User:Tom/RHCS EX407: Difference between revisions

Red Hat Certified Specialist in Ansible Automation exam

https://www.redhat.com/en/services/training/ex407-red-hat-certified-specialist-in-ansible-automation-exam

Exam based on RedHat 7.3. and Ansible 2.3.

Objectives

• Using Ansible inventories to define groups of hosts
• Creating Ansible playbooks
• Using Ansible playbooks to configure systems to a specified state
• Creating and using Ansible templates to create customized configuration files for hosts
• Creating Ansible roles
• Using Ansible Vault in playbooks to protect sensitive data
• Installing Ansible Tower and using it to manage systems

Study points for the exam

To help you prepare, the exam objectives highlight the task areas you can expect to see covered in the exam. Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.

Candidates should have the following skills and abilities: Understand core components of Ansible Inventories Modules Variables Facts Plays Playbooks Configuration files

Run ad-hoc Ansible commands Use both static and dynamic inventories to define groups of hosts Utilize an existing dynamic inventory script Create Ansible plays and playbooks Know how to work with commonly used Ansible modules Use variables to retrieve the results of running a commands Use conditionals to control play execution Configure error handling Create playbooks to configure systems to a specified state Selectively run specific tasks in playbooks using tags

Create and use templates to create customized configuration files Work with Ansible variables and facts Create and work with roles Download roles from an Ansible Galaxy and use them Manage parallelism Use Ansible Vault in playbooks to protect sensitive data Install Ansible Tower and use it to manage systems Use provided documentation to look up specific information about Ansible modules and commands

• rhel system roles.
• create repo with rum and gpg key.
• use variables in inventory or playbook.
• copy: content
• --- name hosts tasks.
• inventory children.

• Dynamic inventory. Add to /etc/ansible/ansible.cfg. repair dynamic inventory script.
• vault crypt variable. check command unzip
• block logic. conditional
• run task and do something else on returncode
• check for file and do something else.
• ansible command mode. alles fout.

• hwreport. get file and change variables.
• generate passwd sha512.
• yum update all
• wat als een variable niet bestaat. vervang die door none.

Training

• Course introduction - Introduce and review the course.

• Introduce Ansible - Describe the terminology and architecture of Ansible.

• Deploy Ansible - Install Ansible and run ad hoc commands.

• Implement playbooks - Write Ansible plays and execute a playbook.

• Manage variables and inclusions - Describe variable scope and precedence, manage variables and facts in a play, and manage inclusions.

• Implement task control - Manage task control, handlers, and tags in Ansible playbooks.

• Implement Jinja2 templates - Implement a Jinja2 template.

• Implement roles - Create and manage roles.

• Configure complex playbooks - Configure connection types, delegations, and parallelism.

• Implement Ansible Vault - Manage encryption with Ansible Vault.

• Troubleshoot Ansible - Troubleshoot the Ansible control machine and managed nodes.

• Implement Ansible Tower - Implement Ansible Tower.

• Implement Ansible in a DevOps environment - Implement Ansible in a DevOps environment using Vagrant.

• Comprehensive review - Review tasks from the Automation with Ansible course

Zoekuit

This study guide attempts to cover topics for study in the Red Hat EX407 Red Hat Certificate of Expertise in Ansible Automation exam

Understand core components of Ansible

Inventories

[atlanta]
host1
host2

[raleigh]
host2
host3 

[southeast:children]
atlanta
raleigh

[southeast:vars]
some_server=foo.southeast.example.com
halon_system_timeout=30
self_destruct_countdown=60
escape_pods=2

Supply inventory with -i flag with commands

ansible -i inventory -m shell -a “hostname"

Can be set in ansible.cfg

inventory = /etc/ansible/hosts

Static inventory

defined in ini style [router] hostname1 ansibe_host=192.168.1.1 [webserver] hostname2 ansibe_host=192.168.1.2 [database] hostname3 ansibe_host=192.168.1.3 [appserver] hostname4 ansible_host=192.168.1.4

Dynamic inventory

returns json {

 "all": {
   "hosts": [
     "slaves_slave1"
   ]
 },
 "_meta": {
   "hostvars": {
     "slaves_slave1": {
       "ansible_host": "192.168.121.74"
     }
   }
 }

}

Modules

file, stat, lineinfile etc

file module example

Module usage file:

 path: /etc/config.cnf
 state: absent

Short hand file: path=”/etc/config.cnf” state=”absent”

Variables

Variable can be used in inventories, playbooks, roles, defaults

Facts

Hostvars

Setup module to retrieve facts

Debug module to verify facts

Plays

Individual roles

Playbooks

File with a collection of roles/plays

Configuration files

/etc/ansible/ansible.cfg

Run ad-hoc Ansible commands ansible [groupname] [-i inventory-file] [-m module] [-a arguments] ansible all -i inventory -m shell -a “hostname”

Use both static and dynamic inventories to define groups of hosts

Static inventory take single hosts by line or ini format

Dynamic inventories return information from outside sources like AWS to gather facts about the inventory

Example for creating dynamic inventories

https://www.jeffgeerling.com/blog/creating-custom-dynamic-inventories-ansible

Utilize an existing dynamic inventory script

./inventory.py {} ./inventory.py --list {"all": {"hosts": ["slaves_slave2", "slaves_slave3", "slaves_slave4", "slaves_slave1", "slaves_slave5"]}, "_meta": {"hostvars": {"slaves_slave5": {"ansible_host": "192.168.121.32"}, "slaves_slave4": {"ansible_host": "192.168.121.29"}, "slaves_slave1": {"ansible_host": "192.168.121.218"}, "slaves_slave3": {"ansible_host": "192.168.121.34"}, "slaves_slave2": {"ansible_host": "192.168.121.119"}}}} ./inventory.py --host { "all": { "hosts": [ "slaves_slave1" ] }, "_meta": { "hostvars": { "slaves_slave1": { "ansible_host": "192.168.121.218" } } } }

Create Ansible plays and playbooks

Know how to work with commonly used Ansible modules

Use variables to retrieve the results of running a commands

Use conditionals to control play execution

Configure error handling

fail module - fail:

   msg: "The system may not be provisioned according to the CMDB status."
 when: cmdb_status != "to-be-staged"

Create playbooks to configure systems to a specified state

Selectively run specific tasks in playbooks using tags

Create and use templates to create customized configuration files

Work with Ansible variables and facts

Create and work with roles

Download roles from an Ansible Galaxy and use them

Manage parallelism

Use Ansible Vault in playbooks to protect sensitive data

Install Ansible Tower and use it to manage systems

Use provided documentation to look up specific information about Ansible modules and commands

List of modules

Module example

Inventory

The inventory file describe your hosts in Ansible. ansible.cfg points to the inventory file:

[defaults]
inventory = /etc/ansible/hosts

Contents of the inventory file:

[test]
beylo
db[1:9]-node
web[a-t]-node

[prod]
dbp
webp

[both:children]
test
prod

Host and group variables inside the inventory. Host variables:

host1 color=red
host2 color=blue

Group variables:

[all:vars]
ntpserver=ntp1.example.com

[prod:vars]
db_user=db2prod
db_password=secret

Dynamic inventory is an executble which returns inventory information. Argument '--list' (lists all groups) to test the script. To combine an inventory file and a script, put them in a directory and let the inventory point to this directory.

Variables

Ansible looks for host variables in directories host_vars and group_vars. The files are named according to the corresponding host or group of hosts. Ansible expect these directories to be in the directory that contains the playbooks or in the directory adjacent to your inventory file.

File group_vars/prod (Note that there can be al group_vars/all for all groups):

db_user: db2prod
db_password: secret

Refer to the variable with {{ db_user }}

Variables in a playbook

- hosts: webservers
  vars:
    http_port: 80

Or include a file with variable definitions:

- hosts: production
  vars_files:
    - crypt.yml

Variables in a role

roles:
  - role: apache
    vars:
      http_port: 8080

Variables in a loop

- name: "loop through list"
  debug:
    msg: "An item: {{item}}"
   with_items:
    - 1
    - 2
    - 3

 - name: add several users
   user:
     name: "{{ item }}"
     groups: "wheel"
     state: present
   with_items:
      - testuser1
      - testuser2

 - name: "loop through list from a variable"
   debug:
     msg: "An item: {{item}}"
   with_items: "{{ somelist }}"

 - name: more complex items to add several users
   user:
     name: "{{ item.name }}"
     uid: "{{ item.uid }}"
     groups: "{{ item.groups }}"
     state: present
   with_items:
     - { name: testuser1, uid: 1002, groups: "wheel, staff" }
     - { name: testuser2, uid: 1003, groups: staff }

Dynamic inventory

If an inventory file is marked executable, Ansible will assume it is a dynamic inventory script and will execute the file instead of reading it. If you want to have both a regualr inventory and a dynamic inventory script, just put them all in the same direcory and configure Ansible to use that directory as the inventory.

Variables and facts

Define variable in playbook with a vars section.

vars:
  db_name: db2prd1

Or put the variables in one or more files with:

vars_files:
  - myvar.yml

And myvar.yml would like:

db_name: db2prd1

Use the debug module to print out a variable:

- debug: var=db_name

Iets doen met register?

When Ansible gathers facts, it connects to the host and queries the host for all kinds of details about the host. This information is stored in variables that are called facts. A playnook to print out the operation system of each server:

- name: print out operating system
  hosts: all
  gather_facts: true
  tasks:
  - debug: var=ansible_distribution

Run the setup module to show all facts associated with a server:

ansible server1 -m setup

Playbooks

Patterns for specifying hosts:

• hosts: web all hosts in group web
• hosts: dev:staging all hosts in group dev and staging
• hosts: dev:&database all database hosts in group dev

Roles

Create the role directorystructure for role nscd with command "ansible-galaxy init nscd"

[root@atlas roles]# pwd 
/root/ansible/playbooks/roles
[root@atlas roles]# ansible-galaxy init nscd
- nscd was created successfully
[root@atlas roles]# tree
.
└── nscd
    ├── defaults
    │   └── main.yml
    ├── files
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── README.md
    ├── tasks
    │   └── main.yml
    ├── templates
    ├── tests
    │   ├── inventory
    │   └── test.yml
    └── vars
       └── main.yml

9 directories, 8 files
[root@atlas roles]#

Contional code

Block when:

---
- name: Block exercise
  hosts: redhat
  tasks:
  - name: THis is my first block
    block:
      - name: First item in block
        debug: msg="First task in my first block"
      - name: Second item in block
        debug: msg="Second task in my first block"
    when: ansible_hostname == 'rhel1'

Block rescue:

tasks:
 - name: Handle the error
   block:
     - debug:
         msg: 'I execute normally'
     - name: i force a failure
       command: /bin/false
     - debug:
         msg: 'I never execute, due to the above task failing, :-('
   rescue:
     - debug:
         msg: 'I caught an error, can do stuff here to fix it, :-)'

Block always

- name: Attempt and graceful roll back demo
  block:
    - debug:
        msg: 'I execute normally'
    - name: i force a failure
      command: /bin/false
    - debug:
        msg: 'I never execute, due to the above task failing, :-('
  rescue:
    - debug:
        msg: 'I caught an error'
    - name: i force a failure in middle of recovery! >:-)
      command: /bin/false
    - debug:
        msg: 'I also never execute :-('
  always:
    - debug:
        msg: "This always executes"

Tags

Special tags are never and always.

- name: be sure ntp is configured
  template:
    src: ntp.conf.j2
    dest: /etc/ntp.conf
  notify:
    - restart ntpd
  tags: ntp

- block:
    - name: First task to run
    ...
    - name: Second task to run
    ...
  tags:
    - mytag

Commands

ansible-config view                     Displays the current config file.
               dump --only-changed      Only show configurations that have changed from the default.
               list                     List all current settings.

ansible-doc               Displays information on modules installed in Ansible libraries.
            -l            List available plugins / modules

ansible hosts -m module -a argument
        web -m uptime -o                          -o condenses output to a single line per host.
ansible demohost -u devops -b -m yum -a 'name=httpd state=present'

ansible --version
ansible all --list-hosts
ansible server -m setup                                 Show all facts for host server.
                        -a 'filter=ansible_eth*'        View a subset of facts.

ansible-playbook --check                                Ececutes playbook, but does not change managed host configuration.
                 --diff                                 Reports changes made to templated files on managed hosts.
                 --syntax-check
                 --start-at-task="this task" 
                 --step 
                  -v                                    Displays output data
                  -vv                                   Displays input and output data
                  -vvv                                  Includes information about managed host connections
                  -vvvv                                 Adds verbosity to connection plugins.

ansible-vault encrypt
              decrypt
              create 
              edit
              view
                                    

Online documentation http://docs.ansible.com

Ansible Modules

add_host
assert
authorized_key
copy
debug
file
lineinfile
local_action
mysql_user
script
shell
stat
systemd
template
uri
user
yum
yum_repository
wait_for

Ansible Files

/etc/ansible/ansible.cfg        Config file for Ansible. Describes defaults.
/etc/ansible/hosts              Default Ansible hosts file.