Ansible RHCE Exam Setup Guide
1. Initial Setup and Configuration
# ssh student@workstation
# sudo yum install ansible-navigator ansible tree vim -y
# vim /home/student/.vimrc
set ai ts=2 et cursorcolumn
# source /home/student/.vimrc
# mkdir /home/student/ansible
# cd /home/student/ansible
# vim /home/student/ansible/inventory
[dev]
servera.lab.example.com
[test]
serverb.lab.example.com
[prod]
serverc.lab.example.com
[balancers]
serverd.lab.example.com
[webservers:children]
prod
# vim /home/student/ansible/ansible.cfg
[defaults]
remote_user=devops
inventory=/home/student/ansible/inventory
roles_path=/home/student/ansible/roles
collections_paths=/home/student/ansible/collections
[privilege_escalation]
become=true
# ansible all -m command -a 'id'
2. Repository Configuration Playbook
# vim /home/student/ansible/adhoc.yml
---
- name: Creating yum repository
hosts: all
tasks:
- name: Create BaseOS Repository
ansible.builtin.yum_repository:
name: "baseos"
description: "Baseos Description"
baseurl: http://content/rhel9.0/x86_64/dvd/BaseOS
gpgcheck: yes
gpgkey: http://content.example.com/rhel9.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled: yes
- name: Create Appstream Repository
ansible.builtin.yum_repository:
name: "appstream"
description: "App Description"
baseurl: http://content/rhel9.0/x86_64/dvd/AppStream
gpgcheck: yes
gpgkey: http://content.example.com/rhel9.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled: yes
# ansible-navigator run adhoc.yml -m stdout
# ansible all -m command -a 'yum repolist all' #(verify the output)
3. Apache Role Creation
# ansible-galaxy init /home/student/ansible/roles/apache
# vim /home/student/ansible/roles/apache/templates/template.j2
My host is {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
# vim /home/student/ansible/roles/apache/tasks/main.yml
- name: Install httpd package
ansible.builtin.dnf:
name:
- httpd
- firewalld
state: present
- name: start service httpd
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: start service firewalld
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: Add http service in firewall rule
ansible.posix.firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
- name: Copy the template.j2 file to web server directory
ansible.builtin.template:
src: template.j2
dest: /var/www/html/index.html
# vim /home/student/ansible/apache_role.yml
---
- name: apache deploy
hosts: dev
roles:
- apache
# ansible-navigator run apache_role.yml -m stdout
# curl http://servera.lab.example.com #(Verify the output)
4. Roles Playbook (balancer and phpinfo)
# vim roles.yml
---
- name: Run the phpinfo first
hosts: webservers
roles:
- phpinfo
- name: Run the balancer
hosts: balancers
roles:
- balancer
Note: (Do not change the above roles order)
# ansible-navigator run roles.yml -m stdout
# open this http://serverd.lab.example.com url in new tab
# open this http://serverc.lab.example.com url in new tab
# open this http://servera.lab.example.com url in new tab
5. SELinux Configuration Playbook
# cp -rvf /home/student/ansible/collections/ansible_collections/redhat/rhel_system_roles/roles/* /home/student/roles/
# vim selinux.yml
---
- name: Configure selinux as enforcing mode
hosts: all
vars:
- selinux_state: enforcing
roles:
- selinux
# ansible-navigator run selinux.yml -m stdout
# ansible all -m command -a "cat /etc/selinux/config"
6. Package Management Playbook
# vim packages.yml
---
- name: package installation
hosts: dev,test
tasks:
- name: installing php and mariadb-server
ansible.builtin.dnf:
name:
- vsftpd
- mariadb-server
state: present
- name: group package installation
hosts: prod
tasks:
- name: installing group package 'Development tools'
ansible.builtin.dnf:
name: '@RPM Development Tools'
state: present
- name: update packages
hosts: dev
tasks:
- name: updating all
ansible.builtin.dnf:
name: '*'
state: latest
# ansible-navigator run packages.yml -m stdout
# ansible dev -m command -a 'yum list installed |grep vsftpd' #(Verify the output)
# ansible prod -m command -a 'yum group list' #(Verify the output)
7. Web Content Management Playbook
# vim /home/student/ansible/webcontent.yml
---
- name: create a link
hosts: dev
tasks:
- name: create a directory
ansible.builtin.file:
path: /devweb
state: directory
group: devops
mode: '02775'
setype: httpd_sys_content_t
- name: create a file
ansible.builtin.file:
path: /devweb/index.html
state: touch
- name: copy the contents to index.html
ansible.builtin.copy:
content: "Development\n"
dest: /devweb/index.html
- name: link the directory
ansible.builtin.file:
src: /devweb
dest: /var/www/html/devweb
state: link
# ansible-navigator run webcontent.yml -m stdout
# curl http://servera.lab.example.com/devweb/ #(Verify the output)
8. Hardware Report Collection
Note: Copy the url "http://content.example.com/Rhce/hwreport.txt" and paste that on new tab and verify the content in it.
# ansible all -m command -a 'lsblk' #(Verify the vdb disk exists)
# vim /home/student/ansible/hwreport.yml
---
- name: hwreport
hosts: all
ignore_errors: yes
tasks:
- name: Download the file
ansible.builtin.get_url:
url: "http://content.example.com/Rhce/hwreport.txt"
dest: /root/hwreport.txt
- name: Collect report 1
ansible.builtin.set_fact:
HOSTNAME: "{{ ansible_hostname }}"
MEMORY: "{{ ansible_memtotal_mb }}"
BIOS: "{{ ansible_bios_version }}"
CPU: "{{ ansible_processor }}"
DISK_SIZE_VDA: "{{ ansible_devices['vda']['size'] }}"
- name: Collect report 2
ansible.builtin.set_fact:
DISK_SIZE_VDB: "{{ ansible_devices['vdb']['size'] }}"
- name: Copy the content to the managed node
ansible.builtin.copy:
content: |
#hwreport
HOSTNAME={{ HOSTNAME | default('NONE') }}
MEMORY={{ MEMORY | default('NONE') }}
BIOS={{ BIOS | default('NONE') }}
CPU={{ CPU | default('NONE') }}
DISK_SIZE_VDA={{ DISK_SIZE_VDA | default('NONE') }}
DISK_SIZE_VDB={{ DISK_SIZE_VDB | default('NONE') }}
dest: /root/hwreport.txt
# ansible-navigator run hwreport.yml -m stdout
# ansible all -m command -a 'cat /root/hwreport.txt' #(Verify the output)
9. Issue File Management
# vim /home/student/ansible/issue.yml
---
- name: play for replace module
hosts: all
tasks:
- name: replace the content in dev group
ansible.builtin.copy:
content: Development
dest: /etc/issue
when: inventory_hostname in groups['dev']
- name: replace the content in test group
ansible.builtin.copy:
content: Test
dest: /etc/issue
when: inventory_hostname in groups['test']
- name: replace the content in prod group
ansible.builtin.copy:
content: Production
dest: /etc/issue
when: inventory_hostname in groups['prod']
# ansible-navigator run issue.yml --diff -m stdout
# ansible all -m command -a 'cat /etc/issue'
10. Ansible Vault Configuration
# vim secret.txt
P@sswOrd
# ansible-vault create vault.yml --vault-password-file=secret.txt
pw_developer: lamdev
pw_manager: lammgr
# ansible-vault view vault.yml --vault-password-file=secret.txt #(verify the output)
11. Vault Rekey Operation
# wget http://content/Rhce/solaris.yml
# ansible-vault rekey solaris.yml
Old password:
New password:
Confirm new password:
12. Cron Job Configuration
# vim crontab.yml
---
- name : Create a cronjob
hosts: all
tasks:
- name: Cronjob for logger
ansible.builtin.cron:
name: Create logger
user: student
minute: "*/2"
job: logger "EX294 in progress"
state: present
# ansible-navigator run crontab.yml -m stdout
# ansible all -m command -a "ls /var/spool/cron/"
# ansible all -m command -a "crontab -lu student"