EX294 Red Hat Certified Engineer RHCE – Exploring Core Components of Ansible Part 2

  • By
  • January 19, 2023
0 Comment

4. Example ansible.cfg file

Lecture we’ll discuss about example ansible config file. In previous lecture we explored ansible config file and we learnt about default values set over there. For example, location of inventory file, location of roast directory user to be used to connect to the remote machines enabling disabling escalation and many more settings. Here is sample config file. This is a case of config file created in specific directory. I’m creating ansible CFG config file on this specific directory path forward slash home ansible tasks. So this is the case of ansible config file present in current directory.

And here are the default values in the default sections. Inventory is set to new default value. Inventory file name is nodes and present on this specific path forward slash home forward slash ensible forward slash tasks. Similarly, roles underscore path directive has new default value set to it remote underscore user is set to ansible. So in this case, ansible will connect to the remote nodes using ansible user. Next section is about privilege escalation.

Privilege underscore escalation in closed in scare brackets become is equal to yes. So privilege escalation is enabled at ancient config file level become underscore user is set to root become underscore method is equal to pseudo become underscore ask underscore pass is set to false. Having already said if become is set to yes or become directive is set to yes, ansible will connect to the remote host using remote user which is ansible according to this config file. So ansible will connect to remote nodes using ansible user and then execute commands with pseudo over there.

But this is not completely true because this will fail because enabling privilege escalation at config level does not allow ansible to execute commands on the remote nodes using root privileges. For this we must configure Sudo’s file on the managed nodes. To allow this, we can configure sudors file on ansible nodes to allow ansible user to use sudo. This can be possible with or without password depending upon configurations we’ll do in Sudo’s file. We’ll configure this later on while doing task about per village escalation. This is all about this lecture. In next lecture we’ll discuss about ancient inventories.

5. Ansible inventories and inventory file

In this lecture we’ll discuss about ansible inventories. Ansible inventories are nothing but the list of remote systems put together in a file known as inventory file. Ansible inventory file defines the nodes to be managed by Ansible. Different managed nodes can be grouped together in different groups. For example, we can put some nodes in web service group and put some other nodes in DB servers group. Depending upon the action we need to do, we can select corresponding group as target. In case we need to execute some task on web servers, we can select web servers group as target. Similarly, if we need to execute some task on the database servers, we can select DB service group as target. Ansible ad hoc commands and playbooks are executed on inventory hosts defined on the command line and in a playbook respectively.

For ad hoc commands, we provide inventory on command line itself and for the playbook we define target systems in the host section. Host and group specific variables are also defined in inventory file. I would give you one example. Suppose we want ansible to connect to a specific node own non default SSH port triple five. For this, we can define host variable for that specific host in the inventory file. Ansible will connect to the remaining nodes still on the default port as defined in ansible dot CFG file. We can use ansible underscore port host variable along with host and we can set nondefault port to this variable. It will be more clear in the coming lectures. Similarly, we can use group specific variables. We know we can group different nodes depending upon service they provide. So in similar way, we can use group variables which are applicable at group level to the nodes. Ansible inventory file default path is defined in ansible configuration file.

We already gone through ansible configuration file and we know this. Ansible inventory file can be defined in any YAML or Yasun format. Most used format is any format. We’ll discuss more on this later on when we’ll create ansible inventory file. We’ll use any format to create ansible inventory file. Ansible inventory file name is not a standard name. You can define any file in ansible config file to be used as ansible inventory file. Here is an example of ansible inventory file in any format. So here ansible inventory file is created on the path as pointed by inventory directive in the ansible config file we discussed earlier. This is just an example.

So here I created two groups HGROUP one, hgrop two group name must be enclosed inside scale brackets. I put some manage nodes in this group, two nodes in this group. So in case you are using host names in inventory file, you must have hostname resolution configured. We can also use IP address of the manage node in inventory file. Here is an example of host range. We can use host range to define multiple nodes. So this represents host three, host four and host five common mistake one can make here use of comma instead of colon. Make sure you are using colon here and you are using scare brackets to enclose this in a group two I put two nodes.

There is nothing special about this group. I just wanted to show you that we can create multiple groups of different nodes in inventory file and later on we’ll use different groups as target in playbooks as well as target for ad hoc commands. Now let’s move to the system and create simple inventory file here on ansible desk c host which is ansible control node. Before we create inventory file, I will display ansible config file which is present on path forward slash, etc ansible and config file name is ansible dot CFG. So here inventory file location is forward, slash etc forward slash and sibal and inventory file name is hosts. So I’m not changing anything here. So I will use default values only.

So now we’ll create inventory file with name hosts. On this path I will clear the screen. To create inventory file on this path we need to switch user to root. Because only root user can create file on this path I will use vim editor vim, forward slash etc ansible then host which is inventory file name. So this is default file present on this path this is example file. So I will move to the end. So here I will add my group, I will name group as my group and I will add my managed node managed nodes. Under this group we have four m host one, m host two, m host three and m host four. This is all we need to do. So now we have inventory file defined. Also we have SSH key authentication setup for root user. Now we are good to go. Now we’ll use ansible command line ansible tab tab.

Here we see multiple command lines about ansible ansible, ansible config, ansible connection, ansible galaxy and many more. An important one is ansible player book, we’ll learn about them during this course. First of all we’ll start with ansible command line ansible help. So here you will find many options, we’ll discuss about all the options when we discuss ensible ad hoc commands. Here I will show you only two things. So with ansible command we’ll use positional arguments where we need to use pattern host pattern. So here we need to give our host group or host or target ansible then host group which in our case is my group. We can give host as well. We can give pattern as well. For example for my group we can write it as my then asterisk. Similarly we can use pattern for hosts. So here is list of optional arguments. We will be using only this argument to verify our inventory is correctly set list hosts outputs a list of matching hosts does not execute anything else. Now I will clear the screen, I will use ansible. Then here we need to provide my group which is our host group then list dash hosts. So here we see list of managed nodes. So it means we defined our inventory correctly. Now again I will open inventory file and I will make one change. Here I will delete all the host or the nodes. And I will use range here inside the scale brackets we’ll use one colon four.

So this will represent all the hosts. Now again I will execute same command. Now again output is same. I will do one more thing. I will remove group and I will use asterisk here for matching pattern. This is working perfectly fine. Now we’ll execute our first ad hoc command to check the connectivity for this we’ll use ansible command line ansible we need to provide target here which is my group dashm to specify module. We will use ping module to check the connectivity. We don’t need to provide anything else. We’ll discuss more on this later on. I will press enter, so it will take some time. So we have success. So Mceville is able to reach all the managed nodes. So this is good sign. Now again I will clear the screen and I will make one change. Here I will use pattern, it will take some time again result is same. So here you can see output is in green color, this means success. Similarly we can set the target single host. For example, I will check for M host one.

So this is working fine again I will execute this command with Ooption to condense the output. Again everything is fine. Now I will do one thing. I will open an Sibble config file in a dating mode. And I will make some changes here. For example for the forks I will change this value to one. Now I will execute same command. So here we can see and symbol is connecting to the managed nodes one by one. Again I will go back to the configuration file. And set this value to five as it was before. I will save and quit. Again I will execute same command. Here we see output immediately for all the managed nodes. So this is parallel task execution.

Now again I will go to configuration file and I will make one more change. Here I will uncommon this. And in the remote port I will use triple two. I will execute this command. Again. Here we see unreachable fail to connect to the host on this port. We know this port is not configured on the managed nodes, so this is normal. So here we see output in the red. So this means error here, I just wanted to show you that how default values are taken from ansible config file. Again I will open ansible config file and I will put the value back to 22. This is all about this lecture. In next lecture will and about host variables.

6. Understanding Ansible hostvars and groupvars

In this lecture we’ll learn about ansible host and group variables. Here I am taking the same example as we discussed in a previous lecture. I’m just adding two host variables. For host one, ansible underscore user is set to ensure and ansible underscore port is set to triple five. I also added one group variable ansible underscore user which is set to ansible for group h group two. In this case where I defined host specific variables for host one, ansible will use ansible user to connect to host one and it will use SSH port triple five to connect to host one. But for rest of hosts it will still use default values taken from ansible dot CFG file. In this way, by using host specific variables we can override default values defined in ansible dot CFG file. Now, coming to the second example of group specific variables.

So here I defined group variable ansible underscore user which is set to Ansible. This is the syntax to define group specific variables, group name, colon wars and enclose this in scare brackets. So this variable is applicable to both nodes in this particular group or in general it will be applicable to all nodes in this specific group. Now we’ll move to the system. We’ll understand this with the help of one example. We are on ansible CVM. Now we need to edit inventory file to add host specific variables and group variables. First of all, we need to switch user to root because we need root permissions to modify inventory file.

Here I would like to mention one important thing. In the example I shown, I used different path for inventory file. Later on in this course we will be creating inventory file on the same path. But here to understand different concepts we are using default configurations where inventory file is present on path, forward, slash, etc. Ansible as defined in ansible config file. So this does not make any difference, we just need to understand the concepts. Now we will open host file in editing mode. So here what I will do. I will change the group name to my group one and I will add two hosts in this group m host 01:00 a. m. Host two I will create one more group with name my group two and I will add two hosts in this group am host three and four. So we have done so here. For Mhost one I will define host specific variables. Ansible underscore user will set this to ansible underscore port.

I will set this variable to triple five. Now, moving to the group specific variables, we know how we can define group specific variables. My group two colon wars enclosed in scare brackets. Here I will use ansible underscore user and I will set this to ansible. So here we defined two host specific variables for m host one and one group specific variable ansible underscore user which is at two ansible for group my group two. Here again I would like to mention I’m using different group names then I mentioned in the example I shown earlier but it does not matter, this was just an example objective is to understand the concept. Now we defined our host specific variables and group specific variables or variable. Now we’ll execute ansible ad hoc command to ping the managed nodes defined in different groups ansible my group one m to specify module. So here we have errors.

For Mhost one we know why we have this error but for amhost two this is still okay because for Mhost two we did not define any variable and it’s taking default values from ansible dot CFG file. But for amhost one it’s trying to connect to import triple five which is not defined on the managed nodes. Now what I will do I will remove this host specific variable which is specific to port again I will execute same command. Still we have errors for amhost one because we did not have this user created on the remote nodes. Now we’ll execute same command for my group two inventory nodes I will change this to my group two we have error.

So here it’s very clear this group variable is applicable to both of nodes defined in the group. I will open this file again, inventory file again and here I will replace ansible user with root which is same as defined in ansible dot CFG file just to show you no, it will work perfectly fine now it’s okay. So in this way host and group specific variables can be used in inventory file to override default values from and sible dot CFG file. We can also save host and group specific variables in separate files other than inventory file. We’ll discuss about this in next lecture.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img