doen met register?
When Ansible gathers facts, it connects to the host and queries the host for all kinds of details about the host. This information is stored in variables that are called facts. A playnook to print out the operation system of each server:
- name: print out operating system hosts: all gather_facts: true tasks: - debug: var=ansible_distribution
Run the setup module to show all facts associated with a server:
ansible server1 -m setup
Playbooks
Patterns for specifying hosts:
- hosts: web all hosts in group web
- hosts: dev:staging all hosts in group dev and staging
- hosts: dev:&database all database hosts in group dev
Roles
Create the role directorystructure for role nscd with command "ansible-galaxy init nscd"
[root@atlas roles]# pwd
/root/ansible/playbooks/roles
[root@atlas roles]# ansible-galaxy init nscd
- nscd was created successfully
[root@atlas roles]# tree
.
└── nscd
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
9 directories, 8 files
[root@atlas roles]#
Commands
ansible-config view Displays the current config file.
dump --only-changed Only show configurations that have changed from the default.
list List all current settings.
ansible-doc Displays information on modules installed in Ansible libraries.
-l List available plugins / modules
ansible hosts -m module -a argument
web -m uptime -o -o condenses output to a single line per host.
ansible demohost -u devops -b -m yum -a 'name=httpd state=present'
ansible --version
ansible all --list-hosts
ansible server -m setup Show all facts for host server.
-a 'filter=ansible_eth*' View a subset of facts.
ansible-playbook --check Ececutes playbook, but does not change managed host configuration.
--diff Reports changes made to templated files on managed hosts.
--syntax-check
--start-at-task="this task"
--step
-v Displays output data
-vv Displays input and output data
-vvv Includes information about managed host connections
-vvvv Adds verbosity to connection plugins.
ansible-vault encrypt
decrypt
create
edit
view
Online documentation http://docs.ansible.com
Ansible Modules
add_host assert authorized_key copy debug file lineinfile local_action mysql_user script shell stat systemd template uri user yum yum_repository wait_for
Ansible Files
/etc/ansible/ansible.cfg Config file for Ansible. Describes defaults. /etc/ansible/hosts Default Ansible hosts file.