EX294 Red Hat Certified Engineer RHCE – Using Ansible Modules For System Administration Tasks
1. Introduction
Hello. Welcome to section use of ansible Medus for system administration tasks. In this section we will be using ansible Medus in playbooks as well as in ansible ad hoc commands to perform different system administration tasks. Here is list of objectives we will be covering. In this section we’ll learn how to install packages using ansible player books. We’ll also learn how to start, stope and enable services using playbooks as well as ansible ad hoc commands.
We’ll also learn how to configure firewall. We’ll also learn how to configure or create file systems. We’ll also learn how to manage storage devices using ansible Playbooks. Then we have more objectives related to Filo directory operations. How to create archives, how to schedule tasks. How to manage security related tasks using ansible. How to create users and group or groups using ansible. Now let’s move to the first task of this section.
2. Task: Managing Services using Ansible Playbook
Hello, welcome to this lecture. In this lecture we’ll learn how we can use ansible playbook to manage services. Here is task description create a playbook named services YML under Tasks directory to perform below tasks install Httpd service own website servers nodes here target is web servers group install MariaDB service on prode nodes. Make sure services are started and enabled. Here we have contents of our playbook three dashes on the top.
We know every YAML file must start with three dashes on the top. Then this dash signifying list item this is our first play. So your host is set to web servers. Target is web servers nodes. We must set become to true for per village escalation because this task can be done with root per villages. Then in the Tasks section, we are using two modules yum and service yum to install the package service to start and enable the service. So we are using Yum module we’ll specify name of package to be installed which is att PD and state is present to install the package. Then using service module, we are starting and enabling this service.
Again, using name directive, we need to specify name of service which is at PD. State must be started to start the service enabled must be set to yes to enable the service so that service would start at boot. And here we have one more play in this playbook this time target is proud. Again we must set become to true for privileged escalation. In the Tasks section, we are using same modules for the same action but for different surveys. And here we need to install two packages mariadbash server MariaDB common we can list multiple packages using in front of them as list items. This will work perfectly fine. So it will install two packages. State is equal to present. Then using service module, we are going to start and enable this service.
This is all we need to do now let’s move to the system and start doing this task. Now we are on system and I am logged in as ansible user. We are already under Tasks or we are already in Tasks directory. Here we need to create our playbook with name services dot YML but before creating playbook, I will display documentation for Yum module again. Here we’ll discuss only important directives. So here you can find description about this module install, upgrade downgrade removes and list packages. So there are many directives, we don’t need to know all of them. For this exam, name a package name or package specifier with version we can mention name along with version. Using this directive will specify name of package to be installed. Then state whether to install present or installed. In case you need to install, you can set present or installed only test to install latest version of the software or remove absent or removed. We can use absent or removed. In our case, we need to install. We can use Present or installed we are using Present. Default is nothing. So this is all about this.
So here you can just go through the examples for the player books. So in case you need to install latest version of this package state must be latest. I will quit now. I will display documentation for service module. I know we’ve already gone through this, but I will just go through this quickly. Here name to specify name of service then we have State which can be started, stopped, reloaded and restarted depending upon action we need to do in our case, we need to start the service. Then here we need enabled so here is enabled whether the service should start on boot. So by default this is not used. So this is Boolean type, variable or directive. We must set this to yes, to enable the service again. We have some examples here for the playbooks. Just go through them now. Here I will create our playbook. We know name of the playbook must be services. YML.
I will change to insert mode on the top three space hosts. Here we need to set the target web. Servers. Node web servers. We must set become directive to true. For village escalation we can also use become is equal to. Yes. I would say we can also set become to yes. Then here I will set gather facts. To false because we don’t need to gather them for this task. Even if you don’t set this directive this will not harm but facts will be gathered. Then we’ll define tasks section here we know what we need to do using name I will provide description of first task installing Httpd service. We’ll use Yam module service name is httpd state present this is all we need to do for first task. Then here we need to define second. Task we’ll provide description starting and enabling httpd service on the exam you don’t need to provide long description in case this is not really task requirement because this will help you to save some time and here we know we need to use service module.
Name of service is httpd state. Must be started to start the service enabled must be set to yes so we have defined our first play. Now we need to define second play here. We have different target. We need to install Maria David service on probe nodes. Again. We need to use become true. Become must be set to true. Gather facts folds. But this is not really mandatory. I’m just doing it. Then here in the Tasks section we are going to perform similar actions but for different surveys space name to provide description installing MariaDB service again we need to use Yamadule name of packages here we are going to install two packages. So in this way, we can list multiple packages to be installed. State present. This is all we need to do for first task. Then for second task, we’ll provide description starting and enabling MariaDB service here. We know we need to use service module. Name of services MariaDB state started enabled. Yes, this is all we need to do.
In the end, YAML file should end with three doors. So here important is level of indentation. So here all these must have same level of indentation. So we have same level of indentation. All the tasks must have same level of indentation. Everything looks fine. Similarly different directives we set must have same level of indentation. Everything looks okay I will save and close before executing this playbook I will perform syntax check ansible playbook then playbook name syntax check this is all we need to do we don’t have any error now we are going to execute our playbook. So here we have. First, arc already started installing Httpd service. It can take some time, so it’s already installed on web servers. Nodes service is already started and enabled. Now second place being executed. So here we are installing MariaDB service. It can take some time because there are load of packages to be installed.
So keep in mind so here this is also completed. Now service is being started and enabled. So everything is fine. So using this playbook, we installed Httpd service on web service node and MariaDB service on throw nodes. We also started and enabled the services. Now we’ll verify status using ansible ad hoc command using command module ansible web. Servers and here I will provide command to check the status of ettpd service systemctl status ATPD this is all we need to do so here I did not use become because we can check the status as regular user as well we can see status is active and service is enabled. So everything is fine now I will execute same command but I will change target to prate service name is MariaDB. This is all we need to do again everything is fine, MariaDB. Ten three database service is active and enabled. So this was objective of this playbook.
3. Task: Creating User using playbook
Welcome to this lecture. In this lecture we will learn how we can create user on the managed nodes using playbook. Here is task description create a playbook user YML to create user on all managed nodes with below information use username as mark set the password as password must be encrypted with shad five and two. We already did similar tasks using ansible ad hoc command here we are doing the same task using playbook so we know syntax of playbook in the hosts we’ll set all because we need to execute this playbook on all the managed nodes become must be set to true because we need root privileges. To execute this task I will set gather underscore Facts to false. Because we are not using facts for this task we will be using facts when we’ll execute playbooks based on some conditions. Then in the Tasks section we will be using user module.
So here level of indentation must be same name is Mark, this is username and we know to provide encrypted password we must use Ginger two template with this Ginger to filter password underscore hash to encrypt the password with shad five and two algorithm state is equal to present. State should be set to present. This is all we need to do now let’s move to the system and start doing this task.
Now we are on ansible control node and I’m logged in as ansible user I’m inside tasks directory here we’ll create our playbook name should be user YML here mind the extension you must use extension YML for all the playbooks. Here I will change concert mode three dashes on the top dash space hosts must be all we need to execute playbook on all the managed nodes. We must set become directive to true because we need root per villages we know by default become is true in the ansible config file but we change become to false while configuring ansible control node.
So make sure you are using become to true in case it’s set to false in the sensible config file for the tasks where you need root privileges, gather facts false then here we’ll define task in the tasks section small description for the task creating user. We know we need to use user module name mark, which is username password. Here we’ll use Ginger, two template with Ginger to filter.
To encrypt the password. We need to set password. As password enclose the password inside single quotation marks. And here I will pass this value to Jinja. Two filter password hash here we need to specify algorithm to be used in this case. We need to use this algorithm. This is all we need to do then I will use state as present. This is all we need to do three dots in the end I will save and quit again before executing playbook, I will perform syntax check all scenes okay now I will execute this playbook and see the playbook then playbook name this time this will execute on all the remote nodes. So user has been created.
Now what I will do, I will connect to M host one and will verify if we have user. So user has been created. So everything is okay. Here in the play recap you can check the status. So we have OK is equal to one change is equal to one. So one change has been done on each node. So there is no error. You can check the errors if there are any from these columns. This is all about this task.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »