EX294 Red Hat Certified Engineer RHCE – Working with Roles Part 2
5. Task: Downloading Multiple Roles using YAML File
Hello, welcome to this lecture. In this lecture we will learn how we can download multiple roles using YAML file. To download multiple roles, we can use YAML file with extension dot YML defining list of roles to be installed or downloaded below. Details can be provided to specify role to be downloaded using this file. Here are the attributes we can use to download role SRC source of role in the form of username dot role name if downloading from ansible galaxy otherwise provide URL. For example, if you need to download some role from GitHub, you must provide complete URL as shown in this example SRC is mandatory attribute. Next is SEM source code management default is git you can use depending upon task requirement.
Then version of roles to be downloaded. By using this attribute, we can specify version of role to be downloaded name download role to specific name, otherwise default name will be taken. Here we have one example. We are using requirements to VML file extension must be VML. Then here we can specify list of roles to be downloaded. In our file, I defined only one role to be downloaded. Using SRC we provided path of the role to be downloaded. Version is master. So I want to download this role to this name my underscore nun you can use any name normally on the exam. They should provide you all the details. You should know how to create this file and how to list this role as list item. So in this way, you can list multiple roles by using dash. So this SRC is mandatory. If you don’t use other attributes, default values will be taken now. Next how we can install role using file we know we can use r option to specify file with ensable galaxy install command line.
Now let’s move to the ansible control node and download this role. Now we are on ansible control node and I am logged in as ansible user. I’m inside tasks directory. Here we’ll create file with name requirements stored YML. We know here we need to define role to be downloaded as list item. I will change in certain mode three dashes on the top dash to specify list item SRC which is mandatory attribute. Here I will provide URL.
This is URL pointing to role. Version must be master name my underscore NGINX this is all we need to do. I will save and exit. Now we know what to do. NCB galaxy then using install subcommand again I will show you. We can use r option to specify file containing list of rows to be downloaded ensue able install r filename is requirements YML enter role has been downloaded. Now to list role I will execute ansible list so role is downloaded to this path. In this way, by using YAML file, we can download multiple roles defined by this file. This is all about this task.
6. Introducing System Roles and timesync System Role
Welcome to this lecture. In previous lectures we understood what are an siber roles, how to create them and how to use them in ansible player books. In this lecture I will introduce what are Linux system roles? Linux system roles are roles used to manage and configure common components of Linux or subsystems of of Linux. Example of system roles are network, time sync, storage, linux and two more k dump and post fix. We know on every Linux system we need to configure network. We also need to configure NTP time source.
We also need to configure storage and azi Linux. To configure all these subsystems, we can use system roles which can be availed by stolen package rel system dash roles on Rail systems. Here we’ll discuss about time sync role only and we’ll use the same role to configure NTP server for all manage nodes. Having already said to install Linux system role install package rel system dash roles for this we’ll execute DNF or Yum. Install related roles are available on this specific path for documentation or for the example playbooks using these roles, we need to check on this path. Now let’s move to the ensable control node and install Ralph system roles. Now we are on ansible control node and I’m logged in as nsible user. To install system roles, we need to install package.
So I will switch user to root. Because we can install package as root user only we know which package we need to install DNF install Rail system roles. It will take a few seconds. I will confirm. So this is completed, I will clear the screen. Now we know where system roles are available. In case we forget the path where system roles are available, we can use find command to search them. Find four root file system. We’ll search through complete root file system.
We’ll use dashname. Here I will specify name rail system roles and here I will use Asterisk. So here we have multiple paths. So we know this is a path where documentation is available. So on this path you will find example playbooks using these roles. And these are the paths for different system roles. For example times sync role here real estate system roles times so this is name of time sync role. So they all are present on this specific path as I showed you earlier on the slide. Now I will move to this specific path and I will show you how we can use different system roles. In particular we’ll discuss about time sync role which is important for the exam. This is the path where you will find examples how we can use these roles. So there are further sub directories on this path. I will navigate to TimeSync directory. Here we have different files, so these are two examples how to use time sync role. I will display contents of first example. So here is the playbook using time sync role we know using hosts we’ll define target systems. Then we’ll define VAS section. Under VAS section, we must use this variable time sync underscore NTP underscore servers.
To define different NTP servers as list items. In case we need to configure multiple entry servers for NTP client. So here we know this dash means list item. So using a hostname directive, you can specify hostname for the NTP server. This is standard NTP source which is available over the internet. Here you can also define different parameters like Ibust. Ibust is set to yes to make initial synchronization faster. So here important is you must use variable name time sync underscore NTP underscore servers. This is because same variable name is used in the role.
I’ll show you contents of role directory later on. Then we know under the role section we’ll specify role to be used. So in this case we need to use time sync, role rel, system dash, rows, dot TimeSync. So this is complete name for this role. In similar way we can check examples how we can use network role. For example, now I am under network subdirectory. I will clear the screen. I will list files under this directory. Here I will display file example ETH simple auto playbook YML. So here we have file name. So here you can see how we can use network role. So this is just to show you how we can use different system roles.
Now I will clear the screen. Now I will navigate to the path where system roles are present. This is the path where system roles are present. I will list contents of this directory. Here we can see different system roles. We have kdump, network post fix, se, linux storage and time sync. You can specify system role as reluctant roles. Then roll name. Because this is exactly same as that of this. Because here we can see this is symbolic link to this path. Now I will move to the time sync system role. I will clear the screen. Here I will execute tree command. Here we have roles directory structure.
We know about this roles skeleton. We have different subdirectories defaults defining default variables, handlers to define handlers task in main dot YML, file and so on. We don’t need to understand everything what is defined in this directory structure from example point of view. We must know how we can use this role. I will clear the screen. Now I will move to the defaults directory. And here we know file with name main dot YML is present. I will display contents of this file. Here are the default variables used in this role.
In our case, we will be using this variable time sync underscore NTP underscore servers. So this is empty list. So we’ll provide variable in the vast section. Again I will clear the screen. Now we’ll move to the VAS sub directory. So under this sub directory we have file main dot YML defining variable. I will display this file. So here this variable time sync underscore NTP underscore provider underscore OS underscore default. So it means default NTP provider is set to this Ginger two expression. And based on this Ginger two expression NTP provider will be NTP in case on red hat or sent to a system whether we are using is 70 or older than that else Crony will be NTP provider.
We know we are using sent to us eight VMs. So in our case so this variable will be set to Crony. Or I would say this variable will be evaluated to Crony. Here you should keep in mind ancient facts are used here to calculate this variable. So we must use gather underscore facts to true. While using this role I’ll show you this variable is used to select NTP provider in one of the tasks defined in main dot YML file under Tasks sub directory. Now I’ll move to Tasks sub directory, again I will display main dot YML file here you will find many tasks. Having already said we don’t need to understand everything here. Because this is beyond the scope of this exam. But I will tell you overall how it works. So here this task is important. Select NTP Provider.
So here we have set underscore fact module in use this directive time sync underscore NTP underscore provider is set to this Ginger to expression. So here we can see expression includes time sync underscore NTP underscore provider underscore OS underscore default variable we already discussed about. So based on this expression using if condition NTP provider will be default NTP provider in case time sync underscore NTP underscore provider underscore current variable is empty.
So it means no NTP provider is installed on the remote nodes, else it will use current. So concluding in our case it will be always corona because we are using sent to asset oral eight systems. So after NTP provider is selected so it will execute all the tasks related to Crony and we’ll skip all other tasks related to NTP or PTP. So here I am not explaining everything and also we don’t need to know everything. This is just to explain overall how it will work in our case. Now I will quit. In similar case you can move to templates directory where you will find Ginger to templating files for different time providers based on time provider which will be selected, configuration file will be used.
Also you can go through handless tasks where you will find tasks to restart different services depending upon which services used. Now I will clear the screen. So now it’s clear. If we use this role to configure NTP source, crony will be installed on the remote nodes. Because we are using Send to us eight, same will be in case of rail eight in next lecture will configure an SIBL control node as NTP source or as NTP server to all remote nodes. This is all about this.
7. Task: Configuring Managed Nodes to Sync Time Using Chronyd-Part 1
Hello, welcome to this lecture. In this lecture, we learn how we can use timeshink system role to configure remote nodes as NTP client to ensure control node which will be acting as time source for them. Here is task description. Create a playbook chronic YML to configure time source. Four manage nodes. Use times role to configure this also set given time zone. I already configured correct time zone on all the VMs. However, I will explain this how we can set time zone in case we need to set this, use ansible control node as NTP server. So use IP address of NTP server as 192 168 99 one.
We know this is IP address assigned to ansible control node. We can use hostname as well. In case hostname resolution is configured which is note configured in our case on remote nodes for ansible control node. Then finally using ansible ad hoc commands, verify if this is properly configured. Here we have contents of our playbook using hosts, we’ll set target to all. Because we need to configure all remote nodes as NTP client. Then become must be set to true. Because this is system administration task gather underscore facts must be set to true.
Having already explained in previous lecture, ansible facts are used inside role. So we must set gather underscore facts to true. Don’t forget this. Then in the vast section, we’ll define our variable or variables time sync underscore entpos which is list variable under which we can define entropy servers as list items. So here we have only one list item which is for the dictionary. We know we need to use hostname to specify IP address of NTP server. Here we can provide hostname as well. In case hostname resolution is configured, I’m using ibust set to yes. Here to make initial synchronization faster, you can use according to task requirements. Here, I’m using one more variable for time zone which is set to Brussels. In my case, you can set time zone according to exam requirements.
I will use this variable to set time zone. Then in the tasks section, we will be using time zone module to set time zone. Using name will specify this variable in the form of Ginger two expression. And finally, under rules section will specify role as list item. Here I provided complete path for the role. We know by default, ansible checks for the roles in the rows directory as specified by ansible configuration file. We know this role is not present in rows directory. So that’s why I’m using absolute path for this role here. Then we need to configure ensable control node to act as time source. These are additional steps we need to execute on ansible control node.
We’ll open chroni. com file in a dining mode on ansible control node. Then, using allow directive will allow client network to use time services provided by ansible control node. So this is our network. This is network IP of our network. We’ll save and create. Then to make the changes effective, we’ll restart Chronic the next step. Which is very important because in this case, an sibling control node will be acting as NTP server. So it must allow incoming NTP traffic.
For this, we need to configure Firewall. We know how we can do this using Firewall CMD command line. We must use permanent for persistent changes. Then we know when we make permanent changes to Firewall, we must reload Firewall to make the changes effective. So normally on the exam you will not need to execute this part. But I’m telling you, in case you need to do this, you should know how you can do this. Now, let’s move to the Ancient control Node and start doing this task.
8. Task: Configuring Managed Nodes to Sync Time Using Chronyd-Part 2
Now we are on ansible control node and I am logged in as ansible user. First of all I will display software clock on this VM using time date CTL command line. We can optionally type here subcommand which is however default. So here correct time and time zone is set on this VM. Here we can see system cloak synchronized is set to yes. This means this VM is sinking time with some NTP source NTP service. This Boolean is active which is by default. It must be always active. So that VM can sync time with some NTP source configured. Now we know Chronidi demon is already installed on this VM and is NTP provider. Now we’ll check status of Cronid daemon. So this is active running and enable which is by default. Now next we’ll display time and time zone settle remote VMs using ensable ad hoc command line ensable all a to provide command as argument. We know which command to use. This is all we need to do. Here we have output. Here correct time and time zone is set on all remote VMs. But here we can see system cloak synchronized.
No, because still we did not configure any time source for these VMs. Also NTP service Boolean is set to note applicable. Because in my case no NTP provider is installed unmanaged nodes. So this is normal. Now I will clear the screen. Now. Next I will switch user to root and we’ll configure chroni. com file one ansible control node to allow KLite network to use time services provided by ansible control node. But before that I will display chronic sources on this VM. So here we can see multiple sources on the list. I will use V option for more details from this output. This is clear. And sibling control node is sinking time with this time source asterisk mean current synced. This carried symbol mean this is time server. This machine is syncing time with some time source over the internet. Because our VM is connected to internet. Now I will create the screen.
Now we’ll open chronicle. com file in editing mode. Here we can see this is default time source configured using pull directive. And here important is we must allow client network. We’ll uncomment this and here we’ll add network IPO of our network. Don’t forget to update subnet mask as well. This is network IPO of our lab network. You must uncomment this in case you want this VM to serve time even if node synchronized to some time source. Which in our case is not required. Because this VM is syncing time with some time source over the internet. So I will note changes setting. We’ll save and quit. Next when we make changes to some configuration file, we must restart service to make the changes effective. We know for this we can execute or we need to execute systemctl restart Chron. We have done. Still we need to configure firewall on this VM to accept incoming NTP traffic. But I will do that in the last navy. Start writing our playbook to configure remote nodes as NTP client to this VM I will switch user to NSA bell. I will move to tasks directory where we need to create our playbook.
Here we’ll create playbook with name crony dot YML as per task requirements three dashes on the top space host. We need to set target as all remote nodes become must be set to true. We know why gather underscore facts must be set to true. This is default behavior as defined in config file. But I always prefer to include this here. Then here we’ll define VARs section which is important for this task.
We need to use times underscore NTP underscore servers list variable. And here we’ll define or specify NTP server as list item. We know how to do this. We’ll use hostname directive. In our case we are going to use IP address 192 168 99 one I’m adding IBST set to yes. Here we’ll define one more variable with name time zone and I will set this to Brussels time zone.
You must use this format. In my case this is Eurobrussels. You can display all the time zones using time Grade CTL list time zones. Now, here we’ll define tasks section to set time zone. In case this is needed, we need to use time zone module using name directive. We’ll specify time zone to be set. We are using variable here. So we must use ginger two expression to refer to time zone variable. This is all we need to do. Next we need to define roles section. Here we know what we need to do. We need to specify role as list item and we know where our role is located. This is absolute path for our role. This is all we need to do for this playbook. In the end, three doors indicating end of YAML document.
I will save and create. Now before we execute, I will perform syntax check using syntax check everything seems okay. Now it’s time to execute this playbook. On execution of this playbook only tasks related to Crony NTP provider will be executed. Tasks related to NTP and PTP will be ignored and skipped. So this is normal. And Siebel dash playbook then playbook name. So here we can see tasks being executed. You will find some tasks being skipped. This is normal. It will take some time. Here you will see some text in the red. This is normal. Chronidi has been enabled. Cronidi has been restarted in the handlers section. Now everything is done. I will clear the screen novel display chronic sources on the remote VMs using ansible ad hook command. This is all we need to do. Here we see IP address of ensible control node on the list as NTP server which is clear from this carrot symbol.
But here we have question mark. What does this question mark mean? I will add dash V option to display more details. Now we have more details. This question mark means unreachable. Why? Because still we did not configure firewall on ansible control node. Now, next step is to configure firewall on ansible control node. I will switch user to root. I will clear the screen. To configure firewall, we need to use firewall CMD add service. Service name is NTP. We must use permanent for persistent changes. So this is very important. Now, next step is to reload firewall to make the changes effective. Firewall. CMD reload. It’s done. Now will display firewall configurations to verify using firewall CMD list all. Here we have NTP service on the list. Everything is normal.
Now again I will go back to ansible user. And I am under tasks directory. Now, here again we’ll execute ansible ad hoc command to display chronic sources. Ensable a here we need to provide command. This is all we need to do. Still we have question mark indicating node reachable. So what we need to do, we need to restart chromed service on all remote nodes. For this we’ll use ansible ad hoc command ansible all. And here I will use command module systemctl restart chronicy become. Don’t forget this, we can also use service module for the same task. CroninI has been restarted on all remote nodes. I will clear the screen. Again, I will execute command to display chronic sources.
Now this time we see asterisk this means all remote nodes are syncing time with this entity server, which is ansible control node. This is as expected. Now I will clear the screen. And now we’ll execute TimeDate CTL command. And here from the output we can see system clock synchronized is set to yes. So it means all the remote nodes are syncing time with ancient control node NTP service Boolean is also set to active, which is default. So everything is as expected. This is all about this task.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »