EX294 Red Hat Certified Engineer RHCE – Using Ansible Modules For System Administration Tasks Part 2

  • By
  • January 20, 2023
0 Comment

4. Task: Creating file, Setting Owner and Configuring permissions using Playbook

Hello welcome to this lecture. In this lecture we’ll learn how we can create file own manage nodes using ansible playbook and how we can set user owner group owner on the file and how we can configure permissions on this file. Here is task description create a playbook named file dot YML to create file mark underscore file under root directory on all managed nodes user and group ownership must be set to mark configure full permissions for user read and write at group level and no permissions for others on this file set group ID bit.

Here are the contents of our playbook which we are going to use for this task so a target is all because we need to execute this playbook on all the managed nodes we must set become directive to true because we are going to create file under root directory for this we need root privileges. I will set gather underscore facts to false because we don’t need facts for this playbook in the tasks section will define our task we will be using or we need to use file module using path will provide path of file to be created here.

Keep in mind this directory must exist. We are using root directory here. We know this is already existing and it exists always. But in case you are using some other directory that should exist by using honor directory we are setting owner on this file by using group, we’ll set group owner then using mode will configure permissions on this file. This two is four to set group ID bit in case you need to set user ID. Bit. You must use four seven to configure permissions for the user.

We need to configure full permissions for user, which is four plus two plus one seven six to configure permissions at group level. We need to configure, read and write permissions at group level which is four plus two. No permissions for others. So here we are. Using zero state, must be touch. This will create empty file and set user and group ownership according to task description.

Also, it will configure permissions according to task description. Now let’s move to the ansible control node and start doing this task. Now we are on ansible control node and I am logged in as ansible user we are already inside tasks directory where we need to create our playbook. Before we create playbook, I will display documentation for file module. I know we’ve already gone through the documentation. We’ll just check this quickly. And here we need to use group name of the group that should own file or directory. In our case, we need to set group ownership to mark on this file. So default is null.

Not used. We will be using mode to configure permissions. We know what to do here then owner to set user. That should own the file. Default is null. Not use path to specify path being managed. In our case, this is forward slash root mark underscore file. Then important is state to create zero length file, we need to use touch. So here we are creating empty file. We’ll use touch. This is all we need to do. Again, we have some examples here. Now I will create playbook with name file dot YML. I will change to insert mode. Three dashes on the top space hosts all we must set become to true. I will set gather facts to false. Then here in the tasks section, we will define our task. Here I will provide description of task creating file, setting permissions and GID bit. We need to use file module path which is forward slash root mark underscore file owner mark group mark mode which should be enclosed in single quotation marks 2760 state touch.

This is all we need to do in the end, three dots I will save and quit. Now before I execute, I will just verify syntax. So this playbook test syntax check all seems okay. Now we’ll execute this playbook. This will create mark underscore file on all the managed nodes under root directory. So we have no error. We can check from the play recap change is equal to one where we can see file has been created on all the managed nodes. Now I will execute ansible Adobe command to verify our configurations. Ensible all A here I will provide command to be executed.

LS dash l forward slash root forward slash mark underscore file. This is all we need to do. I will execute this command. We have error. Permission denied. So normally as regular user, we should be able to display this. But why? This has not happened in this case because we removed all permissions for others. We must use become here to execute this as root user with root privileges. So here we can see user owner and group owner are set to mark full permissions at user level read write at group no permissions for others. This capital s means group ID bit is set. So this is all about this task.

5. Task: Creating file, Setting permissions, Copying content using Ad-hoc commands

So welcome to this lecture. In this lecture, we are going to perform task to create zero length file and to configure permissions on this file for others. We also need to copy one string to this file. We’ll do this section using ansible ad hoc commands. Here is task description. Using ansible commands, create file one dot TXT under root directory on oval manage nodes. File should contain text. This text file is created using an sybil. Remove all permissions for others on this file. Here are two commands we need to execute for this task. Ansible all we need to execute command on all remote nodes. We need to use file module and here using path will provide path of the file to be created. Using mode will configure permissions for other. We need to remove all permissions for others. Here we’ll use symbolic mode for others minus Rwx read, write and execution permissions.

So using the symbolic mode we’ll remove all the permissions for others. State is equal to touch to create zero length file. Become we need root permissions or root privileges. To create file under root directory. Don’t forget to enclose list of arguments inside double quotation marks. Then using next addo command we’ll copy this string to this file using copy module. Now let’s move to the ensable control node and start doing this task. Now we are on an ensible control node and I am logged in as ansible user. I’m inside tasks directory from where we need to execute our ad hoc commands. First, ansible command we need to execute to create file and configure permissions ansible all m file a to provide arguments using path directive will specify path.

This is the path of file to be created. Then we’ll set mode to o minus Rwx. To remove all permissions for others, state must be set to touch. This is all we need to do. Become to use pervillage escalation, I will execute this command. So file has been created. We have yellow output. We don’t see any error. So here you can see zero in the end. So it means no permissions for the others. Now I will clear the screen. Now we need to execute our next ado command. Ansible oil m copy a to provide arguments here we need to use content. This text file is created using an Syble. I will enclose the string inside single quotation marks. And then we need to provide dust which is forward slash root forward slash file one dot TXT. This is all we need to do. Enclose all the arguments in double quotation marks. Dash dash become it’s taking some time. So it’s completed.

So string has been copied to this file. Now we’ll verify using ansible ad hoc commands ansible all a here will execute LS is l four forward slash root file one dot TXT again mind here we must use Become because we removed all permissions for others. So here is output. So no permissions for the others. So everything seems okay. Now, we need to display contents inside this file. For this, we’ll use cat. So here we have contents inside this file. This text file is created using an siebel is all about this task.

6. Task: Archiving Directory using Playbook

Hello, welcome to this lecture. In this lecture we’ll learn how we can archive contents of a directory and how we can compress archive using some compression algorithm. Here is task description using ansible playbook archive dot YML archive contents of etc directory into tas under root directory. So we need to place archived file under root directory. Playbook should be executed on web servers nodes so we need to do this task only for web servers nodes which are m host three and four compress the archive using bZIP two we’ll use this compression method to compress the archive. Here are the contents of playbook we will be using for this task. In the target we’ll specify web servers.

Become is equal to yes because we are going to archive contents of etc directory we need root privileges for this I will set gather underscore facts to false. Then in the Tasks section we’ll define our task. Here we’ll use Archive module using path directive will provide path of the directory to be archived in our case etc. Then using dest directive will provide where archive file should be created and what should be the name of archive or archived file. In our case archived file should be placed under root directory.

We’ll provide path here etc tar BG two so this is for compression method we are going to use. You must use this extension. So here using format will tell ansible to use the compression method which is BJ two. This is all we need to do now let’s move to the ansible control node and start doing this task. Now we are on Ansible control node and I am logged in as ansible user. We are inside tasks, directory. Here we need to create playbook. Before creating playbook I will display documentation for Archive module.

So here we can find description about this module paxan archive. So then we have number of directives for this task we will be using dest the file name of destination archive, which in our case is forward slash root forward slash etc dot task dot BJ two because we are compressing the archive as well. Format type of compression to use. So this is default but we’ll specify BJ two. We can also define group owner, we can also configure permissions but we don’t need to do for this task path using path remote absolute path remote means path on the managed node.

So in our case it’s forward slash etc. So this is all we need to do for this task. So here we have some examples, just go through them, I will clear the screen and here we need to create our playbook with name archive dot YML again we know three dashes on the top space hosts web servers so here you can mention this like this as well. Both will work perfectly fine. Become must be set to true gather facts I will set this to false. Then here in Tasks section we’ll define our task here we know we need to use archive module. We need to set path to forward slash etc destroy slash root because we need to place archived and compressed file under root artery etc BJ two format colon space BJ two this is all we need to do three dots in the end I will save and quit.

Now, before we execute playbook will verify syntax all seems okay now we’ll execute this playbook so task execution has been started so it’s completed. So we have contents of etc directory archived and compressed for web servers nodes now using ansible command line we’ll verify this ansible web servers a and here I will list contents of root directory this is all we need to do just to verify a file has been created on this path we must use Become. So here we can see our file etc tar BJ two same four m host three and four so this is all.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img