EX294 Red Hat Certified Engineer RHCE – Ansible Plays and Playbooks, Conditional Execution Part 3

7. Task: Configuring MOTD on Managed Nodes using Conditional Playbook execution

Hello, welcome to this lecture. In this lecture, we’ll learn how we can use magic variable in conditional playbook execution. Here is task description. Create a playbook with name condition dot YML to execute below tasks. Configure message of the day on web service node nodes as welcome to web server node. Here I’m including and of line corrector so that this message will be displayed in different line than terminal symbol hash. We know. We already configured message of the day on old manage nodes. We’ll overwrite this message.

Configure message of the day on probe one node as welcome to m host one. We know in this group we have only one host m host one. Here are the contents of playbook we will be using for this task. Here targets are web servers and prode one group. Because we need to perform action on these two groups become must be set to true. Because this is system administration task, we need per village escalation gather underscore facts must be set to true. Because here we are using ansible Facts. Then in the tasks we’ll define our task. We know using dash pace name, we can provide or we’ll provide some description.

Configuring message of the day on web server nodes. Then we’ll use copy module using content directive, we’ll specify string. We need to copy to this file MOTD under etc directory. We refer to this path using dest directive. Here this condition is important when colon space inventory underscore hostname. This is magic variable in groups. Then here we have group name web servers enclosed in single quotation mark. We know this expression will display all the nodes contained in this group. So it means we want to execute this task on all the nodes belonging to web servers group.

We can write this condition like this. When inventory underscore hostname in groups. Then here we need to specify group name with this format. Then second task everything is same. We need to change a message of course. Then here we have when condition. Here we are using Ancill Facts. We already used them. Here we’ll provide expression to refer hostname when hostname is equal to m host one. Enclosed in quotation marks. Earlier I told you this must be enclosed in double quotation marks.

I would rather say this must be enclosed in quotation marks. Can be single quotation mark or double quotation marks. It will work perfectly fine. Now, let’s move to the ansible control node and start doing this task. Before moving to ansible control node, I will show you how message of the day is shown on managed nodes which we configured earlier. Here we can see welcome to ensable manage host. So this is in the same line as that of terminal. So now in this task, we are including end of line character. So that this message will be displayed in different line than terminal line. Now I will move to ansible control node. Now we are on Ansible control node and I am logged in as ansible user.

Here on this path, we’ll create our playbook with name condition root YML. So here, targets are web servers and Prode one group. You can list targets as list items. As I’m doing here become must be set to true. We know why we must set gather underscore Facts to true. Although this is default as per config file. We need ansible facts for this task execution which are needed for the condition we’ll use for second task. In display. Here in the Tasks section will define our task. Here I will provide description configuring message of the day on web servers nodes. Here we know we need to use copy module. We’ll use content directive here. Here we’ll specify string. We need to copy to MOTD file. Welcome to web server node.

Here we must include end of line character according to this task requirement. So here, make sure this is backward. Note forward slash test MOTD file which is present under etc directory. Then here we need to specify condition. Because we need to configure message of the day on web servers nodes. We are using magic variable here for the first time. When inventory underscore hostname in groups. Group name is web servers. Now here we’ll define our next task. Again, here I will provide description. Configuring message of the day on amhost one. Again we need to use copy module. Here we’ll specify message to be copied to MOTD file. Welcome to Mhost.

We’ll include end of line character. Here we know death is MOTD file. Here again we’ll specify condition using when. Here we’ll use ansible Facts, ansible underscore Facts hostname. We know this expression will evaluate to hostname of the node. We must set this to Mhost one. Because we need to execute this task on Mhost one. This is all we need to do. Three dots indicating end of YAML document. Now I will save and quit before execution. I will perform syntax check. Everything seems okay. Now I will execute this playbook gathering facts task. Configuring message of the day one web servers nodes. So here we can see prode one node is skipped. So this task is executed only on web servers nodes. We know there are two nodes in web servers group Mhost three and four.

Task two is executed only on m host one. As expected. Now everything is fine. Now I will connect to Mhost One. Here we have our message welcome to m host. Here I made one mistake. It must be welcome to Mhost one. Anyway, this is just to understand logic. Now I will exit. Will connect to Mhost three. We have message welcome to web server node. Now again I will move to m host one. And I will show you how this message is displayed. Now Novia own Mhost one will log in. Here we have message welcome to Mhost. Now this time this message is shown in separate line. That’s why this end of line character is in important here. Now let’s move to the next task where we’ll install packages on different managed nodes based on conditions.

8. Task: Installing Packages on Managed Nodes using Conditional Playbook execution

Hello, welcome to this lecture. In this lecture, we learn how we can use magic variables for conditional playbook execution. This task is different from previous tasks. Here we are not using ansible facts. Here we are using only magic variable and all this information is present local locally on ansible control node. We don’t need to gather facts for this task. Here is task description create a playbook with name packages YML to execute below. Tasks to install software package samba on web servers nodes to install software package NFS utils on prod nodes. Here we’ll set target asol manage nodes. Then we’ll use conditions to execute tasks on specific nodes. As per task requirements become must be set to true. Because we need to install packages.

Here I will set gather underscore facts to false. Because we don’t need facts for this task. However, if gather underscore facts is set to true, this will note harm. But playbook execution will take little longer in gathering facts. Here we have tasks section with two tasks defined. Here we have description for first task installing package samba on web servers nodes we know we need to use Yum module. Using name directive will specify package name state must be present. All this we know already. Then here this is important. Using when keyword will specify when condition inventory underscore hostname in groups web servers. We know this expression. Here we are using bracket notation to refer to all the nodes belonging to this group. Using this magic variable. This is also magic variable. We are using two magic variables in this statement. Then in second task, package name is NFS utils state must be present. And here we have condition when inventory underscore hostname and groups prod. Because we need to execute this task on prod nodes. Now let’s move to the ansible control node and start doing this task. We are on ansible control node and I am logged in as ansible user here on this path, we’ll create our playbook with name packages YML will set all manage nodes as target become must be set to true. We know why. I will set gather underscore facts to folds. Here in the tasks section will define our tasks. Here I will provide description of first task installing package samba on web servers nodes we know we need to use Yam module. Here we need to specify package name using name directive samba state must be set to present here important is this. When condition when inventory underscore hostname in groups don’t forget to mention correct name of this variable.

It’s groups web servers. We know this expression. Here we need to use bracket notation to access contents under this dictionary which are hosts m host three and four. So based on this condition, task will be executed on m host three and four. Now, next task here I will provide description of this task. Installing package NFS utils on prode nodes. Again, we need to use Yamadule packing name is NFS utils state must be set to present. Here again, we need to specify when, condition, when inventory underscore hostname and groups prode. We need to execute this task on Probe nodes. This is all we need to do. This is all about this task. We could do this task by creating two plays in one player book. We already did similar task using two plays.

But here. By using one play and by using conditions, we can do this task in this way as well. I will save and quit before executing this playbook. I will perform syntax check. All seems okay now. I will execute this playbook here you can see it’s moving faster because facts are not gathered. Installing package samba on web servers. Nodes m host one and two are skipped as expected. So package has been installed on web servers. Nodes m host three and four. No second task is in progress. So package has been installed on probe nodes m host one and am host two. In this way, we can use magic variables for conditional playbook execution. This is all about this task.

9. Task: Configuring Firewall using loop and Conditional Playbook execution

Hello, welcome to this lecture. In this lecture, we’ll configure firewall using loops and conditions. Together we’ll use magical variables for the conditions. Here is task description. Create a playbook with name firewall underscore config YML to execute below tasks configure web service nodes to accept inbound traffic for NTP and Https services. We need to add these two services on firewall for web servers nodes configure pro nodes to accept traffic on port range 400 to 404 using TCP protocol. Here we need to configure this port range one port nodes. Firewall config should be persistent reload firewall to make changes effective. For this, we’ll use handlers section. We already discussed about that. Here we have playbook contents. Here, target is set as all managed nodes. We must set become to true. Because we need to configure firewall which is system administration task. And we need per village escalation. I will set gather underscore facts to fold. Because we don’t need to use facts for this task. There in the tasks section will define our tasks.

Here is our first task to add services NTP and Https on web service nodes. For this task, we’ll combine loop and when statements together, we know we need to use firewall d module for this task. Using service directive, I will specify look a variable item. We know how we can use look a variable with loop. Then state must be set to enabled here. Keep in mind, state is not present but enabled in case you need to add or configure services on firewall. Same in case of ports for persistent firewall setting, we must set permanent to yes, which is equal to permanent. We use with firewall CMD command line. Then here we’ll use loop and here we’ll specify services as list items. We know how this works. During first iteration, item will be set to NTP and NTP service will be added. During second iteration, item will be set to Https and this service will be added. But we need to execute this task only on web servers nodes to restrict task execution on web service nodes, we’ll use when condition when inventory underscore hostname and groups web servers. Then here we must use notify keyword to reload firewall to trigger task in the handlers section to reload firewall here this description reload firewall is important. This must match this description.

Otherwise this task will not be triggered. Then we have second task. Again, we need to use firewall d module. In this task, we need to add port range on the port nodes. Using port directive, we can specify range using dash between two values 400, 404, forward slash then protocol which is TCP. Again, state must be enabled for permanent firewall deserting. We’ll set permanent to as now, to restrict this task execution on probe nodes, we need to use when statement when inventory underscore hostname and groups proud again, here we need to use notify keyword to trigger task. In the handlers section, we know we need to reload the firewall when we add or configure firewall permanently. So here we have task in the handlers section. We know here we need to use service module the name of service firewall D. We need to reload firewall D. Service state must be set to reloaded. This is all we need to do in this task. Now let’s move to the ansible control node and start doing this task. Now we are on ansible control node and I’m logged in as ansible user. Here we need to create our playbook with name firewall underscore confi YML. As per task description.

We’ll set target to all hosts to all. Then become must be set to true. We know why gather underscore facts. I will set this to false to save some time, which is used when facts are gathered. Then in the task section we will define our tasks. Here I will provide description of first task. Configuring firewall on web servers nodes. Then here we know we need to use firewall D module. Here we’ll use service directive. Because we need to add two services on the firewall we’ll specify lookup variable here. Then we know state must be enabled permanent must be set to yes. Then here we need to use lou will specify surface to be added as list items NTP, Https.

Now here we need to use well condition to restrict execution only on web servers nodes inventory underscore hostname in groups web servers then important here is notify keyword. Don’t forget this. I will provide description. Reload firewall. Now we start defining our second task. Here I will provide description configuring firewall on prod nodes. Again we need to use firewall D module. This time we’ll use port directive. Because we need to open ports on firewall for port nodes. Port range is 400 to 40. Four. Protocol is TCP. State must be enabled permanent must be set to yes. Then here we need to use when condition to restrict task execution only on probed nodes, inventory underscore hostname and groups proud again notify which is very important. Reload firewall. Then here we’ll define handlers section. We know what we need to do here.

Reload firewall. This must match with the description we specified with notify we’ll use or we need to use service module. Here service name is fireball D. State must be reloaded. This is all we need to do in the end three doors indicating end of YAML document.

Again, keep in mind level of indentation. So this is same same for module. When and loop. Then it must be same for different directives. We set all looks okay. I will save and quit now before execution. Will verify syntax. Everything looks okay. Now we’ll execute this playbook. So her task is in progress on web servers nodes. So here we can see item is set to NTP. Then Http s and these two services have been added on host three and am host four. In second task, these two hosts are skipped as expected and ports are added on these to manage nodes which belong to probe group. Then in last we see running handler to reload Firewall. Firewall have been reloaded for all nodes for which we configured Firewall.

So this is as expected. Now I will clear the screen again. I will execute same playbook this time this is green because changes are already made. So handlers section is skipped as expected. So everything is fine. Now we’ll verify if Fireball has been configured properly on all managed nodes we know. For this we’ll use ansible ad hoc ansible all. Then a I will provide command to be executed. Firewall CMD list all and here we must use dash become here we have output for m host three and four we can see this service and NTP service on the list for both of managed nodes. Now for Mhost one and two we see portray 400 to 404 have been added for both managed nodes. This is how we can combine loop with condition to configure Firewall. This is all about.

• Category: Uncategorized