EX294 Red Hat Certified Engineer RHCE – Working with Roles
1. Introducing Ansible Roles
Hello, welcome to lecture on introducing ansible roles. What are ansible roles? Ansible role is a standard directory architecture or structure where contents of playbook, light, tasks, handlers variables, template, files and metadata are kept for organizations purpose ansible role is nothing but playbook contents such as tasks, related files and components distributed over standard directory architecture with a specific name called role name. We will discuss about the standard directory architecture in the next lecture.
Now, what is the benefit of using roles for larger projects? Instead of writing one playbook containing all the content, we can distribute playbook content in this specific directory architecture called role. Then we can use role in the playbook which will load all the content in the playbook while execution. So in this way by creating roles, we can reuse role whenever this is needed we can specify role in the playbook where we need to use this and we can use same role in multiple playbooks. Now we’ll understand this with the help of this diagram. In this diagram on the left hand side I’m showing you format of playbook. We know this format; this is target line then we have VARs underscore files section where we can specify variable files to be used in the playbook.
Then we have tasks section where we define tasks. Then we have handlers section where also we define tasks. But these tasks are executed when they are triggered by some tasks. In the tasks section we know all this. So here on the right hand side we have playbook using role. So in this playbook I removed everything like VARs underscore files section, task friction and handlers section but instead I used roles section to specify role as a list item.
So when this playbook will be executed, this role will bring all the contents of playbook which are distributed within this role. So in this way we can use the same role in multiple playbooks. We don’t need to write all these contents again and again. So this is very practical for some standard roles. For example, role for web server so many person, many people can use same role to install web server. So this is all about introduction of ansible roles. In next lecture we’ll understand directory architecture or structure of ansible role. We’ll also understand how we can create ansible role.
2. Ansible Role Directory Structure & Creating Role from Playbook
Hello, welcome to this lecture. In this lecture we discuss about roles directory structure and creating role. Here is list of subdirectories which are created under top level roles directory. These sub directories are created to contain different types of playable book contents. We’ll go over all one by one tasks under tasks sub directory a file with name main dot YML is created to contain list of all the tasks to be executed by role. Then handlers under this subdirectory. Again, one file with name main dot YML is created to contain all handler’s contents defaults under this defaults subdirectory, default variables are defined in main dot YML file. For example, we can define host war here ensible underscore port principle underscore user.
But keep in mind these variables can be overwritten by using same variable in the inventory file. I’m taking her example of host VIRS. Then we have voirs. So all other variables to be used in the playbook are placed in main dot YML file. Under this directory, files contains all the files which are to be used in this role. For example, in case you are using copy module, we specify source file to be copied. So this source file is moved under this directory. This will be more clear when we’ll understand this. With the help of one example templates, we know what are templates file old ginger two templates files are kept under this directory path meta under this directory you can just define some metadata for role. For example why this role is created version of role, et cetera. This is just extra info about role. This has nothing to do with playbook contents. Now how we can create this directory architecture? For this we can use ansible galaxy command line with an itch subcommand.
Then here we need to specify role name the name with which we want to create role. When we execute this command, role is created in current directory where this command is executed with the name as specified here you will have same skeleton created automatically. Then you just need to define different contents under different sub directories here important thing to keep in mind is that role will be created in the same directory where we execute this command. Now we know we need to use roles directory to contain all the roles. So we will be executing this command inside roles directory. Now again this is important when we execute some playbook using ansible role. Ansible looks for roles in the directories specified by this directive roles underscore path in ansible config file. We already set this path earlier during this course. It also checks in the roles directory relative to directory where playbook is present. So in our case, roles underscore path is set to forward slashhomesible, forward slashtasks and forward slash roles. We know we are executing all our playbook inside tasks directory. So in our case, both these conditions are met.
Now let’s move to the ensble control node and understand how we can create role for existing player book. Now we are on ensable control node and I am logged in as ensable user. Now first of all I will execute ansible config then view to view our config file we have error invalid or no config file was supplied we know why this error is shown first we need to move to tasks directory where our config file is present. Now, again, I will execute this command. This time we have contents of our configuration file. Here we can see we set roles underscore path to two directory paths. First on the list is forward slash, home, forward slash ansible forward slash tasks, forward slash roles. And second is forward slash etc. Ansible forward slash roles.
So we can create our roles on any of these two paths. ncible will check on these paths for the role in use. In different player books. Now we need to create directory roles under Tasks. Directory we’ll create with Nkdir directory has been created. Now we’ll create one more directory on this path forward, slash, etc and symbol with the same name. Roles because we are using both these paths as roles path whereas roles underscore path. For this I need to switch user to root now I will create directory so we have done I will exit I will clear the screen.
Now, to understand concept of role, we’ll import one of our existing playbooks into role. I will display playbook contents which we are going to use for this task. We created this playbook already. So now what we’ll do we’ll create role for this playbook. Then we’ll move contents of this playbook in the roles directory structure. Then we’ll check how this works. Before doing that, we’ll execute this playbook again just to make sure this is working fine. So this is working fine. The objective of this playbook is to configure firewall on different nodes. Here we can see green color. Because these changes are already done. They are not needed anymore. So what I will do, I will open this playbook and I will make some changes here. Instead of enabled here I will set state two disabled to remove all the existing configs. I will execute this playbook. Now this configs will be removed. So here we can see configs are removed. Also we see Handlers section is executed to reload firewall as expected. Now I will clear the screen again. I will open this playbook and I will set state as enabled before we import. This playbook. Enroll we have done. I will save and quit now we need to create roles. Skeleton I will move to roles directory here we need to create our role. We know how we can create role. We need to use ansible galaxy command line. I will display help for this command.
So we have multiple subcommands which can be used with this command. We’ll discuss about them later on here. We need to use anit Ensible galaxy then. Anit will create Role with name firewall so Role was created successfully here we can see Role with name firewall now what I will do? I will move to this directory here I will execute tree command this is structure of this role. So we have defaults directory under which we have file with name main dot YML. In this file, we can define default variables. We have files sub directory under this directory we need to move files to. Be used in the task for example file to be copied or config files. Then we have handlers under this we need to put all the handlers content in this file meta this is to contain metadata for the playbook. README mark down here again you can provide description under Tasks.
We need to put or place all the tasks in this file. Make sure you’re using same file name. Don’t change this file name under templates sub directory we need to put old Ginger two templating files to be used in the role tests. This can be used for testing purpose. We don’t need to know about this for this exam. Then we have VARs under VARs subdirectory we need to define all the variables to be used in the role inside this file. Now we have roles Skelton created. Now we start moving contents of playbook into this role. I will display contents of playbook. So here we need to copy all the tasks under Tasks section. So make sure we don’t need to copy this name. Tasks here. Now we move to the tasks directory under Role. We know Role name is firewall and here we have tasks directory I will open this file and here you can see tasks file for firewall here we need to paste our tasks I will just align this you can align these to the left with root level of indentation.
But this will also work fine. Make sure level of indentation is still okay. I will save and quit. Now we’ll copy handlers section task again. Don’t copy this handler’s keyword now we need to move to the handlers sub. Directory here again we have file with same name we’ll paste contents here again we need to align this indentation level this is all we need to do now I will clear the screen. We’ll move to Tasks directory here. I will open this playbook in a dating mode. Here we’ll remove tasks and handlers sections. We don’t need them anymore because they have been defined inside role. So instead we’ll use roles section here to use role with name. Firewall.
This is all we need to do now. We’ll save. We will again execute this playbook here. We can see this is working perfectly fine. So now we see changes are being done. We also see Handlers task is running. That’s why I reverted the changes which were already done to see if handlers tasks are also executed. In this way, we can import existing playbook enroll. Now we can use this firewalls role in other playbooks where we need to configure firewall for same services. Here we imported one playbook into Role just to understand the concept. But we should be able to create roles directly. Then we should be able to use them in the playbooks. In next lecture, we’ll create role to configure web server and we’ll use role in the playbook. This is all about this lecture. For more information on roles, we can check ancient documentation. Here on this page we can check information about roles. Roles then roles directory structure. You can just go through this. We already discussed about this. Here you will find some examples of using.
3. Task: Creating Ansible Role to Configure Apache Web Server
Hello, welcome to this lecture. In this lecture, we learn how we can create and use role to configure web service. Here is task description. Create a role with name web server under roles directory to configure web server. Install latest version of Httpd and make make sure services started and enabled configure firewall to accept inbound traffic for Http and Https services and firewall settings must be persistent. We know we must use permanent set to yes. Then create template file with name index dot j two in templates directory to display message. Welcome to web server configure dome host name here we need to display hostname. We will need to use Ginger two expression to refer to hostname here and IP address again we need to use Ginger to expression to refer to IPV four address. Deploy this template to index HTML file in document root directory default document root directory for web server is forward slash VAR forward slash www forward slash HTML we need to place one file with name index HTML containing HTML contents. But in our case we’ll use simple text.
It will work perfectly fine. We know web server displays contents of index dot HTML file as a web page. Make sure correct AC Linux label is set on document root directory. So by default it should be set. However, we’ll check this. Use this role in playbook web server YML to configure web servers nodes. So a target is web servers nodes. Here are our playbook contents target must be set to web servers group as per task requirement become must be set to true. Because this is system admin task and we need root privileges gather underscore facts must be set to true because we are going to use ansible facts variables in Ginger two templating file index dot j two. Then here in the roles section we specify role name which is web server. Now moving to the contents of sub directories under roles directory we know we need to create role with name web server. Under web server there will be tasks directory and under tasks directory we need to create or we need to place these tasks in this file main dot YML this first task is to install latest version of ATPD.
We know we need to use Yam module. Then here name of service state must be set to latest to install latest package. The next task is to start and enable web server. Here we need to use service module name of services at TTPD state must be started enabled must be set to yes. Next task is to configure firewall. According to task requirement, firewall must allow inbound traffic for Attp and ittps services. So this task is for that action. Here we are using item as lookup variable with Ginger two expression. Here we must use loop to specify surfaces as list items. We know how we can do this. Here we must use notify to trigger task in a handless section which I will show you on next slide. Here I am providing description as reload firewall. Then here I’m using template module to deploy index j two which we will be creating later on to this desk which is default document root file index dot HTML. This is default document root for web server.
We need to place file with name index HTML here which will be served by web server. Then here again I used notify restart Httpd. Whenever we make some changes in config file of some service, we must restart service to make the changes effective again. This will trigger task in handlers section I will show you on next slide. So these are contents of main note YML file under Tasks directory. Here we have handlers sub directory. We know here we need to define two tasks. One for reloading firewall, another four to restart at TTPD we know how to do this. In both cases we need to use service module. Here name is firewall d state is reloaded because we need to reload firewall. In second task we have description restart at PPD. We know same description we used in the tasks section. Here again we’ll use service module. Service name is httpd state must be restarted because we need to restart web service. Then finally under templates directory we need to create file with name index dot j two. And here we need to put this text welcome to web server on. Then here we need to provide Ginger to expression to display hostname. We know how to form this expression. And then here we need to provide Ginger to expression to display IP address. Again we know how we can do this. We will save and quit. This is all we need to do for this task. Now let’s move to the ensable control node and start doing this task. Now we are on enslable control node and I am logged in as ansible user. I’m inside tasks, directory.
First of all we need to create role skeleton. We need to use role name as web server. We know we need to create role under roles directory. I will move to roles directory. Here we know we can use Msible galaxy command line to create skeleton for the role, we need to use in it then role name which in our case is web server role has been created. So here we can see skeleton for the role. Now we know what we need to do. First we move to the tasks sub directory and we’ll define tasks in main load YML file. I will open this file in a dating mode. And here we need to define task. First task is to install latest version of Attpd. Installing latest version of httpd. We know here we need to use yamadule name of service and state must be set to latest.
This is all about first task. Now second task is starting and enabling web server. Here we need to use service module name of service httpd state must be set to started enabled must be set to es. Because we need to start and enable service. Then, third task is to configure firewall. Here we know we need to use firewall d module. Using service, I will specify look a variable item using Ginger to expression state must be enabled permanent. Must be set to yes for persistent firewall changes. Here we must use loop. And here we need to list services to be added on the firewall. We have done. Now here we must use Notify. This is again important. Reload firewall. This notify will trigger task in handlers section. Next task is deploying template. Here we know we need to use template module.
Using SRC, we specify Ginger two templating file we will be creating soon. Index j two r www HTML then index HTML. We need to deploy index dot j two file to index HTML file on this directory path. Here again we must use Notify to restart at PD. This is all we need to define in this file under Tasks subdirectory. Now I will save and quit. Now I will move to the handlers section. Here, under handlers subdirectory, we need to open this file main dot YML. Here we’ll define handlers task. First task is to reload firewall. We know we need to use service module. Service name is firewall d state must be reloaded now. Second task is to restart Fttpd. Again we need to use service module. Name of services at PPD state must be restarted. This is all we need to put in this file. Now, moving to the templates subdirectory. Here we know we need to create file with name index j two.
Welcome to Web server. Own an sybol fax, then hostname. We know this expression is for to refer hostname and IP address. Here we need to provide Ginger to expression to refer to IPV four address. So this is expression for IPV four address. We’ll save and quit. I will clear the screen. Here I will execute tree. So here we can see under templates directory, we see our file rest. We know we define contents in main dot YML in a handler’s subdirectory and Tasks subdirectory. Now we need to create playbook. We’ll create playbook in the Tasks directory, where our config file is present. We know we need to create playbook with name web server dot YML target is web servers become must be set to true. Gather underscore facts must be set to true.
Here we’ll define roles section win list roles to be used here web server. This is all we need to do now. I will save and quit. Now before execution, I will perform syntax check. All seems okay. Now we’ll execute this playbook. We see task gathering facts in progress. Installing latest version of httpd. So, this is already installed. So we see green here. Starting and enabling web server. So, this is already in same and state. Firewall is also configured already deploying template. Here we see yellow color meaning change. So template file has been deployed successfully. Then handlers to restart web server is also executed. But handler task to restart reload firewall is skipped as expected. Now everything is fine. Now to verify working of web server, I will connect to m host three which is web server node. Here I will use kernel to display webpage http colon local host so here we can see welcome to web server on m host three. And this is the IP address. So in this way we can use role to configure web service.
4. Task: Downloading Ansible Roles From Ansible Galaxy
Hello, welcome to this lecture. In this lecture we’ll learn about ansible Galaxy and how to download roles from ansible Galaxy. Ansible Galaxy is a free website where users can share roles and from where users can download roles. Because this is free website, any user can import roles to this website. But we must authenticate using GitHub account and only then it will be possible to import roles to the websites. We can download roles from ensible galaxy and from GitHub using ensible galaxy install command line the command line tool by default communicate with Galaxy website own this address. We’ll work through this website soon. Next how to download or install roles. We can download roles from enslaved galaxy using below command enslaved galaxy install then username role name. We need to specify role with this format. I’ll show you this format on galaxy website.
Now where role is downloaded, by default role is installed, or I will say downloaded in first writeable directory. So this is list of default directories, so it will be downloaded first directory which is available. But we can override this default behavior by setting roles underscore path directive, which in our case is already set. So in that case roles will be downloaded to the roles path specified by rows underscore path directive. But here we must make sure we are executing the command from the path where ansible config file is present, in particular in our case, otherwise this config file will not be taken into account and by default role will be downloaded to this path under users home directory. To download roles to a specific directory, we can use this command. We can use roles path option to specify directory path where you want to download roles.
So this is to overwrite default behavior. Even this will overwrite this directive. We can also use p instead of roles path as short option. Now let’s work through galaxy website and then we’ll move to ensble control node and we’ll learn how we can download roles from ensible galaxy website. Navyrun ansible galaxy website. So here we can see different categories of roles. I will select web. Here we can search for the role we need. For example I will search for Apache. So here we have role on the top I will click here. So by using this command we can download this role from the galaxy website. Ensable galaxy install then this is username and this is role name. In similar way you can find more roles.
But for the exam you don’t need to know all this because in the exam you will not have internet. So probably you will not have access to this site. But they can provide you local galaxy server or some other server from where you will need to download roles. I will explain that how we can download roles other server than galaxy server. For more information on ansible galaxy and how to download roles, you can check ensible documentation on this page. Here you will find all the details you will need for this exam. Just go through this. Here you can see installing roles. We already discussed about this command line. Then here we also discussed how we can download rows to a specific path.
In this case specific path is current directory indicated by dot. Also here you can see you can specify version while downloading some role with coma between role name and version as specified here. Now let’s move to the ensible control node and learn how we can download roles from ensible galaxy. Now we are on ensible control node and I am logged in as ansible user. Before we download roles from ensible Galaxy, I will show help for ansible galaxy command line. Ansible galaxy help. So here we have different commands or subcommands delete and import. Subcommands can be used to delete roles from galaxy website and to upload roles on the galaxy website. For the exam, we don’t need to know about these commands. Info to display info about role and it we already used install to download roles to some roles directory list to list already downloaded roles login. Again this is needed in case you need to import roles to the galaxy website.
In that case you must authenticate using ensable galaxy then login subcommand. Then you need to provide credentials to login to website. Remove to remove roles from the system which are already downloaded search to search roles on the galaxy website. Then we have options. We can use these options with this command line. Now I will clear the screen. Now I’ll display health four ancillary install command ancible galaxy then install. This is important for the exam. You might need this to download roles to your system. So here important options are r to specify file containing defining list of roles to be imported or to be downloaded on your system. We’ll discuss about this option soon. We already discussed about dash p to download roles in a specific directory.
Or we can use longopian roles path in case we don’t use any option. By default roles will be downloaded to the path specified by rows underscore path directive in ensible config file. Now I will clear the screen. Now we’ll download Apache roval from ensable galaxy website. Ensable galaxy. Here we need to use install. Then here we must specify username role name. I will specify username then role name. We are already in tasks directory server. Config file is in effect, so role will be downloaded to roles directory. Under tasks directory I will press enter.
It will take some time, maybe five or ten minutes. I will pause the video until role is downloaded. After a long wait, finally role has been installed to list installed roles, we can execute ansible galaxy then list. So here we have all the roles installed on our system. We created two roles firewall and web servers. We downloaded this role from ensible galaxy. So these three roles are on this path. We are also using this path as roles path along with this path but first writable path is this. So roles are downloaded to this path. So in this way we can download roles from ancient galaxy. In next lecture we’ll learn how we can download multiple rows using file.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »