red hat certified engineer (rhel 8 rhce)... · 2020. 7. 27. · 8 rhce) course. this course is...

Red Hat Certified Engineer (RHEL 8 RHCE)Course Navigation

Int roduct ionSection 1

Basic Red Hat Cer t if ied Adm inist rat or Sk il ls

Section 2

Underst and Core Com ponent s of Ansible

Section 3

Inst all and Conf igure an Ansible Cont rol

NodeSection 4

Exam Preparat ion

Conf igure Ansible Managed Nodes

Section 5

Scr ipt Adm inist rat ion Tasks

Section 6

Creat e Ansible Plays and Playbooks

Section 7

Next Sect ions

Use Ansible Modules for Syst em

Adm inist rat ion Tasks Section 8

Red Hat Certified Engineer (RHEL 8 RHCE)Course Navigation

Creat e and Use Tem plat es t o Creat e

Cust om ized Conf igurat ion Files

Section 9

Creat e and Work w it h RolesSection 10

Managing Parallel ismSection 11

Exam Preparat ion

Prot ect Sensit ive Dat a in Playbooks w it h

Ansible VaultSection 12

Ansible Docum ent at ion

Section 13

Previous Sect ions

ConclusionSection 14


IntroductionCourse Navigation

About the Author

About the Course

About the Exam

Back t o Main


Section 2


Section 3


NodeSection 4


Section 5


Section 6


Section 7

About t he Course

About t he Course

Welcome to the Linux Academy Red Hat Cer t if ied Engineer (RHEL 8 RHCE) course.

This course is designed to prepare you to sit and pass the Red Hat Certified Engineer exam (EX294).

As of the creation of this course, there are two versions of the Red Hat Certified Engineer exam - one for Red Hat Enterprise Linux 7 (EX300) and one for Red Hat Enterprise Linux 8 (EX294). This course was created based on the objectives of the RHEL 8 version of the exam which is EX294.

This diagram will be used as a reference point throughout the course and can be used as a study guide as you prepare for the exam.

This course was split up, Rob creating all of the labs, and me teaching the lessons. We thank you for taking this course and look forward to working through the material with you!

Mat t hew PearsonRob Mar t i

Linux Academy Training Architects Next


IntroductionCourse Navigation

About the Author

About the Course

About the Exam

Back t o Main


Section 2


Section 3


NodeSection 4


Section 5


Section 6


Section 7

About t he Course

About t he Aut hor

About t he Exam

About t he Exam

Exam Object ives

- It is a hands-on exam that requires you to perform real-world tasks.

- You will have four hours to complete the exam. - You will be given multiple systems and must

install and configure Ansible in order to perform system administration tasks.

- Your work will be evaluated by running the playbooks created in the exam against fresh systems.

- Internet access will not be provided and candidates are not allowed to bring physical or electronic documentation or notes.

- Exam results are usually reported within 3 days.

The exam objectives can be viewed here:

Exam Form at

https://www.redhat.com/en/services/training/ex294-red-hat-certified-engineer-rhce-exam-red-hat-enterprise-linux-8

Basic Red Hat Certified Administrator SkillsCourse Navigation

Understand and Use Essential Tools

Operate Running Systems

Configure Local Storage


Section 2

Create and Configure File Systems

Deploy, Configure, and Maintain systems

Manage Users and Groups

Manage Security (Part 1)

Back t o Main



Section 3


NodeSection 4

Underst and and Use Essent ial Tools

Underst and and use Essent ial Tools

Understanding and using the basic tools for an operating system is essential to administering that system. In this section, we will review these tools and show examples of how to use these on a Red Hat Enterprise Linux 8 host.

Log int o a Rem ot e Servervia SSH

Creat e Files and Direct or ies

Input /Out put Redirect ion

View and Analyze Text

Archive Files and Direct or ies

Escalat e Pr ivi leges

Topics in t h is sect ion include:

NextBack

File and Direct ory Perm issions

Syst em Docum ent at ion






Section 2





Back t o Main



Section 3


NodeSection 4



- Log int o rem ot e server : ssh user _name@host- Log out of host : exi t

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- Creat e direct ory: mkdi r - Creat e f i le: t ouch f i l e or v i f i l e- Rem ove direct ory: r m - r di r ect or y or r mdi r

( f or empt y di r ect or y)- Rem ove f i le: r m f i l e

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- St andard out put (STDOUT): >, >>- St andard input (STDIN): >- Pipes : |

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- View w it h t ext edit or : v i f i l e- Pr int f i le cont ent s t o STDOUT: cat- Pr int l ines m at ching a pat t ern: gr ep

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- Com pression opt ions: gzip, bzip, xz, et c.- Creat e archive:

t ar - cvzf ar chi ve_name f i l e1 f i l e2- Ext ract archive:

t ar - xvzf ar chi ve. gz

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- Becom e t he r oot user : sudo - i or sudo su -- Run com m and as root user : sudo command

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- Change ownership: chown user : gr oup f i l e- Change perm issions (num er ic): chmod 764 f i l e- Change perm ission (sym bolic): chmod u+r w f i l e- Special perm issions: set ui d (4 or u+s ), set gi d (2 or

g+s ), st i cky bi t (1 or a+t )

Back






Section 2





Back t o Main



Section 3


NodeSection 4



- m an pages: man command or man sect i on command- info: i nf o command- / usr / shar e/ doc- apropos: apr opos command or man - k command

Back






Section 2





Back t o Main



Section 3


NodeSection 4

Operat e Running Syst em s



1. Edit the kernel boot parameters by pressing e2. Go t o the end of the ?linux? line by pressing Ct r l+e, removing r o cr ash and add r d. br eak enf or ci ng=03. St ar t the system by pressing Ct r l+x4. Rem ount the root of the system: mount - o r emount , r w / sysr oot5. Sw it ch to / sysr oot : chr oot / sysr oot6. Reset the r oot password: passwd7. Enable SELinux relabeling: t ouch / . aut or el abel8. Exit the shell: exi t

Int er rupt Boot Process and Change t he r oot Password

Next Back

- syst emct l power of f- syst emct l r eboot- syst emct l - - hel p | man syst emct l

Shut down and Reboot Syst em s






Section 2





Back t o Main



Section 3


NodeSection 4




- Print a list of active process: ps - ef

- View real-t ime list of processes and resource utilization: t op

- Terminate a running process: k i l l - 15, k i l l - 9, k i l l - l

View Processes and Resource Ut i l izat ion

Next Back

- Check the status of a service: syst emct l st at us ser vi ce_name. ser vi ce

- Start a service: syst emct l st ar t ser vi ce_name. ser vi ce

- Stop a service: syst emct l st at us ser vi ce_name. ser vi ce

- Gain more information: j our nal ct l - xe

St ar t , St op, and Check Net work Service St at us

- Secure Copy: scp f i l e_name user _name@ser ver : / pat h/ t o/ di r

- Secure FTP: sf t p user _name@ser ver

Copy Files Bet ween Rem ot e Syst em s






Section 2





Back t o Main



Section 3


NodeSection 4

Conf igure Local St orage




1. Use f di sk to manipulate partit ion table: f di sk / dev/ devi ce_name

2. Use p to print the partit ion table and o to create a DOS (MBR) partit ion table.

3. Use n to create a new partit ion.4. Set it as a primary partit ion using p and

accept the defaults for partit ion number, first sector, and last sector.

5. List partit ion types using l. Change the partit ion type to Linux LVM (8e) using t .

6. Write the table to disk using w .

Creat e a Par t it ion:

Next Back

- df- l sbl k- bl k i d- f di sk - l

List St orage Devices:






Section 2





Back t o Main



Section 3


NodeSection 4





1. Delete logical volume: l vr emove vol _gr oup/ new_l v

2. Delete volume group: vgr emove vol _gr oup

3. Delete physical volume: pvr emove / dev/ devi ce_name

Delet e a Logical Volum e, Volum e Group, and Physical Volum e:

Next Back

1. Create physical volume: pvcr eat e / dev/ devi ce_name

2. List physical volumes: pvs

3. Create volume group: vgcr eat e vol _gr oup / dev/ devi ce_name

4. List volume groups: vgs

5. Create logical volume: l vcr eat e - L 1G - n new_l v vol _gr oup

6. List logical volumes: l vs

Creat e an LVM Logical Volum e:






Section 2





Back t o Main



Section 3


NodeSection 4

Creat e and Conf igure File Syst em s





1. Increase underlying logical volume: l vext end - L +500M / dev/ vol _gr p/ l og_vol

2. Unmount filesystem: umount / pat h/ t o/ mount3. Run file system check:

e2f sck - f / dev/ vol _gr p/ l og_vol4. Resize file system:

r esi ze2f s / dev/ vol _gr p/ l og_vol5. List mounted file systems: df - h

Ext end Logical Volum es

Next Back

1. Create a file system on a logical volume: mkf s. ext 4 / pat h/ t o/ l v

2. Mount a file system: mount / pat h/ t o/ l v / pat h/ t o/ di r

3. List mounted file systems: df - h4. Add mount information to / et c/ f st ab for

boot persistence:UUI D=UUI D_NUMBER / mount / poi nt f s_t ype def aul t s 0 0

Creat ing and Mount ing File Syst em s






Section 2





Back t o Main



Section 3


NodeSection 4






1. Create directory: mkdi r / new/ di r2. Configure set-GID on directory:

chmod g+s / new/ di r3. Create file in new directory:

t ouch / new/ di r / newFi l e

Creat e Collaborat ive Direct or ies w it h set -GID

Next Back

1. Install required packages: yum i nst al l nf s- ut i l s

2. Start required services: syst emct l st ar t r pcbi nd

3. Show file system exports on the client: showmount - e SERVER_I P

4. Mount a network file system: mount - t nf s SERVER_I P: / ser ver / di r / c l i ent / di r

Mount a Net work File Syst em s

1. Install required packages: yum install vdo 2. Create a vdo volume: vdo cr eat e

- - name=vdo_vol - - devi ce=/ dev/ devName - - vdoLogi cal Si ze=vol _si ze

3. View information on vdo volumes: vdost at s - - hu

Work ing w it h Vir t ual Dat a Opt im izer (VDO)






Section 2





Back t o Main



Section 3


NodeSection 4

Deploy, Conf igure, and Maint ain syst em s






- View the crontab: cat / et c/ cr ont ab- Add a task to a user crontab: cr ont ab - e- List tasks in a user 's crontab: cr ont ab - l- Schedule a task using the at command: at t i me- List the scheduled jobs: at q- Delete a job: at r m j ob_num

Schedule Tasks Using at and cr on

Next Back

- View yum repositories: l s - a / et c/ yum. r epos. d

- Install packages: yum i nst al l packageName- Start a service:

syst emct l st ar t name. ser vi ce- Enable a service:

syst emct l enabl e name. ser vi ce- Stop a service: syst emct l st op name. ser vi ce

St ar t , St op, and Enable Services






Section 2





Back t o Main



Section 3


NodeSection 4







1. Install required packages: yum i nst al l chr ony2. Start and enable the chronyd service:

syst emct l st ar t chr onyd && syst emct l enabl e chr onyd

3. Add the NTP server (server SERVER_IP) address to /etc/chrony: v i / et c/ chr ony

4. Restart the chronyd service: syst emct l r est ar t chr onyd

Conf igure Tim e Service Client

Next Back

- Check the current configuration: syst emct l get - def aul t

- Change the current target: syst emct l i sol at e name. t ar get

- Set the default configuration: syst emct l set - def aul t name. t ar get

- Change target to rescue mode: syst emct l r escue

Conf igure Syst em s t o Boot int o Specif ic Target Aut om at ically






Section 2





Back t o Main



Section 3


NodeSection 4








- Change a password: passwd user name- View password expiry information:

chage - l user name- Set password expiration by max days:

chage - M days user name- Set password expiration by date:

chage - E YYYY- MM- DD user name

Change Passwords

Next Back

- View user information: i d user name gr oups user name / et c/ passwd / et c/ shadow / et c/ gr oup

- Create a user: user add user name- Modify a user: user mod - d - aG - L - U- Delete a user: user del user name

Creat e, Delet e, and Modify Local Users






Section 2





Back t o Main



Section 3


NodeSection 4








- View the sudoer s file: v i / et c/ sudoer s- Edit the sudoer s file: v i sudo- Grant a user sudo access by adding the following

line to / et c/ sudoer s: user name ALL=( ALL) ALL

- Grant members of a group sudo access by adding the following line to / et c/ sudoer s: %gr oupname ALL=( ALL) ALL

Conf igure Superuser Access

Next Back

- View group information:i d user name gr oups user name / et c/ passwd/ et c/ shadow/ et c/ gr oup

- Create a group: gr oupadd gr oupname- Add user to a group: user mod - g - aG- Modify a group: gr oupmod - n - g- Delete a group: gr oupdel gr oupname

Creat e, Delet e, and Modify Groups






Section 2





Back t o Main



Section 3


NodeSection 4

Manage Secur it y

Manage Secur it y







- Generate public and private key pair: ssh- keygen- Copy a public key to a remote server:

ssh- copy- i d user name@r emot e_host- Default public/private key location:

/ home/ user name/ . ssh/

Conf igure Key Based Aut hent icat ion for SSH

Next Back

- Install firewalld: yum i nst al l f i r ewal l d - Start and enable firewalld:

syst emct l st ar t f i r ewal l d && syst emct l enabl e f i r ewal l d

- View f i r ewal l - cmd options: f i r ewal l - cmd - h | man f i r ewal l - cmd

- List zones: f i r ewal l - cmd - - get - zones ( - - get - def aul t - zone)

- List everything added for or enabled in a zone: f i r ewal l - cmd - - l i s t - al l - - zone=publ i c

- Add a service for a zone: f i r ewal l - cmd - - add- ser vi ce=ser vi ce ( - - per manent )

- Add a port for a zone: f i r ewal l - cmd - - add- por t =por t / pr ot ocol ( - - per manent )

- Reload firewall rules: f i r ewal l - cmd - - r el oad

Conf igure Firewall Set t ings






Section 2





Back t o Main



Section 3


NodeSection 4

Manage Secur it y

Manage Secur it y







Next Back

- View SELinux modes: get enf or ce- Set mode to permissive or enforcing:

set enf or ce 0 | 1- List booleans: get sebool - a- Turn booleans on or off:

set sebool bool ean on | of f ( - P f or per manent )

- List SELinux contexts: semanage f cont ext - l- View context on files and process:

l s - Z | ps - axZ- Change SELinux context:

semanage f cont ext - a - t cont ext _t ype ' / di r ect or y( / . * ) ?'

- Restore default contexts: r est or econ - R / di r ect or y

- View SELinux policy violations: seal er t - a / var / l og/ audi t / audi t . l og

Work ing w it h SELinux

Understand Core Components of AnsibleCourse Navigation

Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Invent or ies

Invent or ies

- Default location of the hosts file: / et c/ ansi bl e/ host s

- The default location of the hosts file can be set in / et c/ ansi bl e/ ansi bl e. cf g.

- It can be specified using the - i option when running ansi bl e.

- The file can contain individual hosts, groups of hosts, groups of groups, and host and group level variables.

- It can also Can contain variables that determine how you connect to a host.

Invent or ies are what Ansible uses t o locat e and run against m ult iple host s.

Next Back

INI-based inventory file:

mai l . exampl e. com

[ webser ver s]web01. exampl e. comweb02. exampl e. com

[ dbser ver s]db[ 01: 04] . exampl e. com


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Invent or ies

Invent or ies

Next Back

YAML-based inventory file:

al l : host s: mai l . exampl e. com chi l dr en: webser ver s: host s: web01. exampl e. com web02. exampl e. com dbser ver s: host s: db[ 01: 04] . exampl e. com


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Modules

Invent or ies

Modules

- Modules are essentially tools for particular tasks. - Modules can take, and usually do take,

parameters.- Modules return JSON.- Run modules from the command line or within a

playbook.- Ansible ships with a significant amount of

modules by default. - Custom modules can be written.

Underst anding Modules

Next Back


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Var iables

Var iables

Invent or ies

Modules

- Variables names should only contain letters, numbers, and underscores.

- Variables should always start with a letter.- There are three main scopes for variables:

- Global- Host- Play

- They are typically used for configuration values and various parameters.

- Variables can store the return value of executed commands.

- Variables may also be dictionaries.- Ansible provides a number of predefined variables.

Underst anding Var iables in Ansible

Next Back


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Var iables

Var iables

Invent or ies

Modules

Next Back

Example of Host Level Variables:

I NI f or mat :

[ webser ver s]host 1 ht t p_por t =80 maxRequest sPer Chi l d=500host 2 ht t p_por t =305 maxRequest sPer Chi l d=600

YAML f or mat :

webser ver s: host 1: ht t p_por t : 80 maxRequest sPer Chi l d: 500 host 2: ht t p_por t : 305 maxRequest sPer Chi l d: 600


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

[ c l oud_user @mspear son4c ansi bl e] $ ansi bl e - i i nv. i ni mspear son2c - m set up

mspear son2c | SUCCESS => { " ansi bl e_f act s" : { " ansi bl e_al l _i pv4_addr esses" : [ " 172. 31. 101. 166" , " 192. 168. 122. 1" ] , " ansi bl e_al l _i pv6_addr esses" : [ " 2600: 1f 18: 502: 2f 01: a37b: b7b5: 61a6: 3659" , " f e80: : 835: c7f f : f e1d: f 35e" ] , " ansi bl e_appar mor " : { " st at us" : " di sabl ed" } , " ansi bl e_ar chi t ect ur e" : " x86_64" , " ansi bl e_bi os_dat e" : " 10/ 16/ 2017" , " ansi bl e_bi os_ver si on" : " 1. 0" , " ansi bl e_cmdl i ne" : { " BOOT_I MAGE" : " ( hd0, msdos2) / boot / vml i nuz- 4. 18. 0- 80. 7. 2. el 8_0. x86_64" , " consol e" : " t t y0" ,

- Facts provide certain information about a given target host.

- Facts are automatically discovered by Ansible when it reaches out to a host.

- Facts can be disabled. - Facts can be cached for use in playbook

executions.

Underst anding Ansible Fact s

Next Back

Fact s

Fact s

Var iables

Invent or ies

Modules


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

- The goal of a play is to map a group of hosts to some well-defined roles.

- A play can consist of one or more tasks which make calls to Ansible modules.

- A playbook is a series of plays.

Underst anding Plays and Playbooks

Example of an Ansible Playbook:

- - -- host s: webser ver s become: yes t asks: - name: ensur e apache i s at t he l at est ver si on yum: name: ht t pd st at e: l at est - name: wr i t e our cust om apache conf i g f i l e t empl at e: sr c: / sr v/ ht t pd. j 2 dest : / et c/ ht t pd/ conf / ht t pd. conf - name: ensur e t hat apache i s st ar t ed ser vi ce: name: ht t pd st at e: st ar t ed- host s: dbser ver s become: yes t asks: - name: ensur e post gr esql i s at t he l at est ver si on yum: name: post gr esql st at e: l at est - name: ensur e t hat post gr esql i s st ar t ed ser vi ce: name: post gr esql st at e: st ar t ed

Next Back

Plays and Playbooks

Plays and Playbooks

Fact s

Var iables

Invent or ies

Modules


Modules

Inventories

Variables

Facts


Section 3

Plays and Playbooks

Configuration Files

Back t o Main


NodeSection 4


Section 5



Section 2

Conf igurat ion Files

- Possible locations of Ansible configuration files (in order processed):

- ANSI BLE_CONFI G (environment variable)- ansi bl e. cf g (in the current directory)- ~/ . ansi bl e. cf g (in the home directory)- / et c/ ansi bl e/ ansi bl e. cf g

- A configuration file will not automatically load if it is in a world-writable directory.

- Configuration can be set in environment variables.

The Ansible Conf igurat ion File

Next Back

- The ansi bl e- conf i g command can be used to view configurations:

- l i s t - Prints all configuration options- dump - Dumps configuration- vi ew - View the configuration file

- Commonly used settings:- i nvent or y - Specifies the default inventory file - r ol es_pat h - Sets paths to search in for roles- f or ks - Specifies the amount of hosts configured by

Ansible at the same time (Parallelism):- ansi bl e_managed - Text inserted into templates

which indicate that file is managed by Ansible and changes will be overwritten.

Com m on Ansible Conf igurat ions

Plays and Playbooks

Fact s

Var iables

Invent or ies

Modules

Conf igurat ion Files

Install and Configure an Ansible Control NodeCourse Navigation

Create a Static Host Inventory File

Install Required Packages

Create a Configuration File


NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6

Inst all Required Packages

- sudo subscr i pt i on- manager r epos - - enabl e ansi bl e- 2. 8- f or - r hel - 8- x86_64- r pms(if needed)

- sudo yum i nst al l ansi bl e

Inst all Ansible Using YUM

Next Back

1. sudo yum i nst al l gi t2. gi t c l one - - s i ngl e- br anch

- - br anch st abl e- 2. 8 ht t ps: / / gi t hub. com/ ansi bl e/ ansi bl e. gi t

3. cd ansi bl e/4. sour ce . / hacki ng/ env- set up5. pi p2. 7 i nst al l - - user - r

. / r equi r ement s. t xt

Test the installation: ansi bl e 127. 0. 0. 1 - m pi ng

Inst all Ansible f rom Source







NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6

Creat e a St at ic Host Invent ory File



NextBack

Invent ory FilesA

Ansible Invent ory

- Inventory files may contain hosts, patterns, groups and variables.

- Multiple inventory files may be specified using a directory.

- Inventory files may be specified in INI or YAML format.

An inventory is a list of hosts that Ansible manages.

Default: / et c/ ansi bl e/ host s

Speci?ed by CLI: ansi bl e - i

Can be set in: ansi bl e. cf g

Inventory Locations:






NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6




NextBack

Exam ple Invent ory Files

B


mai l . exampl e. com ansi bl e_por t =5556 ansi bl e_host =192. 168. 0. 20

[ webser ver s]web01. exampl e. comweb02. exampl e. com

[ webser ver s: var s]ht t p_por t =8080

[ dbser ver s]db[ 01: 99] . exampl e. com

1. Variables should be stored in YAML files located relative to the inventory file.

2. Host and group variables should be stored in the host _var s and gr oup_var s directories respectively (directories must be created).

3. Variable files should be named after the host or group for which they contain variables (files may end in . yml or . yaml ).

Invent ory Var iables Best Pract ices






NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6




NextBack

Exam ple Invent ory Files

C


- - -al l : host s: mai l . exampl e. com ansi bl e_por t : 5556 ansi bl e_por t : 192. 168. 0. 20 chi l dr en: webser ver s: host s: web01. exampl e. com web02. exampl e. com var s: ht t p_por t : 8080 dbser ver s: host s: db[ 01: 99] . exampl e. com






NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6




NextBack

Groups of Groups

D


[ east ]host 1host 2

[ west ]host 3host 4

[ usa: chi l dr en]eastwest


al l : chi l dr en: usa: chi l dr en: east : host s: host 1: host 2: west : host s: host 3: host 4:






NodeSection 4

Back t o Main


Section 3



Section 2


Section 5


Section 6

Creat e a Conf igurat ion File

Default ansi bl e. cf g

Order of preference for ansi bl e. cf g:- ANSI BLE_CONFI G (environment variable)- ansi bl e. cf g (in the current directory)- ~/ . ansi bl e. cf g (in the home directory)- / et c/ ansi bl e/ ansi bl e. cf g

NextBack

# conf i g f i l e f or ansi bl e - - ht t ps: / / ansi bl e. com/# ===============================================# near l y al l par amet er s can be over r i dden i n ansi bl e- pl aybook# or wi t h command l i ne f l ags. ansi bl e wi l l r ead ANSI BLE_CONFI G,# ansi bl e. cf g i n t he cur r ent wor ki ng di r ect or y, . ansi bl e. cf g i n# t he home di r ect or y or / et c/ ansi bl e/ ansi bl e. cf g, whi chever i t# f i nds f i r st[ def aul t s]# some basi c def aul t val ues. . .#i nvent or y = / et c/ ansi bl e/ host s#l i br ar y = / usr / shar e/ my_modul es/#modul e_ut i l s = / usr / shar e/ my_modul e_ut i l s /#r emot e_t mp = ~/ . ansi bl e/ t mp#l ocal _t mp = ~/ . ansi bl e/ t mp#pl ugi n_f i l t er s_cf g = / et c/ ansi bl e/ pl ugi n_f i l t er s. yml#f or ks = 5#pol l _i nt er val = 15#sudo_user = r oot#ask_sudo_pass = Tr ue. . . .



Creat e a Conf igurat ion File

Configure Ansible Managed Nodes

Course Navigation

Validate a Working Configuration Using Ad Hoc Ansible Commands

Create and Distribute SSH Keys to Manage Nodes and Configure Privilege Escalation


Section 5

Back t o Main


Section 2


Section 3


NodeSection 4


Section 6


Section 7

Creat e and Dist r ibut e SSH Keys t o Manage Nodes and Conf igure Pr ivi lege Escalat ion

Generat e SSH Keys

NextBack

# ssh- keygen

1

. . . Dist r ibut e SSH Keys

# ssh- copy- i d

2

. . .

Escalat e Pr ivi leges

# vi sudouser _name ALL=( ALL) NOPASSWD: ALL

3

Cont rol Node

4

. . .

Managed Node 2

Managed Node 1



Course Navigation




Section 5

Back t o Main


Section 2


Section 3


NodeSection 4


Section 6


Section 7

Validat e a Work ing Conf igurat ion Using Ad Hoc Ansible Com m ands



Syntax: ansi bl e host - i i nvent or y_f i l e - m modul e - a ?ar gument s?

- They are used to execute quick one liners.- They are useful for non-routine tasks.- Execute them using the ansi bl e command

(ansi bl e- pl aybook is used to execute playbooks).

- Arguments require double quotes and are space delimited.

- Commands are executed as the user running Ansible.

- Use the - b option to execute commands as the r oot user.

- The - a option may be used without the - m option to run shell commands.

Ansible Ad Hoc Com m and

Next Back


Course Navigation




Section 5

Back t o Main


Section 2


Section 3


NodeSection 4


Section 6


Section 7




- File transfer- Package management- User and group management- Managing services- Fact gathering- General system information- Software deployment from Git- Playbook creation testing

Com m on Uses

Next Back

Script Administration TasksCourse Navigation

Create Shell Scripts That Run Ad Hoc Ansible Commands

Create Simple Shell Scripts

Back t o Main


Section 6


Section 2


Section 3


NodeSection 4


Section 5


Section 7



Creat e Sim ple Shell Scr ipt s


- The first line must include #! / bi n/ bash.- Comments can be added by using the # symbol. - Execute permission needs to be added to the script.- Execute the script using the absolute path or

. / scr i pt . sh (if the script is in your current directory).

Shell Scr ipt s

Next Back

Simple echo Script:

#! / bi n/ bash# hel l o wor l d scr i pt

echo ?Hel l o wor l d! ! ?

A f or Loop:

#! / bi n/ bash

f or i i n { 1. . 5}do echo " Hel l o $i t i mes! "done




Back t o Main


Section 6


Section 2


Section 3


NodeSection 4


Section 5


Section 7





Next Back

A case Statement

#! / bi n/ bash

echo - n " Ent er t he name of a st at e: "

r ead STATE

echo - n " The capi t al c i t y of $STATE i s "

case $STATE i n Geor gi a) echo " At l ant a" ; ; Vi r gi ni a) echo " Ri chmond" ; ; Texas) echo " Aust i n" ; ; Mai ne) echo " August a" ; ; * ) echo " not i n t he dat abase" ; ;esac




Back t o Main


Section 6


Section 2


Section 3


NodeSection 4


Section 5


Section 7



Creat e Shell Scr ipt s That Run Ad Hoc Ansible Com m ands

Creat e Shell Scr ipt s That Run Ad Hoc Ansible Com m ands

Next Back

Shell Script with Ad Hoc Ansible Commands

#! / bi n/ bash

# Cr eat e t he user mat t

ansi bl e mspear son3c. myl abser ver . com - i i nv - b - m user - a " name=mat t "

# Cr eat e t he demo di r ect or y i n mat t ?s home di r ect or y

ansi bl e mspear son3c. myl abser ver . com - i i nv - b - m f i l e - a " pat h=/ home/ mat t / demo st at e=di r ect or y owner =mat t gr oup=mat t mode=0755"

# Copy t est Fi l e t o mat t ?s home di r ect or y

ansi bl e mspear son3c. myl abser ver . com - i i nv - b - m copy - a " sr c=/ home/ cl oud_user / ansi bl e/ t est Fi l e dest =/ home/ mat t / t est Fi l e mode=0644 owner =mat t gr oup=mat t "

# I nst al l ht t pd t o t he webser ver s gr oup, t hen st ar t and enabl e t he ht t pd ser vi ce

ansi bl e webser ver s - i i nv - b - m yum - a " name=ht t pd st at e=l at est "

ansi bl e webser ver s - i i nv - b - m ser vi ce - a " name=ht t pd st at e=st ar t ed enabl ed=yes"


Create Ansible Plays and PlaybooksCourse Navigation

Use Variables to Retrieve the Results of Running a Command

Know How to Work with Commonly Used Ansible Modules

Back t o Main


Section 7

Use Conditionals to Control Play Execution

Configure Error Handling

Create Playbooks to Configure Systems to a Specified State


NodeSection 4


Section 5


Section 6



Know How t o Work w it h Com m only Used Ansible Modules


- Ping- Validates a server is running and reachable- No required parameters

- Setup- Gather Ansible facts- No required parameters

- Yum- Manage packages with the YUM package

manager- Common parameters (not required):

- name and st at e- Service

- Control services on remote hosts- Common parameters:

- name (required), st at e, and enabl ed- User

- Manage user accounts and attributes- Common parameters:

- name (required), st at e, gr oup, and gr oups

Com m on Modules

Next Back




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6





- Copy - Copy files to a remote host- Common parameters:

src, dest (required), owner, group, and mode- File

- Manage files and directories- Common parameters:

path (required), state, owner, group, and mode- Git

- Interact with git repositories- Common parameters:

r epo (required), dest (required), and cl one

Com m on Modules (cont .)

Next Back




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6


Adm inist rat ion Tasks Section 8 NextBack

Use r egi st er in a playbook

- - -- host s: host name t asks: - name: cr eat e a f i l e f i l e: pat h: / t mp/ t est Fi l e s t at e: t ouch r egi st er : var i abl e - name: di spl ay debug message debug: msg=" Regi st er out put i s { { var i abl e } } "

- Use the r egi st er keyword to store the results of running a command as a variable.

- Variables can be referenced by other tasks in the playbook.

- Registered variables are only valid on the host for the current playbook run.

- Return values differ from module to module.

Regist er t he Result s of Running a Com m and

Use Var iables t o Ret r ieve t he Result s of Running a Com m and






Back t o Main


Section 7





NodeSection 4


Section 5


Section 6



Use Condit ionals t o Cont rol Play Execut ion




- Handlers take action when called.- Handlers are called when a change is made.- Handlers are called using the notify keyword.- More than one handler can be defined for a

playbook or play.- Multiple handlers can be specified in the notify

section.- Handlers can have multiple tasks. - Regardless of how many tasks notify a handler, it

will only run once.

Handlers

Next Back




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6







Next Back

Example of a Handler in a Playbook

- - -- host s: mspear son2c become: yes t asks: - name: updat e ht t pd. conf r epl ace: pat h: / et c/ ht t pd/ conf / ht t pd. conf r egexp: ?^Ser ver Admi n. * $? r epl ace: ?Ser ver Admi n cl oud_user @l ocal host ? backup: yes not i f y: ?r est ar t web ser ver ? handl er s: - name: ?r est ar t apache? ser vi ce: name: ht t pd s t at e: r est ar t ed l i s t en: ?r est ar t web ser ver ?




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6







Next Back

Example of a when statement in a Playbook

- - -- host s: webser ver s become: yes t asks: - name: copy f i l e copy: sr c: / home/ cl oud_user / i ndex. ht ml dest : / var / www/ ht ml / i ndex. ht ml when: ansi bl e_host name == " mspear son3c"

- Allows a task to run or be skipped if certain condit ions are met.

- Parentheses can be used to group condit ions.- Multiple condit ions can be specified as a list. - Mathematical operation comparisons can be used.

The when St at em ent




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6







Next Back

Example of a l oop in a Playbook

- - -- host s: webser ver s become: yes t asks: - name: cr eat e a l i s t of user s user : name: ?{ { i t em } } ? s t at e: pr esent gr oups: wheel l oop: - v i ol et - gr aham - bet hany

- May be performed using the l oop or wi t h_ keywords

- Standard loop usage- Iterate over a simple list- Iterate over a list of hashes- Iterate over a dictionary

- When statements are processed separately for each item in a loop

Loops




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6



Conf igure Er ror Handling





Next Back

- Ignore errors by using the i gnor e_er r or s keyword.

- Force previously notified handler to run using the f or ce_handl er s keyword.

- Define failure condit ions using the f ai l ed_when keyword.

- Override the ?changed? status result using the changed_when keyword.

- Abort an entire play if any task fails using the any_er r or s_f at al keyword.

- Implement a block in order to logically group tasks and provide error handling using the following keywords:- bl ock- r escue- al ways

Error Handling




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6








Next Back

Using ignore_errors keyword:

- - -- host s: l abser ver s t asks: - name: copy r emot e f i l es f et ch: sr c: / t mp/ er r or Fi l e dest : / t mp i gnor e_er r or s: yes

Using a block to handle errors:

- - -- host s: l abser ver s t asks: - name: copy r emot e f i l es bl ock: - f et ch: sr c: / t mp/ bl ockFi l e dest : / t mp r escue: - debug: msg: " The f i l e doesn' t exi st on { { ansi bl e_host name } } . " al ways: - debug: msg: " Pl aybook i s f i ni shed! "




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6



Creat e Playbooks t o Conf igure Syst em s t o a Specif ied St at e






Next Back

Example Playbook

- - -- host s: webser ver s become: yes t asks: - name: i nst al l apache yum: name: ht t pd s t at e: l at est - name: cr eat e user and add t hem t o t he apache gr oup user : name: " { { i t em } } " gr oups: apache l oop: - wi l l - myl es - name: cr eat e i ndex. ht ml t empl at e: sr c: / home/ cl oud_user / ansi bl e/ t empl at es/ i ndex. j 2 dest : / var / www/ ht ml / i ndex. ht ml owner : apache gr oup: apache mode: 0644 - name: st ar t and enabl e ht t pd ser vi ce: name: ht t pd s t at e: st ar t ed enabl ed: yes




Back t o Main


Section 7





NodeSection 4


Section 5


Section 6









Next Back

Example Playbook (cont.):

- host s: dbser ver s become: yes t asks: - name: i nst al l post r esql yum: name: post gr esql - ser ver s t at e: l at est - name: i ni t i al i ze db cl ust er command: / usr / bi n/ post gr esql - set up - - i ni t db - name: cr eat e user s user : name: " { { i t em } } " gr oups: post gr es l oop: - cor ey - aar on - name: st ar t and enabl e post gr es ser vi ce: name: post gr esql s t at e: st ar t ed enabl ed: yes


Services

Software Packages and Repositories

Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

Sof t ware Packages and Reposit or ies


Next Back

Examples of the yum module:

- name: i nst al l a package yum: name: package_name st at e: l at est

- name: I nst al l a l i s t of packages yum: name: - package_name - package_name st at e: l at est

- name: I nst al l r pm f r om a r emot e r epo yum: name: ht t p: / / websi t e. com/ pat h/ t o/ r pm st at e: pr esent

- name: I nst al l r pm f r om a l ocal f i l e yum: name: / pat h/ t o/ f i l e. r pm st at e: pr esent

- name: Remove a package yum: name: package_name st at e: absent

The yum Module - Use the yum package manager to install, upgrade, downgrade, remove, and list packages and groups.


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9



Next Back

Examples of the yum_repository module:

- name: Add a r eposi t or y yum_r eposi t or y: name: r epo_name descr i pt i on: Descr i pt i on of r epo baseur l : ht t ps: / / websi t e. com/ f ul l / pat h/ of / base/ ur l gpgcheck: no

- name: Remove a r eposi t or y f r om a r epo f i l e yum_r eposi t or y: name: r epo_name f i l e: r epo_f i l e_name ( wi t hout t he ?. r epo? ext ensi on) st at e: absent

The yum _reposit ory m odule - Add or remove a yum repository.


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

Services

Next Back

Example of the ser vi ce module:

- name: Show opt i ons f or ser vi ce modul e ser vi ce: name: ser vi ce_name st at e: st ar t ed| st opped| r est ar t ed| r el oaded enabl ed: yes| no ar gs: addi t i onal ar gument s pr ovi ded on t he command l i ne

The service m odule - This controls services on a remote host. The supported init systems are BSD init, OpenRC, SysV, Solaris SMF, systemd, and upstart.

Example of the syst emd module:

- name: Show opt i ons f or syst emd modul e ser vi ce: name: ser vi ce_name st at e: st ar t ed| st opped| r est ar t ed| r el oaded enabl ed: yes| no daemon_r el oad: yes| no f or ce: yes| no

The syst emd m odule - This controls syst emd services on a remote host.

Services



Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

St orage Devices

St orage Devices

Firewall Rules

Services


Next Back

Example of the par t ed module:

- name: Show opt i ons f or par t ed modul e par t ed: devi ce: / dev/ sdc| / dev/ nvme1n1 number : 1 st at e: pr esent | absent | i nf o par t _end: 1Gi B| 100% l abel : msdos| gpt f l ags: [ l vm ]

The par t ed m odule - Uses the parted command line tool in order to configure block device partit ions.

Creat e Par t it ions


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

St orage Devices

St orage Devices

Firewall Rules

Services


Next Back

Example of the lvg module:

- name: show opt i ons f or l vg modul e l vg: f or ce: no| yes pesi ze: 8 pvs: / dev/ nvme1n1p1, / dev/ nvme2n1p1 vg: vg_name st at e: pr esent | absent

The l vg m odule - Create, remove, and resize volume groups

Example of the lvol module:

- name: show opt i ons f or l vol modul e l vol : vg: vg_name l v : l v_name s i ze: 512m| 1g| 100%FREE st at e: pr esent | absent shr i nk: yes| no r esi zef s: no| yes f or ce: no| yes opt s: f r ee f or m opt i ons passed t o t he l vcr eat e command

The l vol m odule - Create, remove, and resize logical volumes

Creat e Logical Volum es


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

File Cont ent

File Cont ent

St orage Devices

Firewall Rules

Services


Next Back

Example of the f i l e module:

- name: cr eat e a f i l e f i l e: pat h: / pat h/ t o/ f i l e st at e: t ouch

The f i l e m odule - Manage files and file properties.

Example of the copy module:

- name: add cont ent t o speci f i c f i l e copy: cont ent : f i l e_cont ent dest : / pat h/ t o/ f i l e

The copy m odule - Copy files to remote locations.

Manage File Cont ent

Example of the l i nei nf i l e module:

- name: r epl ace a l i ne l i nei nf i l e: pat h: / pat h/ t o/ f i l e r egexp: ?r egul ar _expr essi on? l i ne: l i ne t o i nser t / r epl ace i n t he f i l e

The l i nei nf i l e m odule - Manage lines in text files.


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

File Cont ent

File Cont ent

St orage Devices

Firewall Rules

Services


Next Back

Example of the r epl ace module:

- name: r epl ace st r i ngs wi t hi n a f i l e r epl ace: pat h: / pat h/ t o/ f i l e r egexp: r egul ar _expr essi on r epl ace: ?st r i ng t hat r epl aces r egexp mat ches?

The r epl ace m odule - Replace all inst ances of a par t icular st r ing w it h in a f i le.

Example of the t empl at e module:

- name: show t empl at e opt i ons t empl at e: sr c: / pat h/ t o/ t empl at e. j 2 dest : / pat h/ t o/ dest owner : owner _name gr oup: gr oup_name mode: f i l e_per mi ssi ons

The t empl at e m odule - Template a file out to a remote server.

Creat e Files and and Replace St r ings (cont .)


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

File Cont ent

File Cont ent

St orage Devices

Firewall Rules

Services


Next Back

Example of a template file:

Host name = { { ansi bl e_host name } }Oper at i ng Syst em = { { ansi bl e_di st r i but i on } } { { ansi bl e_di st r i but i on_ver si on } }I PV4 Addr ess = { { ansi bl e_def aul t _i pv4. addr ess } }I PV6 Addr ess = { { ansi bl e_def aul t _i pv6. addr ess } }I nt er f aces = { { ansi bl e_i nt er f aces| j oi n( ' , ' ) } }Bl ock Devi ces = { { ansi bl e_devi ces| j oi n( ' , ' ) } }

Creat e Files and and Replace St r ings (cont .)


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

File Syst em s

Example of the f i l esyst em module:

- name: opt i ons f or f i l esyst em modul e f i l esyst em: f st ype: f s_t ype dev: / pat h/ t o/ devi ce f or ce: no| yes r esi zef s: no| yes opt s: opt i ons t o pass t o t he mkf s command

The f i l esyst em m odule - Create a filesystem.

Creat e a Filesyst em

Example of the mount module:

- name: opt i on f or t he mount modul e mount : pat h: / pat h/ t o/ mount / poi nt sr c: / pat h/ t o/ devi ce f st ype: f s_t ype st at e: mount ed| absent | pr esent | unmount ed opt s: mount opt i ons backup: no| yes

The mount m odule - Control and configure mount points.

Mount a Filesyst em

Next Back

File Syst em s

File Cont ent

St orage Devices

Firewall Rules

Services



Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

Archiving

Archiving

File Syst em s

File Cont ent

St orage Devices

Firewall Rules

Services


Example of the ar chi ve module:

- name: show opt i ons f or ar chi ve modul e ar chi ve: pat h: - / pat h/ t o/ f i l e - / pat h/ t o/ f i l e - / pat h/ t o/ di r - / gl obbed/ pat h/ usi ng/ * excl ude_pat h: - / f i l e/ t o/ excl ude - / di r / t o/ excl ude - / gl ob/ t o/ excl ude/ ex* f or mat : gz| bz2| t ar | xz| z i p dest : / name/ of / ar chi ve. t gz

The ar chi ve m odule - Creates a compressed archive on one or more files or directories.

Creat e an Archive

Next Back


Services


Back t o Main

Firewall Rules

Storage Devices

File Content



File Systems

Archiving

Scheduled Tasks

Security

Users and Groups


Section 6


Section 7



Section 9

Archiving

Archiving

File Syst em s

File Cont ent

St orage Devices

Firewall Rules

Services


Next Back

Example of the unar chi ve module:

- name: show opt i ons f or unar chi ve modul e unar chi ve: sr c: / pat h/ t o/ f i l e. z i p| www. websi t e. com/ pat h/ t o/ f i l e. z i p dest : / pat h/ t o/ unpack/ i n r emot e_sr c: no| yes

The unar chi ve m odule - Copy (optional) and unpack an archive.

Un

red hat certified engineer (rhel 8 rhce)... · 2020. 7. 27. · 8 rhce) course. this course is...

Documents