EX294 Red Hat Certified Engineer RHCE – Using Ansible Modules For System Administration Tasks Part 4
10. Task: Creating Groups and Directory using Playbook
Hello. Welcome to this lecture. In this lecture we’ll learn how we can create supplementary groups and how we can create directory or directory path using Anvil playbook. Here is task description. Create a playbook with name group YML to perform below tasks.
Create directory path forward slash on web servers nodes create group testing on web service nodes and group networks on pro nodes. Here are the contents of playbook we will be using for this task. In this playbook we have two plays in the first play target is web servers web servers group become is set to yes because we can perform this section with root privileges then in the Tasks section I will define or will define two tasks. First task to create directory path second task to create group.
To create directory path, we’ll use or we need to use file module. Here we’ll specify path to be created, which is web HTML. Here we must set state to directory. If you remember, in case you need to create zero length file we set state to touch. But here we need to create directory path.
We’ll set state to directory. So in this case this is note mandatory web directory should exist it will create complete path then here using group module we’ll create group with name testing group name testing state present to create the group to delete the group, we’ll use state set to absent. In second place, target is pronounce or proud group. Again we need to set become to true. In the task section, we’ll define task to create group. We’ll use group module. Group name.
Must be networks state present to create the group this is all we need to do for this task now let’s move to ensure control node and start doing this task now we are on ensable control node and I am logged in as ansible user. We are inside tasks, directory. Here we need to create playbook. But before creating playbook I will open or I will display documentation for file module. Here I will go directly to state directive. So here state can be absent directory file hard link and touch.
We already used touch to create zero length file. So if state is directory, all intermediate sub directories will be created. So it means complete path will be created. I will clear the screen now I will display documentation for group module to manage presence of groups here we’ll use name name of group to manage and state absent present default is present even if we don’t specify, this group will be created but in case you need to delete the group, you must specify state as absent.
So this is all about this here? We need to create our playbook. Playbook name must be group dot YML three dashes. Dash. Then host. For the first play target is web servers. Nodes become must be set to true gather underscore facts I will set this to false. Then here in the tasks section we’ll define our task creating directory we know we need. To use file module here we need to specify the path directory path we want to create which is forward slash web, forward slash HTML state must be directory so this complete path will be created. Next ask is we need to create group creating group here we need to use group module name we need to create group with name testing state present which is default however I will mention it then here we’ll define the other play here target is probe nodes again become must be set to true. I will set gather facts to false. Then here in the task section I will define our task. Here we need to define only one task. To create group.
Creating group we need to use group module name networks state present I will not use this for this task anyway, this will be created because this is default. Now we’ll save this and exit. Before executing this playbook, we’ll just verify syntax. Everything seems okay. Now we’ll execute this playbook creating directory it has been created on web server web servers nodes creating groups then on the prode creating group, only one task. So on the web servers nodes two tasks are executed creating directory and creating group on the probe we defined only one task to execute.
So this task has been executed. So everything is okay. In the play recap you can see there is no error. So now we need to verify if the directory path has been created and group have been created. For this we’ll use ansible command line ansible web servers and here I will provide command to be executed first I will display group file which is present under etc directory. Here we can see our group testing is present on web servers nodes.
I will clear the screen will execute same command with prode as target here we see group with name networks has been created on probed nodes you can move and you can check for both nodes m host two and m host one similarly for the web server nodes you could check for both nodes. Now I will clear the screen again I will execute command on web servers nodes but this time LS LD four forward slash web HTML to verify if directory path has been created so here we see directory has been created. So this is all about.
11. Task: Setting SELinux context using Playbook
Hello, welcome to this lecture. In this lecture we’ll learn how we can set se Linux context type on directory and all the sub directories and files under this if there are any. We’ll do this section using ansible playbook. Here is task description create a playbook context dot YML to set SC Linux context type httpd underscore sys underscore content underscore t on this directory forward slash web HTML we know we created this directory path in previous lecture on all web servers, nodes settings should be persistent and context should be restored. We know when we set Se Linux context type persistently we must restore the context to make this effective. Verify the context type using ansible ad hook command here are the contents of playbook we will be using for this task. Here target is web servers group become must be set to true or yes because this is system administration task I will set gather underscore facts to false because we don’t need facts for this task.
Then in the tasks section we will be using SCF context module for this task. We’ll check the documentation of this module before doing this task. Here using target directory will specify directory. We need to set the context type own. So here is directory part with this specific syntax we know the syntax from Rscsa studies. Enclose this inside single quotation marks. Then using SC type directive we specify context type to be set. State should be present which is default. I’ll show you in the documentation then we know after setting context type persistently we must restore the context using restore cone command line we’ll use command module for this task. Using command module will execute restore cone with Irv options r four recursive to apply context type anything under this directory and own this directory v four verbose to display the changes which are done I here is for ignore the file which does not exist.
Now let’s move to the ensable control node and start doing this task. Now we are on ansible control node and I am logged in as ansible user I’m already inside tasks directory. Before we move further I will display documentation for SCF context module. We know we need to use ansible dash talk command line. Here we have description for this module manages Se Linux file context mapping definitions so here we’ll discuss directives we will be using for this task se type which is mandatory. To specify Se Linux context type we need to set on the directory state whether the Se Linux file context must be absent or present. We need to set the context type we’ll use state set to present which is default.
We can omit this directive by default context will be set but in case we need to delete the context type we must use state set to absent then target which is mandatory target path on which we need to set the context type. Here we have one example here using target we are specifying directory path with this specific syntax. Don’t forget this. Then using Se type will provide Se Linux context type to be set. State will set this to present and after doing this, we need to reload context type for this. We will be using Command module now.
I will quit. This will clear the screen before setting context type. On the directory, I will display present context type set. On this directory. For this we’ll use ansible ad hoc command ansible web servers which is a target group. Here we’ll use command module. We don’t need to specify module because command module is default module. By using dash e option I will provide the command to be executed. LS dash LD capital z then here we need to provide directory path. This is all we need to do. Here we have context type default underscore stone this directory also I would like to mention I did not use Become here.
Because as a normal user we can display this now we’ll create our playbook with name context YML here we know three dashes on the top target is web servers become must be set to true will set gather underscore facts to false. Here in the tasks section we’ll define our task first task setting context type I will provide some description. Here we know we need to use SCF context module and here, using target directive, will specify directory. Path on which we need to set context type, which is web HTML. Then this specific syntax enclose the expression inside single quotation marks. Then, using SD type directive, will specify context type to be set httpd underscore sys underscore content underscore T state will set this to present this is all we need to do for first task here we’ll define our second task restoring context type here we need to use command module here we’ll type command to be executed.
We know we need to use Irv options here, then directory path forward slash web HTML. So here we are not using this specific syntax. We just need to provide directory path. This is all we need to do before executing this playbook I will perform syntax check everything is fine here I would like to mention one important thing because we installed our managed nodes with minimum install option so packages related to policy core utils are missing. I installed package Policy core utils with Asterisk. In the end, on all the managed hosts I did this section offline, so please install this package before doing any task related to AC Linux.
Now I will execute this playbook ansible playbook context YML setting context type. It will take some time. When you do any operation related to context, it always takes some time. It’s done on amhost four. It’s now being done on M host three. We need to wait for a few seconds more. So this is the first task in our play. It’s completed a second task completed very fast. So we have two changes done due to this playbook and we don’t have any error. So now what we’ll do by using ansible ad hoc command will verify we know we need to execute this. So we have context type set on this directory path if there would have been some sub directories or files under this so context type should have been set on those as well. This is all.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »