RH294 "Automation with Ansible" notes in the margin

tags: `red hat, ansible`

You will find here notes and links to official docs with additional information on products and technologies that descrbed on RedHat Cources.
THIS DOCUMENT DOES NOT REPRINT ANY COPYRIGHTED CONTENT FROM REDHAT TRAINING. You will find here only public accessible outline.

Course description: DO294 Automation with Ansible

:memo: Table of contents

RH294 "Automation with Ansible" notes in the margin
- :memo: Table of contents

1. Introduction to Ansible

Describe Ansible concepts and install Red Hat Ansible Engine.

https://www.ansible.com/
https://www.ansible.com/about-us
https://www.ansible.com/blog

The Origins of Ansible
Ansible project founder Michael DeHaan.
First version is 20 february 2012.

In 2015 Red Hat Acquired Ansible Inc.
https://www.redhat.com/en/about/press-releases/red-hat-acquire-it-automation-and-devops-leader-ansible
https://www.redhat.com/en/blog/why-red-hat-acquired-ansible

Getting Ansible from Red Hat.
Red Hat Ansible Engine
Red Hat Ansible Engine Life Cycle

Ansible Docs: Ansible Getting Started

Learn Ansible using Interactive Browser-Based Scenarios By Katacoda

Ansible Docs: Installation Guide

Python is a requirement for linux control node and managed nodes

[student@workstation ~]$ python
bash: python: command not found...

Red Hat Blogs: What, no Python in Red Hat Enterprise Linux 8?
Python Developer Guide: The "python" Command on Unix-Like Systems
Red Hat Blogs: Python in RHEL 8

Sunsetting Python 2. PSF support end date: 1 January 2020
Porting Python 2 Code to Python 3

Python 3 support on Red Hat Enterprise Linux (RHEL) 7

"Python 2.7 package in RHEL 8 support end at June 2024"
RedHat KB: How is Python 2 supported in RHEL after 2020?

Optional (and not required for ansible) way to enable python command

[student@workstation ~]$ alternatives --list
python    auto    /usr/libexec/no-python
python3   auto    /usr/bin/python3.6

[student@workstation ~]$ alternatives --display python
python - status is auto.
 link currently points to /usr/libexec/no-python
/usr/libexec/no-python - priority 404
 slave unversioned-python: (null)
 slave unversioned-python-man: /usr/share/man/man1/unversioned-python.1.gz
/usr/bin/python3 - priority 300
 slave unversioned-python: /usr/bin/python3
 slave unversioned-python-man: /usr/share/man/man1/python3.1.gz
Current best version is /usr/libexec/no-python.

[student@workstation ~]$ file /usr/libexec/no-python
/usr/libexec/no-python: Bourne-Again shell script, ASCII text executable
[student@workstation ~]$ man unversioned-python

## Select one option

# Interactively select what the `python` command runs.
[student@workstation ~]$ alternatives --config python   

# Configure the `python` command to run Python 3
# Note: this is non-standard behavior according to [PEP 394].
[student@workstation ~]$ alternatives --set python /usr/bin/python3 


# Configure the `python` command to run Python 2
# Note: please review the support lifecycle of python2 before relying on it
[student@workstation ~]$ alternatives --set python /usr/bin/python2 

# Undo configuration changes and revert to the default (missing `python` command)
[student@workstation ~]$ alternatives --auto python

RedHat KB: How do I Download and Install Red Hat Ansible Engine?

subscription-manager register
subscription-manager list --available
subscription-manager attach --pool=<pool id here of engine subscription>
subscription-manager repos --enable rhel-7-server-ansible-VERSION-rpms
subscription-manager repos --enable ansible-VERSION-for-rhel-8-x86_64-rpms
yum install ansible

RedHat KB: Ansible deprecated in the Extras channel

Getting Red Hat Developer Subscription: What RHEL users need to know
Register FREE Red Hat developer Subscription
Renew your FREE Red Hat Developer subscription

How about managing Windows machines with ansible?
Red Hat Course:: DO417 Microsoft Windows Automation with Red Hat Ansible
Red Hat Summit 2018 Video: Manage Windows like Linux with Ansible

Ansible Docs: Windows module development walkthrough with Windows environment setup. Vagrant and virtualbox

- Ansible Docs: Can Ansible run on Windows?
No, Ansible can only manage Windows hosts. Ansible cannot run on a Windows host natively, though it can run under the Windows Subsystem for Linux (WSL)

Managing network devices with ansible.
Ansible Docs: Ansible for Network Automation
Red Hat Course: DO457 Ansible for Network Automation

2. Deploy Ansible

Configure Ansible to manage hosts and run ad hoc Ansible commands.

Ansible Docs: Inventory Introduction
Ansible Docs: How to build your inventory
Ansible Docs: ansible-inventory command

Ansible Docs: Configuring Ansible
Ansible Docs: Ansible Configuration settings precedence rules

ansible or ansible-playbook command line options
ANSIBLE_CONFIG (environment variable if set)
ansible.cfg (in the current directory)
~/.ansible.cfg (in the home directory)
/etc/ansible/ansible.cfg

example of ansible.cfg with describing comments

Ansible Docs: Utility that show actual and default configuration options: ansible-config

3. Implement playbooks

Write a simple Ansible playbook and run it to automate tasks on multiple managed hosts.

Ansible Docs: YAML Syntax

Ansible Docs: Working With Playbooks

Acceptable boolean values:

True = true = Yes = yes = 1
False = false = No = no = 0

Red Hat Ansible: Yes and No, True and False

TEST OUTCOME	VARIABLE VALUE
True	Any positive number >0: 1,2 ..
	Non-empty string: "1", "True","False",'Nonsence'
	Boolean value (unquoted): True,true
	Ansible-specific (case-agnostic): Yes,yes
–––––––––––––-	––––––––––––––––––––––––
False	Any number <=0: 0,-1 ..
	Empty string: "", ''
	Boolean value (unquoted): False,false
	Ansible-specific (case-agnostic): No,no

GitHub Project: Ansible playbook syntax highlight plugin for vim

GitHub Project: Ansible Examples of playbook

Example of playbook

---

- name: First play
  hosts: server.example.com
  tasks:
 
    - name: First task
      debug:
        msg: This is task 1 from 1 play
 
    - name: Second task
      debug:
        msg: This is task 2 from 1 play
 
- name: Second play
  hosts: localhost
  tasks:
 
    - name: First Play 
      debug:
        msg: This is task 1 from 2 play
...

Ansible Docs: debug – Print statements during execution

GitHub Project: Best practices checker for Ansible

How to install python package with pip on RHEL and not to break anything.
Example guide with ansible-lint.

[student@workstation scratch]$ virtualenv ansible-lint
[student@workstation scratch]$ bash
[student@workstation scratch]$ source ansible-lint/bin/activate
(ansible-lint) [student@workstation ~]$ pip install ansible-lint
Collecting ansible-lint
  Downloading ansible_lint-4.3.2-py2.py3-none-any.whl (74 kB)
     |████████████████████████████████| 74 kB 1.1 MB/s 
Processing
...
Successfully installed ...
(ansible-lint) [student@workstation ~]$ ansible-lint scratch/example-playbook.yml 
[201] Trailing whitespace
scratch/example-playbook.yml:18
    - name: First Play 

You can skip specific rules by adding them to the skip_list section of your    
configuration file:                                                            

┌─────────────────────────────────────────────────────────────────────────────┐
│# .ansible-lint                                                              │
│warn_list:  # or 'skip_list' to silence them completely                      │
│  - '201'  # Trailing whitespace'                                            │
└─────────────────────────────────────────────────────────────────────────────┘
(ansible-lint) [student@workstation ~]$ exit
[student@workstation ~]$

virtualenv is a tool to create isolated Python environments

Ansible Docs: Playbook Keywords

4. Manage variables and facts

Write playbooks that use variables to simplify management of the playbook and facts to reference information about managed hosts.

Ansible Docs: Using Variables

Ansible Docs: Variable precedence: Where should I put a variable?

Ansible Docs: Variables and Vaults

Best Practices to use Ansible Secret

For general maintenance, it is often easier to use grep, or similar tools, to find variables in your Ansible setup. Since vaults obscure these variables, it is best to work with a layer of indirection. When running a playbook, Ansible finds the variables in the unencrypted file and all sensitive variables come from the encrypted file.
A best practice approach for this is to start with a group_vars/ subdirectory named after the group. Inside of this subdirectory, create two files named vars and vault. Inside of the vars file, define all of the variables needed, including any sensitive ones. Next, copy all of the sensitive variables over to the vault file and prefix these variables with vault_. You should adjust the variables in the vars file to point to the matching vault_ variables using jinja2 syntax, and ensure that the vault file is vault encrypted.

Ansible Doc: Jinja2 Filters

Ansible Doc: Ansible Vault

Using Vault in playbooks

Ansible Docs: Special Variables. Magic, facts and connection variables

set_facts usage real life example

https://cheat.readthedocs.io/en/latest/ansible/

5. Implement task control

Manage task control, handlers, and task errors in Ansible playbooks.

Ansible Doc: Loops

Ansible Doc: Lookup plugins

Ansible Doc: Playbook Tests

Ansible Docs: Registering Variables with loop

Ansible Docs: Handlers: Running Operations On Change

Error Handling In Playbooks

6. Deploy files to managed hosts

Deploy, manage, and adjust files on hosts managed by Ansible.

Ansible file managing modules:

Ansible Doc: Template module
Jinja2 is a full-featured template engine for Python.
How I Used Complex Jinja2 Filters in Ansible

7. Manage large projects

Write playbooks that are optimized for larger, more complex projects.

Patterns: targeting hosts and groups

Description	Pattern(s)	Targets
All hosts	all (or *)
One host	host1
Multiple hosts	host1:host2 (or host1,host2)
One group	webservers
Multiple groups	webservers:dbservers	all hosts in webservers plus all hosts in dbservers
Excluding groups	webservers:!atlanta	all hosts in webservers except those in atlanta
Intersection of groups	webservers:&staging	any hosts in webservers that are also in staging

Ansible Docs: Working with dynamic inventory
Ansible Github Project: dynamic inventory scripts

Ansible Docs: Controlling playbook execution: strategies and more

Ansible strategies:

linear - Executes tasks in a linear fashion (default strategy)
- Task execution is in lockstep per host batch as defined by serial (default all). Up to the fork limit of hosts will execute each task at the same time and then the next series of hosts until the batch is done, before going on to the next task.
free – Executes tasks without waiting for all hosts
- Task execution is as fast as possible per batch as defined by serial (default all). Ansible will not wait for other hosts to finish the current task before queuing more tasks for other hosts. All hosts are still attempted for the current task, but it prevents blocking new tasks for hosts that have already finished.
- With the free strategy, unlike the default linear strategy, a host that is slow or stuck on a specific task won’t hold up the rest of the hosts and tasks.
debug – Executes tasks in interactive debug session
- Task execution is ‘linear’ but controlled by an interactive debug session.
host_pinned – Executes tasks on each host without interruption
- Task execution is as fast as possible per host in batch as defined by serial (default all). Ansible will not start a play for a host unless the play can be finished without interruption by tasks for another host, i.e. the number of hosts with an active play does not exceed the number of forks. Ansible will not wait for other hosts to finish the current task before queuing the next task for a host that has finished. Once a host is done with the play, it opens it’s slot to a new host that was waiting to start. Other than that, it behaves just like the “free” strategy.
Mitogen for Ansible is a completely redesigned UNIX connection layer and module runtime for Ansible. Requiring minimal configuration changes, it updates Ansible’s slow and wasteful shell-centic implementation with pure-Python equivalents, invoked via highly efficient remote procedure calls to persistent interpreters tunnelled over SSH. No changes are required to target hosts.

Playbook Example: Continuous Delivery and Rolling Upgrades
Medium post: Difference between Forks and Serial in Ansible

Ansible Docs: Delegation
If you want to perform a task on one host with reference to other hosts, use the delegate_to keyword on a task

---
- hosts: webservers
  serial: 5

  tasks:
    - name: Take out of load balancer pool
      ansible.builtin.command: /usr/bin/take_out_of_pool {{ inventory_hostname }}
      delegate_to: 127.0.0.1

    - name: Actual steps would go here
      ansible.builtin.yum:
        name: acme-web-stack
        state: latest

    - name: Add back to load balancer pool
      ansible.builtin.command: /usr/bin/add_back_to_pool {{ inventory_hostname }}
      delegate_to: 127.0.0.1

Ansible Docs: Including and Importing

All import* statements are pre-processed at the time playbooks are parsed.
All include* statements are processed as they are encountered during the execution of the playbook.

	include_tasks include_role	import_tasks import_playbook import_role
behavoir	dynamic	static
when happen	include when running play	importing when initially parsed before any play run
tasks shows ansible-playbook –list-tasks	no	yes
ansible-playbook –syntax-check throw errors (when it exist in included or imported content)	no	yes
time when ansile-playbook – throws syntax error (when it exist in included or imported content)	during play	before any run
Can i use ansible-playbook –start-at-task to start playbook with those types of task?	no	yes

8. Simplify playbooks with roles

Use Ansible roles to develop playbooks more quickly and to reuse Ansible code.

Ansible Doc: Roles

RedHat KB: Red Hat Enterprise Linux (RHEL) System Roles
Github Project: Linux System Roles

Automation Hub. Discover, publish, and manage your Ansible Collections
Red Hat Ansible Blog: Getting Started With Automation Hub
Red Hat Ansible Blog: Hands on with Ansible collections

default vs vars in Ansible roles. Where to put variable on role?
Variable precedence: Where should I put a variable?

Ansible Galaxy is Ansible’s official hub for sharing Ansible content
Ansible Doc: Galaxy User Guide

Ansible Docs: Using collections (only available in Ansible 2.9+)

Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. You can install and use collections through Ansible Galaxy.

Ansible Galaxy: geerlingguy.docker role

Red Hat Enterprise Linux Presents… automation with RHEL System Roles

9. Troubleshoot Ansible

Troubleshoot playbooks and managed hosts.

Visual Studio Code editor with syntax highlighting and many many other features.
VSCode extension: YAML Language Support by Red Hat
VSCode extension: Ansible
VSCode extension: Remote - SSH

Logging Ansible output

debug – Print statements during execution
Debugging modules
Playbook Debugger

Molecule project is designed to aid in the development and testing of Ansible roles

ARA Records Ansible playbooks and makes them easier to understand and troubleshoot

Ansible Docs: Testing Strategies

10. Automate Linux administration tasks

Automate common Linux system administration tasks with Ansible.

What about DNS, DHCP, Print, Mail, batabase, file and http servers?
RH358 Red Hat Services Management and Automation

Is there some Ansible best practices exist?

Ansible Docs: Playbook Best Practices
Red Hat Course: DO447 Advanced Automation: Ansible Best Practices
Red Hat Summit 2016 Video: Ansible best practices for startups to enterprises

Top Support Policies for Red Hat Ansible Automation

11. Comprehensive review

Is there some other useful resources exist?

Red Hat Blog: Introducing Ansible Automation Platform 2.0 Early Access
Представляем Ansible Automation Platform 2

What's new in Ansible Automation Platform 2: automation controller

Ansible Lab Catalog: Access a catalog of Ansible product labs by accessing this site
Experience self-paced interactive hands-on labs with Ansible Automation Platform

Training Course for Ansible Automation Platform

Ansible Automation Platform Self-Paced Labs

These interactive learning scenarios provide you with a pre-configured Ansible Automation Platform environment to experiment, learn, and see how the platform can help you solve real-world problems. The environment runs entirely in your browser, enabling you to learn more about our technology at your pace and time.