EX294 Red Hat Certified Engineer RHCE – Configuring Ansible Control Node
1. Introduction
Hello, welcome to this section. In last section we already learnt about core components of ansible. We learnt about ansible inventories. We also know what are ensile modules. We also understood what are ansible variables and ansible facts. We also understood what are ansible plays and playbooks. We also know how we can get help in case help is needed using ansible dog. Now we have enough knowledge to start with this section. In this section we’ll do practical tasks related to topic configuring ansible control node.
Here is list of objectives which we are going to cover. In this section we already know how to install ansible using Yum or DNS package manager. Before we start doing practical tasks, we’ll install ansible version two eight which is exam version using Pip which is Python package manager. We’ll also create static host inventory file. We’ll also create ansible configuration file. We’ll also learn how to create groups of nodes in ansible inventory. We already understood how we can use forks directive to tell ansible to start parallel tasks execution. Now let’s move ahead and install ansible version two eight.
2. Installing Ansible Version 2.8 using pip
Hello, welcome to this lecture. In this lecture we will learn how to install ansible version two eight. Before we install ansible version two eight we will uninstall ensible two nine which is already installed on ansible host. But before uninstalling ensible we will copy ansible config file under temp directory for reference. This is because when we install ansible using Pip ansible config file is not available. We know when we install ansible using native package manager DNF or Young ansible config file is present on path forward slash etc ansible. But this is not the case. In case we install ansible using Pip now to uninstall ansible we’ll execute this command DNF remove ansible. We know this command after ansible two nine is uninstalled we’ll install ansible two eight using Pip using command Pip three install ansible. Then here we’ll provide Ansible version we need to install.
So here use double equal to sign to specify ansible version. I’m using pip three because I have Python three installed. You might have Python two installed on your machine. In that case you can use Pip two for the same action. Now let’s move to the system and start installing ensable two dot eight we are on ensyble and I am logged in as root. First of all I will save copy of ensable config file under temp directory. For this we’ll use CP command. This is done. Now next step is we need to uninstall ansible version two nine. For this we’ll execute DNF remove ansible. We’ll press y to proceed further. It will take few seconds. It’s completed.
Now we’ll install ansible version two eight using Pip. I will just verify if internet connection is working fine. Internet connection is okay. Pip three install ancient equal to sign then version we need to install which is to do eight in our case. So here we have warning running Pip install with root permissions is not a good idea. This is because we are running here some Python program from the web or from the internet with root permissions on our machine which is not secure and is not recommended. But for the lab we don’t need to worry about this. So here we see collecting Ansible. It will take some time.
I will post the video until ansible is installed. So finally ansible is installed. Now we’ll execute ansible version command. So we have error no such file or directory. You might see same error but this does not mean Ansible is not installed. I’ll show you something. I will use find to locate where ansible program is present. We know how we can use find command to locate files. It’s taking some time. So here we can see ansible program or ansible executable program is present on this path. But when we executed ansible version so it’s checking on this path.
Note on this path this is kind of bug or error. So I have simple solution for this. For this, we’ll create soft link for this file pointing to this target. So in case we’ll execute this command again, the system will try to find the program on this path which will be pointing to this path. Because we’ll create soft link, then everything will be fine. But for the exam, you don’t need to worry about this stuff. Because this will not happen on the exam. You will be using native package manager DNF or might be Rpm to install an sybil. So here we need to do this workaround due to some bug or error during installation. But this does not happen all the time. But in case it happens, in your case, you can do same workaround. I will use Ln command to create symbolic link.
So your target is forward slash USR local before we create soft link I will execute this command using complete path forward slash USR local forward slash bin forward slash ansible version so here we see ansible version two dot eight dot zero is installed and everything is fine. Only problem is system is no table to locate ansible executable file for this we are going to implement workaround Ln s for symbolic link for the target USR local bin ansible we’ll use source file as forward slash USR bin and sybil we have done.
Now again I will execute same command ansible version now we have no error so this is just workaround. Now here in config file field you see none so it means no config file is available for ansible we’ll create ansible config file in next lecture while doing first task this is all about this lecture we have ANC Sible version two dota eight installed in next lecture we’ll configure ansible configure.
3. Task : Setting Up Ansible configuration file
Hello, welcome to this lecture. In this lecture, we will create ansible configuration file according to task requirements. Here is task description configure ansible configuration file with the following default values ansible config file must be created in subdirectory tasks in ansible user users home directory. So we will be creating ansible config file under tasks directory which we still need to create under ansible users home directory roles directory path should be forward slash home ansible forward slash task roles. In addition, default path should also be considered. We know default path is forward slash etc ensible roles inventory file with name am nodes should exist on path forward slash homeancyble forward slash tasks remote port 22 should be used for SSH connection which is default value. Even if we don’t set this value in ansible config file, this will be still applied.
User ansible should be used to connect to remote nodes. We know by default current user you are logged in is used to establish SSH connection to remote nodes. However we can tell ansible to use a specific user to connect to remote systems by using remote underscore user directive. We’ll set this directive to ansible to tell ansible to use ansible user to establish SSH connection as ansible user to the remote host irrespective of the user you are logged in privileged escalation must be disabled. We’ll disable this by putting become directive to false. Although this is default behavior, I would like to mention this in config file default module must be command module which is again default value. Even if we don’t set this, this will still be applied. Ansible should start five forks which is again default value. But however we can set this using forks directive. In case we need to set this value to some known default value. Here is list of commands we will be using for this task. We’ll execute commands as ansible user. First of all, we’ll create tasks sub directory under ansible users home directory using mkdir.
Then we’ll create ansible dot CFG file under tasks directory and here we’ll define default values. In default section, we’ll set inventory directive to point to the file we want to use as inventory file according to task requirement. We’ll set roles underscore path directive to directory path we need to use as roles directory. So this is path we need to specify according to task requirement. But in addition, we need to specify default path as well which is etc. Ensible roles. We can specify multiple paths using colon remote underscore port need to set to 22 which is again default value. Even we skip this, this will still be applied. However we’ll use this in the config file. This is important. Remote underscore user directive must be set to Ansible.
We must set this directive to tell ansible to use ansible user to connect to remote nodes. If we don’t specify this by default, ansible will use current user you are logged in to connect to remote nodes. Next, default module should be command module. We can start this by using module underscore name. We’ll set this to command again. This is default value. Even we skip this, still this value will be applied. We’ll set four to five. Again, this is default value and we can skip this. However, we’ll specify everything. Then, in per village underscore escalation section, we need to set become is equal to force to disable per village Escalation. We don’t need to bother about other directives under this section. Because if per village Escalation is disabled, they don’t mean at all.
Now, let’s move to the system and create ansible config file. Now we are on ansible control node and I am logged in as root. I will switch user to Ansible. Now, as user ansible will create directory tasks under ansible users home directory. We are already in ansible users home directory. Here I will execute mkdir tasks. So we have created tasks directory under ensible users home directory. I will navigate to this directory. Here, using vim editor will create ansible config file.
We know what we need to define. Here we’ll create defaults section and here first of all, I will specify inventory directive which must be set to forward slashhomensibletasks modes m nodes is the inventory file on this specific path. Next, we need to set roles underscore path directive. We’ll set this directive to forward slash homeancible forward slash tasks roles. In addition, we need to specify default path as well which is forward slash etc mcbell forward slash roles remote underscore port which must be 22, which is default value. Remote underscore user which must be set to Ansible.
To tell ansible to use ansible user to connect to remote nodes, module underscore name will set this directive to command again, this is default value. We can skip this. This will still be applied fourths to five. So, we have defined all the values in the fourth section as per task requirements. Now we’ll create per village underscore escalation section. And here we need to set become directive to false. This is all we need to do. We’ll save and quit now, I will execute an sybil version command. Now, here we can see our config file path. So Ansible is taking this config file into account. This is all about this lecture. In next lecture we’ll configure inventory file. Then we’ll verify these default values.
4. Task : Setting up Inventory file
Hello, welcome to this lecture. In this lecture we’ll learn how to create inventory file according to task requirements. Here is task description create inventory file am nodes on the path defined. Enhance able config file with below requirements. We know which path we defined in ancient config file for inventory file. Here are requirements m host one must be part of hostgroup. Prod one we know how we can define host under group host or multiple hosts. M host two must be part of hostgroup. Prod two m host Three and M host four must be part of web service group. Here this is important. Prod one and pro two, which are groups must be part of prod group. We did not discuss how we can define groups as a part of some other group. We cannot define groups like we define hosts under host group.
For this we need to declare groups as children to the prod group. We will do this using colon children suffix group linux should include all managed hosts. For this will define probe group and web service group as children to Linux group. So effectively group Linux would contain all the hosts we know prod group contains two groups Proud One and Proud Two, which further contains Am host One and M host Two, respectively web servers group contains two hosts m host three and M host four so in this way, effectively Group Linux would contain all the hosts this diagram represents our inventory file rectangles represent host gropes and ellipses represent hosts.
We’ll define m host one under prode one hostgrobe m host two under prode two hostgrobe then we’ll declare prod one and prod two as children to prod group using suffix children. In similar way we’ll define amhost three and m host four under web servers group and finally we’ll declare web servers and pro groups as children to Linux group. So effectively Linux group would contain all the managed nodes. Now let’s move to the system and create inventory file. We are on ansible control node and I am logged in as ansible user I will navigate to tasks directory. We need to create our inventory file with name am nodes under this directory as we defined in ansible config file. So we need to create inventory file with name amp nodes.
On this path we are already inside same directory we’ll create file with name am nodes and here we know we need to define amhost one under prod one group. We know how we define host group name enclosed inside scare brackets prod two m host two as per task requirement web servers here we need to define two nodes m host three and four will use range. Then we need to declare prod one and prod two host groups as children to prod group. For this we’ll use colon children suffix with group name. So here we define groups. So here one thing to be noted don’t use range here and finally we’ll define children for Linux group we’ll define web servers and proud host groups as children to Linux group linux children and here we need to define prode and web service group. This is all we need to do for this task now I will save and quit. First of all, I would execute ansible all list hosts to display all inventory nodes.
So we have four, so this is fine. Now we’ll verify different hosts under different groups. So instead of all, I will specify prod one. So we have M host one under prod one group. This is fine. We have M host two under prod two group. Now I will change this to web servers. We have M host three and four under web servers group. Now I will change this to prod. Prod group has two children’s group Prod One and Prod two which further contains M host one and M host two respectively. So here output would be M host one and M host two. Now finally I will change this to Linux group. So here we have all the hosts. So this was the task requirement. So now we have set up our inventory file.
Now I will clear the screen. I will execute command ansible m ping. So here we have error. Here you can see ansible is trying to connect to remote user using ansible user. But this is normal because we are locked in as ansible user. This will happen even if we don’t define remote underscore user inside ansible config file. So what I will do I will cancel this I will switch user to root and I will execute same command again ansible ole m ping to specify module here we have warning why? Because now we have defined ansible config file under specific directory. So we must execute all the commands on the same path where Ansible file is located. Now I will move to the path where Ancient file is present. We know the path. So this is again something you must keep in mind on the exam. So here is our Ansible config file. Now I will execute same command again. Ansible ole m ping again we have the error failed to connect to host via Ansible at the rate Mhost three. Why? Because even we are executing this command as root user ansible is using ansible user to connect to remote host because we defined remote underscore user as ansible to tell ansible to use this user always.
Now what I will do I will specify user to override default option or default value defined in ansible config file now everything is fine so by using Uoption we can override default value defined in config file or dash user as long option. Now again I will switch to ensure the user I will clear the screen here I will navigate to tasks directory where our config file is present and I will execute ansible all m ping we know if we execute this command this would fail. Why? Because still, we haven’t created ansible user on the remote nodes again, we have some other error. Anyway, we can leave this now. We’ll test this again when we’ll create ansible user on the remote nodes. So we already set up our inventory file and everything is fine. This is all about.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »