EX294 Red Hat Certified Engineer RHCE – Using Ansible Modules For System Administration Tasks Part 3
7. Task: Scheduling Jobs using Playbook
Hello, welcome to this lecture. In this lecture we’ll learn how we can schedule jobs. Using ansible. Here is task description. Create a playbook chrome jobs YML to schedule below tasks restart RC slope service at 23 hours and 6 hours on load nodes every day. Restart RC slope service at 2 hours on web service nodes on every Monday. Here are the contents of playbook we will be using for this task. For this task we need to use Crone module. This playbook will contain two plays. One four prod nodes and other four web servers nodes. In the first place we need to set hosts to probe. Then we must set become to yes or true. Because we need root permissions for this task.
Again I will set gather underscore facts to false. We don’t need facts for this task. Then in tasks section will define our task. Then using desk space name will provide description of the task schedule link. Restart of Slow on pro nodes. You can provide any description. Then we need to use Crone module. And here again using name will provide description of task. Then in our we need to tell on whichever we want to execute this job. We need to schedule this job to execute at 23 hours and 6 hours. We can provide these two different hours. Separated by comma 23, comma six. All enclosed in double quotation marks. Then in minutes field we’ll provide zero. Because we need to execute exactly at 23 and 6 hours. Then using job directive will provide command to be executed or job to be executed. In our case, this is forward slash USR bin systemctl.
So this is path for systemctl program. We need to execute systemctl restart as its log. So this is all we need to do for this play. Then in this play we need to set target to web servers nodes. Again become must be set to true. In the task section we’ll define our task. Here in our field we’ll use two. Because we want to schedule restart of RC slope service at 2 hours on every Monday. Some minutes will be zero weekday one, one four Monday so here we need to schedule this task to execute every Monday. So here I am using weekday directive.
Again we’ll specify job to be executed which is same. This is all we need to do. Now let’s move to the system and start doing this task. Now we are on ansible control node and I am logged in as ansible user. I’m older inside tasks, directory. Here we’ll create our playbook. But before we create playbook, I will display documentation for Chrome module. So here we have description about this module. We use this module to manage chrome tab and environment variable entries.
Using day, we can specify day of month the job should run. But we don’t need this for this task. Default is asterisk every day when the job should run. Default is asterisk every hour. But in our case we have 23 and six for the first play. Then using job directive, we’ll set job to be executed using minutes. We can specify minute when the job should run. But in our case is zero. So we’ll specify zero using month.
We can specify month of the year job should run starting from one to twelve. Default is asterisk every month. Name description of Chrome tab entry just to provide some description. Default is nothing or null. Then state whether to ensure job or environment variable is present or absent. Default is present. So we can skip this by default. It will be created by using user. Specify user whose Chrome type should be modified. We are using root weekday. We are using weekday for second play. In the playbook to specify job should be run on Monday. Then here we have some examples.
Just go through them. I will clear the screen. Here we’ll create our playbook with name chrome jobs YML three dashes on the top dash in first place. Target is proved. Become must be set to true or yes gather facts. I will set this to false. Then here we’ll define tasks section using dash space. Name will provide some description. Scheduling restart of RSS log on prod nodes we know we need to use Chrome module again. Here we can provide some description. I will just copy it and paste it. In the hour we need to provide 23 comma. Six o enclosed in double quotation marks. In minute we need to provide zero. Then job to be executed. Here you must know path of the job to be executed. Verify before you schedule the job system CTL restart assist log.
This is all we need to do for our first play. Here we’ll start defining our second play. Target is web servers. Nodes again become must be set to true. Gather facts false. In the Tasks section we’ll define our task. I will just change this. We know we need to use Module Chrome. Here we’ll provide description in our we need to provide two. Because for web service nodes job should be scheduled to execute at 2 hours every Monday minute we need to provide zero. And here we need to use weekday directive to specify day of week which is Monday. Then job I will just copy and paste this. We need to execute or we need to schedule same job. Then in the end three dots. This is all we need to do. I will save and quit before we execute this playbook. I will verify syntax.
All is OK. Now we’ll execute this playbook. So it’s executed on both prode and web service nodes. Now we need to verify using ansible ad hoc commands ensable prode. And here we’ll display Chrome tap file for root user. How we can do that? Chrome tab l become don’t forget this. So here you can see job has been scheduled to execute at 23 and 6 hours zero minute. In similar way we’ll verify four web servers nodes so here we have every 2 hours and zero minute. And every Monday here we can see one for Monday here you must keep in mind job you are going to schedule must be working. For example, what I will do, I will try to execute job we scheduled. This is working so it means we scheduled, correct? Job this is all about the.
8. Task: Updating Packages using Playbook
Hello, welcome to this lecture. In this lecture we will learn how we can update all the packages on remote nodes using ansible Playbook. Here is task description create a playbook update YML to update all the packages on Prod one node we know in Prod one group we have only one node which is Amhost one. Here are the contents of playbook we will be using for this task. This is simple task, but you must know about this again. In the hosts we’ll specify target which is Prod one.
We must use become true. Because this is system administrator task, we need root permissions to update packages. Then in the Tasks section we’ll use Yam module. Here we’ll set name to Asterisk so it means all packages state to latest to update to the latest version. So you must know how you can represent all the packages using Asterisk and if you need to update all the packages to the latest version, you must use state as latest. So this is all we need to do now let’s move to the ansible control node and start doing this task. We are on ansible control node first of all, I will switch user to ensure I will navigate to Tasks directory. Here we’ll create our playbook update YML three dashes hosts prod one is the target become must be set to true or yes, gather facts. I will set this to false.
Then, here in the Tasks section we’ll define our task. We know we need to use Yum module using named directive here I will specify Asterisk which represents all packages. State must be set to latest to upgrade packages to the latest version. This is all we need to do. I will save and quit. We’ll verify syntax. Everything seems okay now I will execute this playbook so it can take some time. I will post the video until this is completed. It’s completed in few seconds. So all packages are already updated. So this is how you can update all the packages on some system. So here you can see green output so it means all the packages are already to the latest version. This is all about this task.
9. Task: Configuring Firewall using Playbook
Hello welcome to this lecture. In this lecture we’ll learn how we can use ansible playbook to configure firewall on the remote nodes. Here is task description create a playbook firewall YML to configure firewall on all web servers nodes inbound traffic for TTP service should be accepted, settings should be persistent and reload firewall. To enforce this we know when we add permanent configurations to firewall we must reload firewall to make them effective. Here are the contents of playbook we will be using for this task. Target is web servers nodes again we must set become to true or yes because we need root per villages to perform this task. Then in the tasks section we’ll define our task. We know we can use Fire Volody module. We already used this module enuncible ad hoc command. But here we are using this in player book service to be added which is atop state is enabled.
We need to add this service on the firewall so that ATP traffic will be accepted. In case you need to remove state must be set to disabled permanent must be set to yes for persistent firewall setting this is equal to permanent we use with firewall CMD command line. Then here we are using handlers section to reload firewall. Having already said in the handlers section we define the task which should be executed on execution of some other task in the tasks section. So here this section will be executed after successful changes done by this task. So we’ll use notify keyword to notify handlers to execute this task. So here notify is set to reload firewall.
So same must be set to here to the description of this task they must match otherwise task will not be triggered. Then here we’ll use service module to reload firewall d name firewall d state reloaded because we need to reload firewall this is all we need to do for this task. Now let’s move to the ansible control node and start doing this task. Now we are on ansible control node and I am logged in as ansible user. We are inside tasks directory where we need to create our playbook. We’ll create playbook with name firewall YML as per task requirements three dashes on the top dash. Then using hosts we need to define target which is web servers nodes as per task requirement become must be set to true or yes. I will set gather underscore facts to false. Here will define tasks section here will provide description. We know we need to use firewall D module.
We’ve already gone through documentation of firewall D module and here we’ll use service to be added on the firewall which is http state must be enabled. We need to add this service permanent must be set to yes for persistent changes here I will use notify keyword to trigger task which will define in a handler’s section reload firewall. Then here we’ll define handlers section. Again we need to provide description but this must match the string we defined with notify which is reload firewall. It must exactly match. Then here we’ll use service module. Service name is Firewall d, we need to reload firewall. State must be set to reloaded. This is all we need to do. In the end, we have three doors. I will save and quit again before execution. I will verify syntax. We have no errors.
Now I will execute this playbook. Configuring firewall on web server nodes running handler. So here you can see it’s running handler to reload firewall. Now I will execute same playbook again. I will show you the difference. Here you must have noticed handlers section is skipped. This is because handler’s section is executed only when some changes are done by task in Tasks section. Here we executed same playbook again, so no changes are done by the task. In the tasks section, we have green output because service has been added already when we executed playbook first time. Now no changes are done, so we don’t need to reload the firewall. This is the objective of handlers section. Now we’ll verify if the service is added on the firewall. For this we’ll use ansible ad hoc command ansible web servers and here we’ll provide command. We need to execute firewall cmtlist all don’t forget become here we have output, so here we can see Http service on the list. This is all about this task.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »