DO374 - Instructor Demo Guide

Travis Michette

Version 1.1
Table of Contents
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Repositories for this Course. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Demo Setup/Preparing to Teach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1. Developing Playbooks with Ansible Automation Platform 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Introducing Red Hat Ansible Automation Platform 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.1. Orientation to Red Hat Ansible Automation Platform 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2. Red Hat Ansible Automation Platform 2 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2.1. Ansible Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2.2. Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1.2.3. Ansible Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.2.4. Ansible Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.2.5. Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.2.6. Ansible Automation Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.2.7. Hosted Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1.3. Red Hat Ansible Automation Platform 2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1.3.1. Developing Playbooks with Ansible Automation Platform 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Running Playbooks with Automation Content Navigator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2.1. Introducing Automation Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2.1.1. Improving Portability with Automation Execution Environments. . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.2. Installing Automation Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.3. Configuring Authentication to Managed Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.3.1. Preparing SSH Key-Based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2.3.2. Providing Private Keys to the Automation Execution Environment . . . . . . . . . . . . . . . . . . . . . . 8
1.2.4. Running Automation Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.2.4.1. Ansible Ad-Hoc Commands Using Content Navigator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2.4.2. Running Playbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.4.3. Reviewing Previous Playbook Runs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.4.4. Reading Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.4.5. Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3. Demo - Ansible Ad-Hoc Commands Using Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4. Demo - Ansible Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.5. Managing Ansible Project Materials Using Git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.5.1. Defining Infrastructure as Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.5.2. Introducing Git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.5.3. Describing Initial Git Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.5.4. Starting the Git Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.4.1. Examining the Git Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.5. Working with Branches and References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.5.1. Creating Branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.5.2. Merging Branches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.5.3. Creating Branches from Old Commits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.5.4. Pushing Branches to Remote Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
 1.5.6. Structuring Ansible Projects in Git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.6.1. Roles and Ansible Content Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.5.6.2. Configuring Git to Ignore Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.6. Demo - Using Git. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.7. Demo -Github Tools (gh) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
1.8. Implementing Recommended Ansible Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.1. The Effectiveness of Ansible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.2. Keeping Things Simple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.2.1. Keeping Your Playbooks Readable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.2.2. Use Existing Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.2.3. Adhering to a Standard Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.3. Staying Organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
1.8.3.1. Following Conventions for Naming Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
1.8.3.2. Standardizing the Project Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
1.8.3.3. Using Dynamic Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
1.8.3.4. Taking Advantage of Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1.8.3.5. Using Roles and Ansible Content Collections for Reusable Content . . . . . . . . . . . . . . . . . . . . 33
1.8.3.6. Running Playbooks Centrally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1.8.3.7. Building Automation Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1.8.4. Testing Often . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1.8.4.1. Testing the Results of Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1.8.4.2. Using Block/Rescue to Recover or Rollback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
1.8.4.3. Developing Playbooks with the Latest Ansible Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
1.8.4.4. Using Test Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2. Managing Content Collections and Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.1. Reusing Content from Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.1.1. Defining Ansible Content Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.1.1.1. Organizing Ansible Content Collections in Namespaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.1.2. Using Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.1.2.1. Accessing Ansible Content Collection Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.1.2.2. Using Ansible Content Collections in Playbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.1.2.3. Finding Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.1.2.4. Using the Built-in Ansible Content Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.2. Demo - Using Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.3. Finding and Installing Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.1. Sources for Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.1.1. Finding Collections on Ansible Automation Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.2. Installing Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.2.1. Installing Collections from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.2.2. Installing Collections with a Requirements File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.2.3. Listing Installed Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.3. Configuring Collection Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.3.1. Installing Collections from Ansible Automation Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.3.3.2. Installing Collections from Private Automation Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.4. Selecting an Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
 2.4.1. Describing Automation Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4.2. Selecting a Supported Automation Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4.3. Inspecting Automation Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4.4. Using Automation Execution Environments with Ansible Content Navigator . . . . . . . . . . . . . . . . . 49
3. Running Playbooks with Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1. Explaining the Automation Controller Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.1. Introduction to Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.2. Describing the Architecture of Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.1.3. Automation Controller Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.2. Demo - Setting Up Automation Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.3. Running Playbooks in Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.1. Exploring Resources in Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.2. Creating Credential Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.2.1. Listing Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.2.2. Creating a Machine Credential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.2.3. Creating a Source Control Credential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.3. Creating Project Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.4. Creating Inventory Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.4.1. Manually Creating Groups and Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.4.2. Populating Groups and Hosts Using a Project Inventory File. . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.5. Creating Job Template Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.3.6. Launching and Reviewing Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.4. Demo - Running a Playbook from Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
4. Working with Ansible Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1. Examining Ansible Configuration with Automation Content Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1.1. Inspecting Configuration in Interactive Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1.1.1. Searching for Specific Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1.1.2. Accessing Parameter Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1.1.3. Inspecting Local Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.1.2. Inspecting Ansible Configuration in Standard Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.2. Configuring Automation Content Navigator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.1. Format of the Settings File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.2. Locating the Settings File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.2.1. Selecting a Settings File to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.3. Editing the Settings File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.3.1. Setting a Default Automation Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.3.2. Default to Running in Standard Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.3.3. Disabling Playbook Artifacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.2.3.4. Overview of an Example Settings File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5. Managing Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1. Managing Dynamic Inventories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.1. Generating Inventories Dynamically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.2. Discussing Inventory Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.2.1. Using Inventory Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.3. Developing Inventory Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
 5.1.3.1. Using Inventory Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1.4. Managing Multiple Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.2. Writing YAML Inventory Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.1. Discussing Inventory Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.2. Writing YAML Static Inventory Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.2.1. Setting Inventory Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.3. Converting a Static Inventory File in INI Format to YAML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.4. Troubleshooting YAML Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.4.1. Protecting a Colon Followed by a Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.4.2. Protecting a Variable that Starts a Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.2.4.3. Knowing the Difference Between a String and a Boolean or Float. . . . . . . . . . . . . . . . . . . . . . 57
5.3. Managing Inventory Variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.1. Describing the Basic Principles of Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2. Variable Merging and Precedence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2.1. Determining Command-line Option Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2.2. Determining Role Default Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2.3. Determining Host and Group Variable Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2.4. Determining Play Variable Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.2.5. Determining the Precedence of Extra Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.3. Separating Variables from Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.4. Using Special Inventory Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.4.1. Configuring Human Readable Inventory Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.3.5. Identifying the Current Host Using Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
6. Managing Task Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1. Controlling Privilege Escalation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1. Privilege Escalation Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.1. Privilege Escalation by Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.2. Defining Privilege Escalation in Plays. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.3. Privilege Escalation in Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.4. Grouping Privilege Escalation Tasks with Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.5. Applying Privilege Escalation in Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.1.1.6. Listing Privilege Escalation with Connection Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.2. Choosing Privilege Escalation Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
6.3. Controlling Privilege Escalation (DEMO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6.4. Controlling Task Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.1. Controlling the Order of Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.1.1. Importing or Including Roles as a Task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.1.2. Defining Pre- and Post-tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.1.3. Reviewing the Order of Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.2. Listening to Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.2.1. Notifying Handlers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.4.3. Controlling the Order of Host Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.5. Running Selected Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.1. Tagging Ansible Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.2. Managing Tagged Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
 6.5.2.1. Running Tasks with Specific Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.2.2. Combining Tags to Run Multiple Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.2.3. Skipping Tasks with Specific Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.2.4. Listing Tags in a Playbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.5.3. Assigning Special Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.6. Controlling Tasks with Tags (DEMO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
6.7. Optimizing Execution for Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1. Optimizing Playbook Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.1. Optimizing the Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.2. Disabling Fact Gathering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.3. Reusing Gathered Facts with Fact Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.4. Limiting Fact Gathering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.5. Increasing Parallelism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.6. Avoiding Loops with the Package Manager Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.7. Efficiently Copying Files to Managed Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.8. Using Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.1.9. Enabling Pipelining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.2. Profiling Playbook Execution with Callback Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6.7.2.1. Timing Tasks and Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
7. Transforming Data with Filters and Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1. Processing Variables Using Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.1. Ansible Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.2. Variable Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.3. Manipulating Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.3.1. Extracting list elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.3.2. Modifying the Order of List Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.3.3. Merging Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.3.4. Operating on Lists as Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.4. Manipulating Dictionaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.4.1. Joining dictionaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.4.2. Converting Dictionaries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.5. Hashing, Encoding, and Manipulating Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.5.1. Hashing strings and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.5.2. Encoding strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.5.3. Formatting Text. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.5.4. Replacing Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.6. Manipulating JSON Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.6.1. JSON Queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.1.6.2. Parsing and Encoding Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
7.2. Demo - JSON Queries on Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
7.3. Templating External Data using Lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.1. Lookup Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.2. Calling Lookup Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3. Selecting Lookup Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3.1. Reading the Contents of Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
 7.3.3.2. Applying Data with a Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3.3. Reading Command Output in the Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3.4. Getting Content from a URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3.5. Getting Information from the Kubernetes API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.3.6. Using Custom Lookup Plug-ins. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.3.4. Handling Lookup Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7.4. Implementing Advanced Loops. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.1. Comparing Loops and Lookup Plug-ins. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2. Example Iteration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2.1. Iterating over a List of Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2.2. Iterating Over Nested Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2.3. Iterating Over a Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2.4. Iterating Over a File Globbing Pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.4.2.5. Retrying a Task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
7.5. Using Filters to Work with Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.1. Gathering and Processing Networking Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.2. Network Information Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.2.1. Testing IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.2.2. Filtering Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.2.3. Manipulating IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
7.5.2.4. Reformatting or Calculating Network Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
8. Coordinating Rolling Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
8.1. Delegating Tasks and Facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
8.1.1. Delegating Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
8.1.1.1. Delegating to localhost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
8.1.2. Delegating Facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
8.2. Configuring Parallelism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
8.2.1. Configure Parallelism in Ansible Using Forks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
8.2.2. Running Batches of Hosts Through the Entire Play. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
8.3. Managing Rolling Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.2. Controlling Batch Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.2.1. Setting a Fixed Batch Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.2.2. Setting Batch Size as a Percentage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.2.3. Setting Batch Sizes to Change During the Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.3. Aborting the Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.3.1. Specifying Failure Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
8.3.4. Running a Task Once . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
9. Creating Content Collections and Execution Environments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1. Writing Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1. Developing Ansible Content Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.1. Selecting a Namespace for Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.2. Creating Collection Skeletons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.3. Adding Content to Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.4. Updating Collection Metadata. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
 9.1.1.5. Declaring Collection Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.6. Building Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.1.7. Validating and Testing Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.1.2. Publishing Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.2. Building a Custom Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.1. Deciding When to Create a Custom Automation Execution Environment . . . . . . . . . . . . . . . . . . . . 79
9.2.2. Preparing for a New Automation Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.2.1. Declaring the Ansible Content Collections to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.2.2. Declaring Python Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.2.3. Declaring RPM Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.3. Building a New Automation Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.2.3.1. Interacting with the Build Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
9.3. Validating a Custom Execution Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
9.3.1. Testing Automation Execution Environments Locally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
9.3.1.1. Running a Test Playbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
9.3.1.2. Providing Authentication Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
9.3.2. Sharing an Automation Execution Environment from Private Automation Hub . . . . . . . . . . . . . . . . 80
9.4. Using Custom Content Collections and Execution Environments in Automation Controller. . . . . . . . . . 81
9.4.1. Using Custom Collections with Existing Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . 81
9.4.1.1. Preparing Ansible Projects for Automation Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
9.4.1.2. Storing Authentication Credentials for Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
9.4.2. Using Custom Automation Execution Environments with Automation Controller . . . . . . . . . . . . . . 81
9.4.2.1. Storing Container Registry Credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
9.4.2.2. Configuring Automation Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
9.4.2.3. Configuring the Default Automation Execution Environment for a Project . . . . . . . . . . . . . . . . 81
9.4.2.4. Specifying an Automation Execution Environment in a Template . . . . . . . . . . . . . . . . . . . . . . 81
Appendix A: Exam Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
A.1. Understand and use Git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
A.2. Manage inventory variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
A.3. Manage task execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
A.4. Transform data with filters and plugins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
A.5. Delegate tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
A.6. Manage content collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
A.7. Manage execution environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
A.8. Manage inventories and credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
A.9. Manage automation controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Appendix B: References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
B.1. Ansible Roles, Collections, and Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
B.2. Ansible Automation Platform (AAP 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
B.3. Execution Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
B.4. Callback Plugins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
B.5. Ansible Facts and Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
B.6. Ansible Galaxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
B.7. Ansible Navigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
B.8. Ansible Automation Hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
B.9. Ansible Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
B.10. Pre-Commit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
B.11. Ansible Real-World Examples and Articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
B.12. Other Ansbile Examples and Repositories (from other Instructors) . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
B.13. Python. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
B.14. VSCode Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
B.15. DISA STIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
 Section Repositories for this Course

Introduction
Repositories for this Course
There are two repositories used for this course. One is for the book, content, and demos. There is a Jenkins
job that will build from the private Gitlab repository and create, modify, and upload content into the Github
repository.

Main Repositories
• DO374 - Book: https://gitlab.michettetech.com/travis/do374
• DO374 - Public Demo Repository for Students: https://github.com/tmichett/do374/

Demo Repositories
These repositories contain demo playbooks that are used as projects in Ansible Controller. They also contain
inventory files as well as configuration files needed to run the playbooks locally from workstation for testing.

• AAP2 Controller Demo: https://github.com/tmichett/AAP2_Controller_Demo

• AAP2 Demos: https://github.com/tmichett/AAP2_Demos

Demo Setup/Preparing to Teach

There are several playbooks to setup the demos for the course. These are documented here to make it easier
to setup the classroom environment when performing a regular or custom delivery.

1. Create Github directory

[student@workstation ~]$ mkdir Github ; cd Github

2. Clone Repository

[student@workstation Github]$ git clone https://github.com/tmichett/do374.git

3. Create anr Alias for Ansible Navigator

[student@workstation Github]$ cd Github/do374/Demos/Demo_Setup/

[student@workstation Github]$ ./Bash_Prompt.sh

1 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1. Developing Playbooks with Ansible Automation

Platform 2
1.1. Introducing Red Hat Ansible Automation Platform 2
Describing the architecture of Red Hat Ansible Automation Platform 2 (AAP2) and new features for Ansible
development.

1.1.1. Orientation to Red Hat Ansible Automation Platform 2

New evolution of Ansible Platform providing customization with Ansible Execution Environments (EEs), Ansible
Navigator, and a redesign of Ansible Tower which has now become Ansible Controller. Ansible Automation
Platform now also provides Ansible Automation Hub which is a private Ansible Galaxy as well as a container
registry service for Ansible EEs.

1.1.2. Red Hat Ansible Automation Platform 2 Components

1.1.2.1. Ansible Core

The Ansible Core package is provided by ansible-core and is version Ansible Core 2.11 in AAP2.0. This
package provides the ansible command as well as the built-in modules allowing administrators to run
playbooks with the ansible-playbook command. The ansible-core package only contains a minimal set of
modules (ansible.builtin) collection and all other modules have been moved to Ansible collections.

The ansible Package

 It is still possible to install the package called ansible. This will install Ansible 2.9 which is
AAP1.2. This version of Ansible will support collections, but is not the full AAP2.0 version of
Ansible.

1.1.2.2. Ansible Content Collections

Ansible content and modules have now been re-organized into what is referred to as Ansible Content
Collections (Content Collections) in order to support the growth and rapid development of modules and
packages. This separation allows modules, roles, plug-in to be separated from the Ansible Core for a simpler
management style.

This separation provides the following

• Developers can easily upgrade and deploy new version of their modules without depending on Ansible
• Only needed modules can be present on the Ansible system or in the execution environment
• New modules and content doesn’t need to wait for a new version of Ansible to be deployed

ansible.builtin

 The ansible.builtin collection is a special collection that will always be part of Ansible Core.
However, this has a limited number of modules. Things like the Firealld module have now
been moved as part of the POSIX Ansible Collection.

Version: 1.1 DO374 - Instructor Demo Guide 2

 Section 1.1. Introducing Red Hat Ansible Automation Platform 2

Collection Mapping
Ansible mapping of content collections: https://github.com/ansible/ansible/blob/devel/lib/

 ansible/config/ansible_builtin_runtime.yml

Red Hat Official Collections are available from: https://console.redhat.com/ansible/ansible-

dashboard

1.1.2.3. Ansible Content Navigator

AAP provides ansible-navigator which is the new preffered tool to run and interact with Ansible on the CLI. It
extends and includes the functionality of the ansible-playbook, ansible-inventory, and ansible-config
commands.

While Ansible Navigator still leverages ansible.cfg, it has its own configuration file that must point to both the
ansible.cfg being used as well as using its own ansible-navigator.yml configuration file which has even more
options to extend and control the behavior of Ansible Navigator.

Why ansible-navigator?

 The purpose of ansible-navigator is to separate the control node from the execution
environment. This makes it easier for playbooks to be run in a production environment from
Ansible Controller Nodes (formerly known as Ansible Tower).

1.1.2.4. Ansible Execution Environments

Ansible Execution Environments (EEs) as container images which contain the following items:

Ansible EEs
• Ansible Core
• Ansible Content Collections
◦ Ansible Modules
◦ Ansible Roles
• Python Libraries
• Other dependencies

The default AAP2 environment provides Ansible Core 2.11 and Red Hat Certified Content Collections to give a
similar experience to AAP1.2 which is what provides Ansible 2.9.

AAP1.2 and Ansible 2.9

 Ansible 2.9 is part of AAP1.2, but it supports things like Ansible Collections. You must have
AAP2 to support things link Ansible Navigator, and other components of the AAP2 platform.

The ansible-builder package can be used to create and develop your own custom execution environments.

3 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

Figure 1. AAP2 Utilities

1.1.2.5. Automation Controller

Automation Controller provides a central web-based UI and REST API which can be used to automate Ansible
jobs. Previous iterations of Ansible leveraged Ansible Tower which was the control node and execution
environment. With the deployment of AAP2, Ansible Tower was re-named to Ansible Automation Controller
and serves as the control node only, as with Ansible Automation Controller, the execution environment can be
separated from the controller node as it now runs in a container.

Figure 2. AAP2 Automation Controller Components, align=

By separating the control node functionality and execution environments, it is much easier to leverage the
system when playbooks could require different python environments or other requirements to run.

Automation Controller

 AAP2 Automation Controllers has the ability to use multiple execution environments on
playbook and project levels as the execution plan is 100% separate from the control plane.

1.1.2.6. Ansible Automation Hub

Ansible Automation Hub allows easy management and distribution of Ansible automation content. Red Hat
maintains supported and certified content collections and Ansible Galaxy maintains the community-based
content. The addition of Automation Hub also provides the ability to host a private automation hub which is
basically a self-hosted version of Ansible Galaxy or Red Hat’s console.redhat.com version of Automation
Hub.

The private automation hub provides a container registry for distribution of custom execution environments as
well as a repository for Ansible Collections and namespaces.

1.1.2.7. Hosted Services

Red Hat provides three (3) hosted Ansible Automation services

Version: 1.1 DO374 - Instructor Demo Guide 4

 Section 1.1. Introducing Red Hat Ansible Automation Platform 2

• Ansible Automation Hub

• Ansible Automation Services Catalog
• Ansible Insights for Red Hat AAP

1.1.3. Red Hat Ansible Automation Platform 2 Architecture

1.1.3.1. Developing Playbooks with Ansible Automation Platform 2

Ansible Execution Engines (EEs) can be built and customized to contain everything needed to execute
playbooks developed by your organization. These playbooks can be leveraged seamlessly between content
navigator and automation controller providing access is available to the EEs being used (which is where
automation hub comes into play).

5 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.2. Running Playbooks with Automation Content Navigator

Section Info Here

1.2.1. Introducing Automation Content Navigator

Ansible Content Navigator (ansible-navigator) is a new tool created for AAP2 designed to make it easier to
write and test playbooks and more importantly leverage Ansible Controller with the playbooks. ansible-
navigator uses and combines the features from the previous ansible commands into a single top-level
command tool and interface.

Ansible Commands Combined in Navigator

• ansible-playbook
• ansible-inventory
• ansible-config
• ansible-doc

Ansible Ad-Hoc Commands

 Ansible ad-hoc commands are not supported with Ansible Navigator and not reccomended
as a best practice. However, ad-hoc commands can still be run by installing the Ansible
package and leveraging the ansible command.

In order to run a playbook using Ansible Navigator, you must use the ansible-navigator run command. It is
possible to use Ansible Navigator to provide the same output as the ansible-playbook command by providing
the argument with the run command and using -m stdout.

Listing 1. ansible-playbook Command

[student@workstation navigator (main)]$ ansible-playbook playbook.yml

... OUTPUT OMITTED ...

PLAY RECAP ***************************************************************************

servera.lab.example.com : ok=3 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Listing 2. ansible-navigator Equivalent to ansible-playbook

[student@workstation navigator (main)]$ ansible-navigator run playbook.yml -m stdout

... OUTPUT OMITTED ...

PLAY RECAP ***************************************************************************

servera.lab.example.com : ok=3 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

Version: 1.1 DO374 - Instructor Demo Guide 6

 Section 1.2. Running Playbooks with Automation Content Navigator

ansible-navigator Use
If the -m stdout is not provided, ansible-navigator runs the playbook in interactive mode.

 This mode allows analyzing plays, tasks, and the runtime in a more detailed fashion.
Typically, you use number for what should be displayed, but if the number is >9 it is
necessary to use : followed by the number. The interactive mode interface can be exited by
hitting the escape key (multiple times, depending on the level being analyzed).

1.2.1.1. Improving Portability with Automation Execution Environments

Execution environments were introduced as part of AAP2. The introduction of EEs meant that Ansible could be
run from a container image that included Ansible Engine runtimes, content collections, software dependencies,
and python components needed to run playbooks and interact with Ansible. EEs allow ansible-navigator and
Ansible Automation Controller to leverage automation execution environments simplifying development,
testing, and deployment of Ansible playbooks in a consistent and predictable fashion. Red Hat provides
several supported EEs from Red Hat’s Ansible Automation Hub.

EEs allow ansible-navigator and Ansible Controller to easily leverage custom execution environments by
specifying an Execution Environment Image (--eei) to be used for running playbooks. By specifying EEIs, it is
no longer necessary to have multiple configurations on control nodes to run Ansible playbooks.

1.2.2. Installing Automation Content Navigator

Ansible Navigator is part of the Ansible Automation Platform 2.0 repository. It can be installed with a yum
command.

Listing 3. Installing ansible-navigator

[student@workstation ~]$ sudo yum install ansible-navigator

1.2.3. Configuring Authentication to Managed Hosts

Even though Ansible Navigator leverages EEs, it must also be able to log in to managed nodes as well as gain
privileged access on managed nodes. Therefore, it is best to implement SSH keys and sudo without a
password.

1.2.3.1. Preparing SSH Key-Based Authentication

SSH access can be prepared by creating users on the systems and setting up SSH key-pairs between the
systems. The SSH key pair is created with ssh-keygen and usually resides in
~/.ssh
directory. The public
key is installed on the remove system in the
~/.ssh/authorized_keys file usually with the ssh-copy-id
command.

SUDO access is generally granted without password access by creating a sudoers file for the user in the
/etc/sudoers.d directory.

Listing 4. Example Sudoers File (/etc/sudoers.d/devops)

# User rules for devops

devops ALL=(ALL) NOPASSWD:ALL ①

7 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

① Allows the devops user SUDO access for all commands without requiring a password.

1.2.3.2. Providing Private Keys to the Automation Execution Environment

There are some tricks to running and leveraging ansible-navigator as the SSH private key must somehow
become available to the EE. When running in a GUI environment, ssh-agent is already running and will add
private keys to the agent. This same behavior doesn’t happen when logged into the systems via SSH.

Using SSH on the Control Node

A major difference with AAP2 is the use of EEs. When ansible-navigator uses an EE, it is
running from a container and doesn’t have access to the user’s SSH keys or settings. In
order to use ansible-navigator on a system where the login is through SSH vs. a graphical
login, it is necessary to use SSH-Agent to manage and store SSH private keys so the
container has them available for use.

Listing 5. Storing SSH Keys and Leveraging SSH-Agent

 [student@workstation ~]$ eval $(ssh-agent) ①

Agent pid 240212

[student@workstation ~]$ ssh-add ~student/.ssh/lab_rsa ②

Identity added: /home/student/.ssh/lab_rsa (/home/student/.ssh/lab_rsa)

① Starting ssh-agent
② Adding Identities to SSH-Agent Keyring

1.2.4. Running Automation Content Navigator

The ansible-nagivator command is used to essentially replace all Ansible Automation engine commands. If
ansible-navigator is run with no arguments or with the welcome argument, it will launch in Interactive Mode.

Table 1. ansible-navigator Command Comparisons

Ansible Engine Commands ansible-navigator AAP2.x Equivalent Subcommand
ansible-config ansible-navigator config

ansible-doc ansible-navigator doc

ansible-inventory ansible-navigator inventory

ansible-playbook ansible-navigator run

Ansible navigator goes beyond the traditional Ansible commands and provides additional functionality.
Navigator and its sub-commands can be run from the command line (cli) or within the interactive content
navigator session.

Table 2. ansible-navigator Sub-Commands

Version: 1.1 DO374 - Instructor Demo Guide 8

 Section 1.2. Running Playbooks with Automation Content Navigator

Subcommand Description
collections Get information about installed collections.

config Examine current Ansible configuration.

doc Examine Ansible documentation for a plug-in.

help Detailed help for ansible-navigator.

images Examine an execution environment.

inventory Explore an inventory.

log Review the current log file.

open Open the current page in a text editor.

replay Replay a playbook artifact.

run Run a playbook.

ansible-nagivator doc Command

 It is important to note that the ansible-nagivator doc doesn’t support the --list or -l option.

When runnign ansible-navigator in Interactive Mode, it is possible to use the subcommands by placing a :
and the subcommand. For example, you can do :run to run a playbook.

1.2.4.1. Ansible Ad-Hoc Commands Using Content Navigator

ansible-nagivator Ad-Hoc Commands (NOT IN BOOK)

 It is important to note that the ansible-nagivator doc doesn’t support the --list or -l option.

The ansible-navigator command can be used to run playbooks leveraging an Execution Environment Image
(EEI) which creates a container known as an Execution Environment (EE). The EEI is already set to use the
ansible-playbook command, however, it is possible to still execute Ansible ad-hoc commands leveraging
ansible-navigator and the configured EE

Listing 6. Sample Ansible Ad-Hoc Command

ansible-navigator exec -- ansible all -u yourremoteuser --ask-pass -m

ansible.builtin.ping

The exec — ansible portion of the command will replace the ansible-playbook command in the container
and instead use the ansible command and everything that comes after it as an ad-hoc command.

Ansible ad-hoc commands can be extremely useful for testing the Ansible configuration, specifically,

9 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

ansible.cfg, ansible-navigator.yml, and inventory. It is also extremely useful for testing things like the
Ansible user, SSH keys, and suoders capabilities.

Understanding Containers and ansible-navigator Relationship

It is also important to remember that ansible-navigator is a command that leverages an
underlying container technology (Podman on Red Hat Systems) and that the EEI is a
container image. Utilities like Podman can assist in understanding how and what is
happening in an EE.
 Listing 7. podman Command showing the default container user

podman run --rm -it utility.lab.example.com/ee-supported-rhel8:latest

whoami

1.2.4.2. Running Playbooks

It is possible to run an Ansible playbook using the ansible-navigator run command both interactively or with
stdout like the ansible-playbook command. If you are in interactive mode, the playbook output can be
examined interactively.

Using a BASH Alias

It is possible to use a BASH Alias for the ansible-navigator run command. I typically us anr
which is short for ansible-navigator run.

anr playbook.yml

 Listing 8. Portion of BASHRC File

... OUTPUT OMITTED ...

# User specific aliases and functions
alias anr="ansible-navigator run"

1.2.4.3. Reviewing Previous Playbook Runs

ansible-navigator provides a replay feature of playbook runs, providing artifacts are enabled, an artifact will
be generated with a PlaybookName-artifact-date.json format. The ansible-navigator replay command can
be used from both the command line and interactive.

Prompting for Passwords

 ansible-navigator can prompt for passwords and input only if artifacts are disabled. It is
possible to control and configure Ansible Navigator with the ansible-navigator.yml file
which is discussed later in the course.

1.2.4.4. Reading Documentation

Documentation can be read using the ansible-navigator doc <module_name>. Unlike the ansible-doc
command, the --list and -l option cannot list items and instead, must specify the plug-in or module name.

Version: 1.1 DO374 - Instructor Demo Guide 10

 Section 1.2. Running Playbooks with Automation Content Navigator

1.2.4.5. Getting Help

The ansible-navigator --help command can be used to view help view STDOUT.

Listing 9. ansible-navigator --help

[student@workstation Github]$ ansible-navigator --help

usage: ansible-navigator [-h] [--version] [--rad ANSIBLE_RUNNER_ARTIFACT_DIR]
[--rac ANSIBLE_RUNNER_ROTATE_ARTIFACTS_COUNT]
[--rt ANSIBLE_RUNNER_TIMEOUT]
[--cdcp COLLECTION_DOC_CACHE_PATH] [--ce CONTAINER_ENGINE]
[--dc DISPLAY_COLOR] [--ecmd EDITOR_COMMAND]
[--econ EDITOR_CONSOLE] [--ee EXECUTION_ENVIRONMENT]
[--eei EXECUTION_ENVIRONMENT_IMAGE]
[--eev EXECUTION_ENVIRONMENT_VOLUME_MOUNTS
[EXECUTION_ENVIRONMENT_VOLUME_MOUNTS ...]]

... OUTPUT OMITTED ...

ansible-navigator --help

 The ansible-navigator --help doesn’t always display all options. It may be necessary to
perform additional options to output the help correctly.

11 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.3. Demo - Ansible Ad-Hoc Commands Using Content

Navigator
The ansible-navigator command can be used to run playbooks leveraging an Execution Environment Image
(EEI) which creates a container known as an Execution Environment (EE). The EEI is already set to use the
ansible-playbook command, however, it is possible to still execute Ansible ad-hoc commands leveraging
ansible-navigator and the configured EE

Listing 10. Sample Ansible Ad-Hoc Command

ansible-navigator exec -- ansible all -u yourremoteuser --ask-pass -m

ansible.builtin.ping

The exec — ansible portion of the command will replace the ansible-playbook command in the container
and instead use the ansible command and everything that comes after it as an ad-hoc command.

It is also important to remember that ansible-navigator is a command that leverages an underlying container
technology (Podman on Red Hat Systems) and that the EEI is a container image. Utilities like Podman can
assist in understanding how and what is happening in an EE.

Listing 11. podman Command showing the default container user

podman run --rm -it utility.lab.example.com/ee-supported-rhel8:latest whoami

Version: 1.1 DO374 - Instructor Demo Guide 12

 Section 1.3. Demo - Ansible Ad-Hoc Commands Using Content Navigator

Example 1. Demo - Ansible ad-hoc Commands using ansible-navigator

Listing 12. Ad-Hoc Using Navigator (Testing Config for SSH w/ Creds)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m

ansible.builtin.ping -k

Listing 13. Ad-Hoc Using Navigator (Testing Config for SSH w/o Creds)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m

ansible.builtin.ping

Listing 14. Ad-Hoc Using Navigator (Testing Config for SSH & Sudoers w/ Creds)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m

ansible.builtin.ping -k -K

Listing 15. Ad-Hoc Using Navigator (Testing Config for Sudoers w/o Creds)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m

ansible.builtin.ping

Listing 16. Determining the User (regular)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m shell -a

"whoami"

Listing 17. Determining the User (privileged - become user)

[student@workstation Ad-Hoc]$ ansible-navigator exec -- ansible all -m shell -a

"whoami" --become

Listing 18. Container Demo using Podman

podman run --rm -it hub.lab.example.com/ee-supported-rhel8:latest whoami

Listing 19. Container Demo using Ansible Navigator

ansible-navigator exec -- whoami

RHLC Post: https://learn.redhat.com/t5/Automation-Management-Ansible/AAP2-and-Ansible-

 Navigator-Execution-Environments/m-p/38452#M1076

13 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.4. Demo - Ansible Content Navigator

Ansible Content Navigator can be used to run playbooks in place of the Ansible command. At this point, the
ansible-navigator.yml file doesn’t exist, so additional command line options will need to exist. Later chapters
introduce how to fully configure navigator for execution environments.

Version: 1.1 DO374 - Instructor Demo Guide 14

 Section 1.4. Demo - Ansible Content Navigator

Example 2. Navigator Demo

1. Switch to Demo Directory

[student@workstation ~]$ cd /home/student/github/do374/Demos/CH1/navigator

2. Install Navigator

[student@workstation navigator]$ sudo yum install ansible-navigator

... OUTPUT OMITTED ...

Installed:
ansible-navigator-1.0.0-2.el8ap.noarch

Complete!

3. Login to hub.lab.example.com to allow downloading of the EE ee-supported-rhel8:2.0 for navigator

[student@workstation navigator]$ podman login -u admin -p redhat

hub.lab.example.com
Login Succeeded!

4. Set an execution environment variable and verify

[student@workstation navigator]$ export EE=ee-supported-rhel8:latest ; echo $EE

ee-supported-rhel8:latest

5. Run the playbook with the ansible-navigator run command

[student@workstation navigator]$ ansible-navigator run playbook.yml -m stdout

--eei $EE ①

... OUTPUT OMITTED ...

servere.lab.example.com : ok=3 changed=0 unreachable=0 failed=0

skipped=0 rescued=0 ignored=0
serverf.lab.example.com : ok=3 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

① The $EE environment variable provides the EE for the ansible-navigator command

15 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

SSH Key Errors from Execution Environment

If you receive this as a message … it is possible you are running ansible using SSH and the SSH
keys haven’t been added. it is necessary to use an eval $(ssh-agent) followed by adding the
key to your keyring.

Listing 20. Error

fatal: [servera.lab.example.com]: UNREACHABLE! => {"changed":

false, "msg": "Failed to connect to the host via ssh: Warning:
Permanently added 'servera.lab.example.com,172.25.250.10'
(ECDSA) to the list of known
hosts.\r\[email protected]: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-

 interactive).", "unreachable": true}

Listing 21. Adding SSH Keys for Ansible Execution Environment

[student@workstation navigator]$ eval $(ssh-agent) ①

Agent pid 234883

[student@workstation navigator]$ ssh-add ~/.ssh/lab_rsa ②

Identity added: /home/student/.ssh/lab_rsa
(/home/student/.ssh/lab_rsa)

① Starting ssh-agent
② Adding key to keyring for SSH-Agent

ansible-playbook Equivalence

 The ansible-navigator run playbook.yml -m stdout will provide the same STDOUT as the
ansible-playbook command. There are some other features about ansible-navigator but
those will be covered in a later chapter and section.

6. Run the ansible-navigator run command interactively (Leave out the -m stdout)

a. Get output of first playbook/play (Hit 0 and Enter to navigate)

b. Get detailed output of Task 13 (Hit : and then hit 13 and enter to navigate)

[student@workstation navigator]$ ansible-navigator run playbook.yml --eei

$EE

Version: 1.1 DO374 - Instructor Demo Guide 16

 Section 1.4. Demo - Ansible Content Navigator

Figure 3. Navigator Interactive Window

Figure 4. Attempting to get Task 13 Information

17 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

Figure 5. Task 13 Information

7. Exit Ansible Navigator by hitting the ESC key multiple times to exit each layer.

[student@workstation navigator]$

Version: 1.1 DO374 - Instructor Demo Guide 18

 Section 1.5. Managing Ansible Project Materials Using Git

1.5. Managing Ansible Project Materials Using Git

Section Info Here

1.5.1. Defining Infrastructure as Code

A key concept to Infrastructure as Code is managing the code effectively in version control. Infrastructure as
Code can be accomplished by pairing Ansible playbooks with Git as a version control system.

1.5.2. Introducing Git

Git is a distributed version control system to allow collaborative project management. Git allows the following:

• Reviewing and restoring prior file versions

• Comparison of files to see a diff of changes
• A log of changes and who made them
• Multiple user access to edit files and resolve any conflicts

Git Tree States

• Modified: Copy of file in working tree has been edited and different from version in repository.
• Staged: Modified file has been added to list of changed files to commit but not yet committed.
• Committed: Modified file has been committed to local repository.

1.5.3. Describing Initial Git Configuration

There is a git-prompt.sh file that can be used to create a customized bash prompt by adding the information
to the .bashrc file. The git-prompt-sh file is packed with git.

The git config command controls all settings and user settings will be saved in ~/.gitconfig file. The settings
in the .gitconfig file are global and are set using the --global directive paired with the git config command.

Listing 22. Configure the Credential Helper

[student@workstation ~]$ git config --global credential.helper cache

Listing 23. Configure the User Name

[student@workstation ~]$ git config --global user.name 'Travis Michette'

Listing 24. Configuring the E-mail

[student@workstation ~]$ git config --global user.email '[email protected]'

19 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

Listing 25. Verify the ~/.gitconfig file contents.

[student@workstation ~]$ cat ~/.gitconfig

[credential]
helper = cache
[user]
name = Travis Michette
email = [email protected]

Listing 26. BASHRC File

# .bashrc

# Source global definitions

if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

source /usr/share/git-core/contrib/completion/git-prompt.sh
export GIT_PS1_SHOWDIRTYSTATE=true
export GIT_PS1_SHOWUNTRACKEDFILES=true
export PS1='[\u@\h \W$(declare -F __git_ps1 &>/dev/null && __git_ps1 " (%s)")]\$ '

# User specific environment

PATH="$HOME/.local/bin:$HOME/bin:$PATH"
export PATH

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

Listing 27. Example Bash Prompt with Git Script

[student@workstation ~]$ cd git-repos/my_webservers_DEV/

[student@workstation my_webservers_DEV (master)]$ ls
apache-setup.yml templates

git-prompt.sh Key
• (branch *) - means that you have modified a tracked file.


• (branch +) - means that you have modified and staged with git add a tracked file.
• (branch %) - means that you have untracked files in your tree.
• Combinations of markers are possible, such as (branch *+) meaning there are multiple
files to be tracked, staged, etc.

Version: 1.1 DO374 - Instructor Demo Guide 20

 Section 1.5. Managing Ansible Project Materials Using Git

GIT repositories can be created from scratch and initialized or they can be cloned. The following diagram
shows some of the ways of interacting with and creating a GIT repo.

Figure 6. GIT Repository and Commands

GIT Commands

• git init: Creates a new project and private repository

• git clone: Clones an existing upstream repo to the local server
• git add: Stages changed files and prepares them to be committed to a repository
• git rm: Removes file from working directory and stages removal from repo on next commit
• git reset: Removes a file from staging area but doesn’t have any effect on file contents in the working tree.
• git commit: Commits staged file to the local repository.
• git push: Upload changes from local repo to the remote repository.
• git pull: Fetches/pulls content from remote repository to the local repo.
• git revert commit-hash: Create a new commit, undoing the changes in the commit referenced. You can
use the commit hash that identifies the commit, although there are other ways to reference a commit.
• git init: Create a new project.
• git log: Display the commit log messages.
• git show commit-hash: Shows what was in the change set for a particular commit hash.

Figure 7. GIT Repository and Commands

21 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

Figure 8. GIT Repository and Commands

The git commit -a file can stage and commit modified files in one step (meaning that it does
 the git add), however, it doesn’t stage any new untracked files. A git add command must be
used to stage new files for the first time.

1.5.4. Starting the Git Workflow

Git workflows are started with the git clone command to initially pull down a repository. After that, git pull is
generaly used to synchronize the latest material.

Checking Git Source and Branch

It is possible to see the remote source that a repository is connected to by using the git
remote show origin command.

git remote show origin

1.5.4.1. Examining the Git Log

The git log command can display commit log messages as well as hashes for each commit.

1.5.5. Working with Branches and References

1.5.5.1. Creating Branches

1.5.5.2. Merging Branches

1.5.5.3. Creating Branches from Old Commits

1.5.5.4. Pushing Branches to Remote Repositories

1.5.6. Structuring Ansible Projects in Git

1.5.6.1. Roles and Ansible Content Collections

Roles and collections can be difficult to plan and manage. There are advantages to possibly keeping a static

Version: 1.1 DO374 - Instructor Demo Guide 22

 Section 1.5. Managing Ansible Project Materials Using Git

role or collection as part of the Ansible project, but general best-practice is to utilize the most current version of
a role or content collection.

Role and Collection Installation

Typically roles and collections should not be static and installed via a requirements file. For
this reason, a .gitignore file should be added to only track a requirements.yml file in the
 roles and collections sub-directories. This ensures that when the project is run that
someone will be using the latest version of roles and collections. the Ansible Automation
Controller will automatically update the project with roles and collections based on the
requirements.yml file.

1.5.6.2. Configuring Git to Ignore Files

Working with AAP 2.x (especially when using ansible-navigator) it is important to think about development,
testing, and management of the project. In addition to collections and roles, it is necessary to think about all the
artifacts that could be generated by the ansible-navigator command as well as any logs. Therefore, in the
main portion of the project, there should also be a .gitignore that will ignore assets/artifacts created by the
ansible-navigator command.

Listing 28. Sample .gitignore

roles/**
!roles/requirements.yml
collections/**
!collections/requirements.yml
ansible-navigator.log
*-artifact-*
.ssh ①

① The .ssh directory can be created to have the SSH config file and SSH Keys and identities. If this is
located in the project directory, then ansible-navigator can provide this information to the Ansible
Execution Environment (EE) and it eliminates the need to use ssh-agent.

23 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.6. Demo - Using Git

Ansible playbooks can be leveraged for Infrastructure-as-Code (IaC). In order to do this, playbooks and other
assets should exist in version control. One way to accomplish this is by using Github or Gitlab. The course has
been setup to use Gitlab, but this demo, we will see how to use Github and personal access tokens.

Version: 1.1 DO374 - Instructor Demo Guide 24

 Section 1.6. Demo - Using Git

Example 3. Git Demo

1. Update the BASHRC file to use the git-prompt.sh Assets

Listing 29. .bashrc File

[student@workstation ~]$ vim .bashrc

# .bashrc

# Source global definitions

if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

## Lines added for Git Management

source /usr/share/git-core/contrib/completion/git-prompt.sh
export GIT_PS1_SHOWDIRTYSTATE=true
export GIT_PS1_SHOWUNTRACKEDFILES=true
export PS1='[\u@\h \W$(declare -F __git_ps1 &>/dev/null && __git_ps1 "
(%s)")]\$ '

# User specific environment

PATH="$HOME/.local/bin:$HOME/bin:$PATH"
export PATH

# Uncomment the following line if you don't like systemctl's auto-paging

feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

2. Apply changes for BASHRC

[student@workstation ~]$ source .bashrc

3. Configure system for PAT (Personal Access Tokens)

[student@workstation ~]$ git config --global credential.helper cache

4. Verify credential helper and other configurations

25 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

[student@workstation ~]$ git config --global -l

user.name=Git Lab
[email protected]
push.default=simple

5. Create Github Directory and Switch to it

[student@workstation ~]$ mkdir Github ; cd Github

6. Clone DO374 Repository

[student@workstation Github]$ git clone https://github.com/tmichett/do374.git

Cloning into 'do374'...
remote: Enumerating objects: 56, done.
remote: Counting objects: 100% (56/56), done.
remote: Compressing objects: 100% (38/38), done.
remote: Total 56 (delta 11), reused 51 (delta 9), pack-reused 0
Unpacking objects: 100% (56/56), 556.15 KiB | 2.93 MiB/s, done

7. Change to do374 Directory

[student@workstation Github]$ cd do374/

[student@workstation do374 (main)]$ ①

① Notice it shows main branch

8. Create a dummy file and observe prompt change

[student@workstation do374 (main)]$ echo "I'm a dummy file" > test.txt

[student@workstation do374 (main %)]$ ①

① Prompt changed to % indicating new "untracked" files

9. Add and Commit File

Listing 30. Adding File for Tracking

[student@workstation do374 (main %)]$ git add .

[student@workstation do374 (main +)]$ ①

① Prompt changed to + indicating new files being tracked, but not committed

Version: 1.1 DO374 - Instructor Demo Guide 26

 Section 1.6. Demo - Using Git

Listing 31. Commiting File Locally

[student@workstation do374 (main +)]$ git commit -m "Testing"

[main 9697a39] Testing
1 file changed, 1 insertion(+)
create mode 100644 test.txt
[student@workstation do374 (main)]$ ①

① Normal Prompt

10. Get status of repository

[student@workstation do374 (main)]$ git status

On branch main
Your branch is ahead of 'origin/main' by 1 commit.
(use "git push" to publish your local commits)

nothing to commit, working tree clean

11. Push to remote repository

[student@workstation do374 (main)]$ git push

Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 285 bytes | 285.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To https://github.com/tmichett/do374.git
2b7cf28..9697a39 main -> main

27 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

First time pushing saves credentials

Listing 32. SSH/CLI Version - Warning doesn’t appear if using X11/Wayland and Gnome in
Graphical Environment

[student@workstation CH1]$ git push

(gnome-ssh-askpass:236143): Gtk-WARNING **: 11:50:21.480: cannot

open display:

 error: unable to read askpass response from

'/usr/libexec/openssh/gnome-ssh-askpass'
Username for 'https://github.com': tmichett

(gnome-ssh-askpass:236144): Gtk-WARNING **: 11:50:23.638: cannot

open display:
error: unable to read askpass response from
'/usr/libexec/openssh/gnome-ssh-askpass'
Password for 'https://[email protected]':

1.7. Demo -Github Tools (gh)

There is a Github CLI tool known as gh that can be installed. It is available from https://cli.github.com/
packages/rpm and it can be installed via a playbook.

Version: 1.1 DO374 - Instructor Demo Guide 28

 Section 1.7. Demo -Github Tools (gh)

Example 4. DEMO - Using Github Tools

1. Change to the

cd /home/student/Github/do374/Demos/CH1/git

2. Create the Github Credentials File and Update the Credentials

cp vars/git_creds.yml_demo vars/git_creds.yml

3. Run the Playbook

ansible-playbook Git_Tools_Setup.yml -K

Listing 33. Playbook Snippet

- name: Add repository for Github Tools

ansible.builtin.yum_repository:
name: GithubTools
description: Github Tools with Github CLI
baseurl: https://cli.github.com/packages/rpm
gpgkey:
https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xc99b11deb97541f0
become: true

- name: Install Github CLI

yum:
name: gh
disable_gpg_check: true
become: true

Listing 34. Logging into Github

gh auth login

29 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

Listing 35. Listing Github Issues

✔ ~/Github/do374/Demos/CH1/git [main|✔]
22:54 $ gh issue list

Showing 12 of 12 open issues in tmichett/do374

ID TITLE LABELS UPDATED

#16 CH6 Demo for Callback Plugins about 7 months
ago
#15 CH6 Demos of Tags about 1 day ago
#14 CH3 - Demo to setup and crea... about 6 hours
ago
#12 Chapter 1 - Github Tools bug, enhancement, IMPORTANT about 6 hours
ago
#11 Link to Update for Reference... IMPORTANT about 6 hours
ago
#8 CGEXEC Demo about 10 months
ago
#7 Demo on Filters and Data enhancement about 6 hours
ago
#6 Create Custom Execution Envi... about 10 months
ago
#5 Create Custom Collections about 10 months
ago
#4 Chapter 9 - Demo Custom Exec... about 10 months
ago
#2 Update EEI Image in Document... about 10 months
ago
#1 AAP 2.2 Demo Changes about 10 months
ago
✔ ~/Github/do374/Demos/CH1/git [main ↓·1|✔]
22:54 $

Version: 1.1 DO374 - Instructor Demo Guide 30

 Section 1.8. Implementing Recommended Ansible Practices

1.8. Implementing Recommended Ansible Practices

1.8.1. The Effectiveness of Ansible
Best Practices

• Keep Things Simple

• Stay Organized
• Test Often

1.8.2. Keeping Things Simple

1.8.2.1. Keeping Your Playbooks Readable

Use YAML formatting in the default style/syntax and not the folded form to enable better readability.
Additionally, use Jinja2 filters and templates to process data in variables.

It is also good practice to make use of vertical white space allowing better readability for the end user.

1.8.2.2. Use Existing Modules

When writing playbooks, start with a basic playbook and use a static inventory file. Use debug modules as
stubs to assist in designing playbooks and verifying output.

Even though modules have a default state, it is best practices to specifically define the state within the module.
This makes the playbook easier to read and protects against changes that might occur to the module in the
future.

AAP2.x Modules
With the shift in Ansible Automation Platform, many of the modules that used to be built-in to

 Ansible have shifted and now live in collections. It is important to understand and know that
these modules do still exist, but now they are part of a collection. Avoid, when possible, the
use of the command, shell, and raw arguments as these aren’t Idempotent modules and
should only be used when a module isn’t available.

1.8.2.3. Adhering to a Standard Style

YAML is a formatted style of writing, therefore, white spaces for indention are very important. It is a good idea
to decide how many spaces are used to indent (most people choose 2 spaces) which deals with horizontal
alignment and white spaces. It should also be determined how vertical white space will be managed for
readability of the playbooks and tasks.

In addition to using space effectively, naming conventions of variables and labeling of plays/tasks should be
considered in addition to how/where to leave comments within the playbook.

1.8.3. Staying Organized

31 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.8.3.1. Following Conventions for Naming Variables

Variable naming conventions should be decided and followed throughout playbook creation.

Naming Conventions

• Descriptive and meaningful names

• Clarify contents of the variable
• Should be prefixed with the name of the role or group that the variable belongs to as this will reduce
chances of having duplicate variable names.

1.8.3.2. Standardizing the Project Structure

Use a consistent structure, especially if planning on submitting roles to Ansible Galaxy and Github.

Listing 36. Ansible Directory Structure

├── collections/
│ └── requirements.yml
│ └── example_collection/
├── dbservers.yml
├── inventories/
│ ├── prod/
│ │ ├── group_vars/
│ │ ├── host_vars/
│ │ └── inventory/
│ └── stage/
│ ├── group_vars/
│ ├── host_vars/
│ └── inventory/
├── roles/
│ └── std_server/
├── site.yml
├── storage.yml
└── webservers.yml

The example structure above shows that there are two inventory files and variables which allow separation of
variables based on the specific inventory files. The shared playbooks are at the root level of the directory,
where the roles being used are under the roles directory.

The benefit of this structure allows large playbooks to be split into smaller files making playbooks more
readable and understandable.

1.8.3.3. Using Dynamic Inventories

Dynamic inventories should be used when possible, especially when systems are VMs existing in a
virtualization or cloud environment. Dynamic inventories allow for central management of hosts and groups
from a single location ensuring that inventory is automatically updated.

Version: 1.1 DO374 - Instructor Demo Guide 32

 Section 1.8. Implementing Recommended Ansible Practices

1.8.3.4. Taking Advantage of Groups

Consider dividing hosts into groups. Some examples include:

• Geographic location: Where systems are located (regions, countries, data centers)
• Environment: Stage of SDLC (dev, test, qa, prod)
• Sites/Services: Grouping of hosts in similar subset of functions (webserver, database server, proxy, etc.)

Hosts inherit variables from all groups they are members. If the same variable exists with
 different settings across the groups in which a host is a member, the last variable loaded is
the one that will be used.

1.8.3.5. Using Roles and Ansible Content Collections for Reusable Content

Roles keep playbooks simple. The ansible-galaxy command can initialize the role’s directory hierarchy and
make provide the initial template files that need to be used. The ansible-galaxy command can also be used to
get roles from separate Git repositories not stored on Ansible Galaxy. Ansible Galaxy is also used to manage
Ansible content collections. In the case of both roles and collections a requirements.yml file can be created to
specify the installation source of the role of collection.

Directory Structure for Roles and Collections

It is recommended to install both roles and collections in a sub-directory of the project called

 roles and collections respectively. It is also necessary to configure the ansible.cfg file to
have the collections path so it searches the ./collections path. It is also recommended to
use a requirements.yml file to install both roles and collections using the ansible-galaxy
command.

1.8.3.6. Running Playbooks Centrally

Ansible playbooks should be run from a designated control node. Each system administrator should have their
own usernames/passwords and SSH keys to access the environment and managed in the authorized_keys
file. Ansible Controller greatly assists in management of users and credentials.

1.8.3.7. Building Automation Execution Environments

Custom Ansible execution environments should be created with collections and all Python dependencies if
these collections and Python requirements will be frequently used. The custom EE can then easily be used by
developers and administrators alike leveraging Ansible Content Navigator or Ansible Controller.

1.8.4. Testing Often

Playbooks should be tested often and frequently to avoid massive troubleshooting at the end of the
development cycle.

1.8.4.1. Testing the Results of Tasks

The results of the tasks should always be tested rather than relying on return codes from a specific Ansible
module.

33 DO374 - Instructor Demo Guide Version: 1.1

Chapter 1. Developing Playbooks with Ansible Automation Platform 2

1.8.4.2. Using Block/Rescue to Recover or Rollback

The block directive can be used for grouping tasks and used in conjunction with rescue in order to recover from
errors or failures.

- block:
- name: Check web site from web server
uri:
url: http://{{ ansible_fqdn }}
return_content: yes
register: example_webpage
failed_when: example_webpage.status != 200
rescue:
- name: Restart web server
service:
name: httpd
status: restarted

1.8.4.3. Developing Playbooks with the Latest Ansible Version

Playbooks should be tested with the latest version of Ansible routinely to avoid issues as Ansible modules and
features evolve. In particular, watch for warnings or deprecation messages when playbooks are run.
Deprecated features generally remain for four (4) minor releases of Ansible before they are completely
removed or changed.

Plabook Porting Guide

 https://docs.ansible.com/ansible/latest/porting_guides/porting_guides.html

1.8.4.4. Using Test Tools

Ansible has various test tools to check playbooks.

• ansible-playbook --syntax-check: Performs basic syntax checking of playbook without actually running
the playbook.
• ansible-playbook --check: Allows the playbook to be run against managed hosts without changing things.
It should be noted this test may fail if tasks require a physical change within the play to move on.

There are a few other Ansible tools out there to assist with Ansible playbook development
that are available upstream but not included in RHEL 8.
 • ansible-lint: Parses playbook and looks for issues within the playbook.
• yamllint : Parses YAML file and attempts to identify syntax errors (not Ansible specific)

Version: 1.1 DO374 - Instructor Demo Guide 34

 Section 2.1. Reusing Content from Ansible Content Collections

2. Managing Content Collections and Execution

Environments
2.1. Reusing Content from Ansible Content Collections
2.1.1. Defining Ansible Content Collections
Most Ansible modules have been pulled from the Ansible core project and are now distributed as part of
*Ansible Content Collections. Ansible collections provide roles, plugins, and other items in addition to the
actual Ansible modules. The use of Ansible collections allows completely separate development of Ansible
code updates allowing maintaining of collections and collection modules to be quicker and more agile for
deployment.

Playbooks Developed with AAP ⇐ v1.2

Ansible version 2.9 was the last version to have all modules included. Playbooks relying on
built-in modules will need to be updated to use installed collections or will need to utilize the
Ansible Execution Environment based on Ansible version 2.9 where modules were still
included.

One of the biggest areas of concern is with the Ansible.Posix collection as this collection
now contains FirewallD and other modules that are commonly utilized to maintain RHEL

 Systems.

Module Mapping: https://github.com/ansible/ansible/blob/devel/lib/ansible/config/

ansible_builtin_runtime.yml

Listing 37. FirewallD Mapping

firewalld:
redirect: ansible.posix.firewalld

2.1.1.1. Organizing Ansible Content Collections in Namespaces

Ansible Content Collections are organized into namespaces. The namespace must be unique and is generally
assigned to a vendor or individual. Namespaces are the first part of a Fully-Qualified Collection Name (FQCN).
Collections maintained by the Ansible community are located on Ansible Galaxy under the community
namespace.

The Ansible posix Collection

The ansible.posix collection which contains the FirewallD and other modules have two
different available collections. There is one available on Ansible Galaxy which is the
community collection and the other collection is the supported Red Hat Ansible Posix
 Collection available from Ansible Automation Hub.

• ansible.posix on Ansible Galaxy: https://galaxy.ansible.com/ansible/posix

• ansible.posix on Red Hat Ansible Automation Platform: https://console.redhat.com/
ansible/automation-hub/repo/published/ansible/posix

35 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

2.1.2. Using Ansible Content Collections

Ansible execution environments provided by Red Hat already include some content collections. As a reminder,
the Ansible EE for version 2.9 will be fully compatible for older existing playbooks without needing to worry
about or supporting collections. It is also possible to create custom collections which will be discovered later in
this course.

2.1.2.1. Accessing Ansible Content Collection Documentation

The ansible-navigator collections command can list collections available in Ansible EEs. It is possible to list
modules within collections by selecting the collection you want to see by hitting :XX where XX is the number of
the collection you wish to reference. From there it is possible to get further information on modules within the
collections.

In order to retrieve documentation from ansible-navigator, it is necessary to use the ansible-navigator doc
command with the collection name and appending --mode stdout in order for it to display on the command
line.

[student@workstation ~]$ ansible-navigator doc ansible.windows.win_copy --mode stdout

... OUTPUT OMITTED ...

EXAMPLES: ①

- name: Copy a single file

ansible.windows.win_copy:
src: /srv/myfiles/foo.conf
dest: C:\Temp\renamed-foo.conf

- name: Copy a single file, but keep a backup

ansible.windows.win_copy:
src: /srv/myfiles/foo.conf
dest: C:\Temp\renamed-foo.conf
backup: yes

- name: Copy a single file keeping the filename

ansible.windows.win_copy:
src: /src/myfiles/foo.conf
dest: C:\Temp\

① Examples section of ansible.windows.win_copy Module Documentaiton

2.1.2.2. Using Ansible Content Collections in Playbooks

In order to properly use collections in playbooks a Fully Qualified Collection Name (FQCN) should be used. An
example of a FQCN would be ansible.posix.firewalld. It is common for many people to ignore the FQCN
when it is an Ansible built-in collection, but to be sure on which collection and module is used, it is considered
best practices to use FQCN for all Ansible tasks like using ansible.builtin.yum instead of just yum.

Version: 1.1 DO374 - Instructor Demo Guide 36

 Section 2.1. Reusing Content from Ansible Content Collections

2.1.2.3. Finding Ansible Content Collections

Module and Collection Mapping

It is often fine to use short module names as there is a built in mapping for modules to the
FQCN. However, as the modules and collections grow, it is possible that the automated
 mapping will result in unexpected and unintended matches.

The mapping of modules to FQCNs can be found: https://github.com/ansible/ansible/blob/

devel/lib/ansible/config/ansible_builtin_runtime.yml

2.1.2.4. Using the Built-in Ansible Content Collection

Ansible includes a small subset of built-in modules. It is often accepted to use these modules using the short
name, but Red Hat reccomends using the FQCN even for the ansible.builtin.<module> modules.

37 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

2.2. Demo - Using Ansible Content Collections

Ansible Content Navigator can be used to list collection modules and retrieve documentation on the Ansible
modules used in those collections.

Version: 1.1 DO374 - Instructor Demo Guide 38

 Section 2.2. Demo - Using Ansible Content Collections

Example 5. Navigator Demo for Collections

1. Ensure that you have the supported container downloaded.

[student@workstation ~]$ podman login hub.lab.example.com

It may be necessary to download the RHEL 8 AAP2.2 supported EE from

hub.lab.example.com. It might also be necessary to login to registry.redhat.io to access
containers.

[student@workstation ~]$ podman pull ee-supported-rhel8:latest

Resolving "ee-supported-rhel8" using unqualified-search
registries (/etc/containers/registries.conf)
Trying to pull hub.lab.example.com/ee-supported-rhel8:latest...
Getting image source signatures
Copying blob d322672cc56a skipped: already exists
Copying blob 00fe5380b165 skipped: already exists
Copying blob 80be453030cf skipped: already exists

 Copying blob 69ebc448681d

[--------------------------------------] 0.0b / 0.0b
Copying blob 5c4402ce71c4
[--------------------------------------] 0.0b / 0.0b
Copying config 00aa4b51e9 done
Writing manifest to image destination
Storing signatures
00aa4b51e90f57d6fe20d7b1a6d36b9122b3dce0b6124aea58b931fda4fdab23

One of the containers that is used for this course registry.redhat.io/ansible-automation-

platform-20-early-access/ee-supported-rhel8:2.0.0 requires downloading from Red
Hat’s container catalog. This should be done automatically, but it is possible the container is
missed in the scripts.q

2. Examine the collections installed in the EE environment

39 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

[student@workstation ~]$ ansible-navigator collections

NAME VERSION SHADOWED TYPE PATH

0│amazon.aws 1.5.0 False contained
/usr/share/ansible/collections/an▒
1│ansible.controller 4.0.0 False contained
/usr/share/ansible/collections/an▒
2│ansible.netcommon 2.2.0 False contained
/usr/share/ansible/collections/an▒
3│ansible.network 1.0.1 False contained
/usr/share/ansible/collections/an▒
4│ansible.posix 1.2.0 False contained
/usr/share/ansible/collections/an▒

... OUTPUT OMITTED ...

^f/PgUp page up ^b/PgDn page down ↑↓ scroll esc back [0-9] goto :help
help

3. Examine the ansible.posix collection, by typing 4

ANSIBLE.POSIX TYPE ADDED DEPRECATED DESCRIPTION

0│acl module 1.0.0 False Set and retrieve file ACL
information.▒
1│at module 1.0.0 False Schedule the execution of a command
or▒
2│authorized_key module 1.0.0 False Adds or removes an SSH authorized
key ▒
3│cgroup_perf_recap callback None False Profiles system activity of tasks
and ▒
4│csh shell None False C shell (/bin/csh)
▒
5│debug callback None False formatted stdout/stderr display
▒
6│firewalld module None False Manage arbitrary ports/services with
f▒

... OUTPUT OMITTED ...

^f/PgUp page up ^b/PgDn page down ↑↓ scroll esc back [0-9] goto :help
help

4. Examine the firewalld module, by typing 6

Version: 1.1 DO374 - Instructor Demo Guide 40

 Section 2.2. Demo - Using Ansible Content Collections

ANSIBLE.POSIX.FIREWALLD: Manage arbitrary ports/services with firewalld

0│---
▒
1│additional_information: {}
▒
2│collection_info:
3│ authors:
4│ - Ansible (github.com/ansible)
5│ dependencies: {}
6│ description: Ansible Collection targeting POSIX and POSIX-ish platforms.
7│ documentation: https://github.com/ansible-
collections/ansible.posix/tree/main/do
8│ homepage: https://github.com/ansible-collections/ansible.posix
9│ issues: https://github.com/ansible-collections/ansible.posix
10│ license: []
11│ license_file: COPYING
12│ name: ansible.posix ①
13│ namespace: ansible
14│ path: /usr/share/ansible/collections/ansible_collections/ansible/posix/
②
15│ readme: README.md
16│ repository: https://github.com/ansible-collections/ansible.posix ③

... OUTPUT OMITTED ...

24│doc: ④
25│ author:
26│ - Adam Miller (@maxamillion)
27│ description:
28│ - This module allows for addition or deletion of services and ports
(either TCP
29│ or UDP) in either running or permanent firewalld rules.
30│ module: firewalld

... OUTPUT OMITTED ...

47│ options:
48│ icmp_block:
49│ description:
50│ - The ICMP block you would like to add/remove to/from a zone in
firewalld.
51│ type: str
52│ icmp_block_inversion:
53│ description:
54│ - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
55│ type: str
56│ immediate:

41 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

① Name of the collection containing the module

② Location where collection is installed
③ Repository location for the collection source
④ Module documentation

5. Exit ansible-navigator by pressing the ESC key several times to get back to the command prompt.

6. Look at documentation for the firewalld module using ansible-navigator

[student@workstation ~]$ ansible-navigator doc ansible.posix.firewalld --mode

stdout ①

... OUTPUT OMITTED ...

EXAMPLES: ②

- name: permit traffic in default zone for https service

ansible.posix.firewalld:
service: https
permanent: yes
state: enabled

- name: do not permit traffic in default zone on port 8081/tcp

ansible.posix.firewalld:
port: 8081/tcp
permanent: yes
state: disabled

① Instructs ansible-navigator to display the documentation on the command line

② Examples section of ansible.posix.firewalld module documentation

Version: 1.1 DO374 - Instructor Demo Guide 42

 Section 2.2. Demo - Using Ansible Content Collections

Example 6. Navigator Demo - Using Navigator to Run Existing Playbooks

1. Examine the playbooks Website_Future.yml and Website_Past.yml

[student@workstation Resuing_Content]$ cat Website_Future.yml

---
- name: Playbook to Fully Setup and Configure a Webserver ①
hosts: serverb
become: true
tasks:
- name: Install Packages for Webserver
ansible.builtin.yum: ②
name:
- httpd
- firewalld
state: latest

- name: Create Content for Webserver

ansible.builtin.copy:
content: "I'm an awesome webserver of the future!!\n"
dest: /var/www/html/index.html

- name: Firewall is Enabled

ansible.builtin.systemd:
name: firewalld
state: started
enabled: true

- name: HTTP Service is Open on Firewall

ansible.posix.firewalld: ③
service: http
state: enabled
permanent: true
immediate: yes

- name: httpd is started

ansible.builtin.systemd:
name: httpd
state: started
enabled: true

① Playbook to setup and configure webserver using Ansible Automation Platform 2.x with Collections
② The ansible.builtin collection used by FQCN
③ The ansible.posix collection used by FQCN to get the firewalld Module

43 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

[student@workstation Resuing_Content]$ cat Website_Past.yml

---
- name: Playbook to Fully Setup and Configure a Webserver ①
hosts: servera
tasks:
- name: Install Packages for Webserver
yum: ②
name:
- httpd
- firewalld
state: latest

- name: Create Content for Webserver

copy:
content: "I'm an awesome webserver of the past!!!"
dest: /var/www/html/index.html

- name: Firewall is Enabled

service:
name: firewalld
state: started
enabled: true

- name: HTTP Service is Open on Firewall

firewalld:
service: http
state: enabled
permanent: true
immediate: yes

- name: httpd is started

systemd:
name: httpd
state: started
enabled: true

① Playbook written using Ansible Automation Platform ⇐ AAP 1.2 or Ansible ⇐ 2.9
② Using standard Ansible modules and not leveraging collections

2. Obtain the EE 2.9 environment for the Website_Past.yml playbook

[student@workstation Resuing_Content]$ podman pull registry.redhat.io/ansible-

automation-platform-20-early-access/ee-29-rhel8:2.0

3. Run the playbook Website_Past.yml using the EE 2.9 image that was downloaded.

Version: 1.1 DO374 - Instructor Demo Guide 44

 Section 2.2. Demo - Using Ansible Content Collections

[student@workstation Resuing_Content]$ eval $(ssh-agent) ①

Agent pid 361217

[student@workstation Resuing_Content]$ ssh-add ~/.ssh/lab_rsa ②

Identity added: /home/student/.ssh/lab_rsa (/home/student/.ssh/lab_rsa)

[student@workstation Resuing_Content]$ ansible-navigator run Website_Past.yml

--eei ee-29-rhel8:2.0 --mode stdout ③

PLAY [Playbook to Fully Setup and Configure a Webserver] *

TASK [Gathering Facts] *

ok: [servera]

TASK [Install Packages for Webserver]

changed: [servera]

TASK [Create Content for Webserver]

changed: [servera]

TASK [Firewall is Enabled]

ok: [servera]

TASK [HTTP Service is Open on Firewall] *

changed: [servera]

TASK [httpd is started]

changed: [servera]

PLAY RECAP *
servera : ok=6 changed=4 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

① Ensuring that the SSH Agent Service is running so keys can be added to the keyring for containers
② Loading the SSH Key to the Keyring for ansible-navigator
③ Running the EE 2.9 image with output to the screen to run the playbook.

45 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

RHEL 8.2 Supported Container

It is important to note that it is fully possible to run the playbook using the AAP 2.0 supported
container for RHEL 8.

[student@workstation Resuing_Content]$ ansible-navigator run

Website_Past.yml --mode stdout

It is using the ee-supported-rhel8:2.0 EE as defined by the ansible-navigator.yml file.

execution-environment:
image: ee-supported-rhel8:2.0

4. Test that ServerA Website is up

[student@workstation Resuing_Content]$ curl servera

I'm an awesome webserver of the past!!!

5. Use the RHEL 8 Supported AAP2 EE to run the Website_Future.yml Playbook.

Version: 1.1 DO374 - Instructor Demo Guide 46

 Section 2.2. Demo - Using Ansible Content Collections

[student@workstation Resuing_Content]$ ansible-navigator run Website_Future.yml

--mode stdout

PLAY [Playbook to Fully Setup and Configure a Webserver] *

TASK [Gathering Facts] *

ok: [serverb]

TASK [Install Packages for Webserver]

changed: [serverb]

TASK [Create Content for Webserver]

changed: [serverb]

TASK [Firewall is Enabled]

ok: [serverb]

TASK [HTTP Service is Open on Firewall] *

changed: [serverb]

TASK [httpd is started]

changed: [serverb]

PLAY RECAP *
serverb : ok=6 changed=4 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

6. Check serverb to see if Webserver is working

[student@workstation Resuing_Content]$ curl serverb

I'm an awesome webserver of the future!!

47 DO374 - Instructor Demo Guide Version: 1.1

Chapter 2. Managing Content Collections and Execution Environments

2.3. Finding and Installing Ansible Content Collections

Section Info Here

2.3.1. Sources for Ansible Content Collections

2.3.1.1. Finding Collections on Ansible Automation Hub

2.3.2. Installing Ansible Content Collections

2.3.2.1. Installing Collections from the Command Line

2.3.2.2. Installing Collections with a Requirements File

2.3.2.3. Listing Installed Collections

2.3.3. Configuring Collection Sources

2.3.3.1. Installing Collections from Ansible Automation Hub

2.3.3.2. Installing Collections from Private Automation Hub

Version: 1.1 DO374 - Instructor Demo Guide 48

 Section 2.4. Selecting an Execution Environment

2.4. Selecting an Execution Environment

Section Info Here

2.4.1. Describing Automation Execution Environments

2.4.2. Selecting a Supported Automation Execution Environment

2.4.3. Inspecting Automation Execution Environments

2.4.4. Using Automation Execution Environments with Ansible Content Navigator

49 DO374 - Instructor Demo Guide Version: 1.1

Chapter 3. Running Playbooks with Automation Controller

3. Running Playbooks with Automation Controller

3.1. Explaining the Automation Controller Architecture
Section Info Here

3.1.1. Introduction to Automation Controller

3.1.2. Describing the Architecture of Automation Controller

3.1.3. Automation Controller Features

Version: 1.1 DO374 - Instructor Demo Guide 50

 Section 3.2. Demo - Setting Up Automation Controller

3.2. Demo - Setting Up Automation Controller

Setup organization and explain parts of the Ansible Automation Controller WebUI.

Example 7. DEMO - Initial Automation Controller Setup

1. Install Collections and Run Playbook to setup controller

Listing 38. Change Directories

cd Github/do374/Demos/CH3/Controller/

Listing 39. Install Collections

./Demo_Prep.sh

Listing 40. Run Playbook to Setup Controller

ansible-navigator run Site.yml

2. Demonstrate the WebUI Components and Explain

51 DO374 - Instructor Demo Guide Version: 1.1

Chapter 3. Running Playbooks with Automation Controller

3.3. Running Playbooks in Automation Controller

Section Info Here

3.3.1. Exploring Resources in Automation Controller

3.3.2. Creating Credential Resources

3.3.2.1. Listing Credentials

3.3.2.2. Creating a Machine Credential

3.3.2.3. Creating a Source Control Credential

3.3.3. Creating Project Resources

3.3.4. Creating Inventory Resources

3.3.4.1. Manually Creating Groups and Hosts

3.3.4.2. Populating Groups and Hosts Using a Project Inventory File

3.3.5. Creating Job Template Resources

3.3.6. Launching and Reviewing Jobs

Version: 1.1 DO374 - Instructor Demo Guide 52

 Section 3.4. Demo - Running a Playbook from Automation Controller

3.4. Demo - Running a Playbook from Automation Controller

Section Info Here

53 DO374 - Instructor Demo Guide Version: 1.1

Chapter 4. Working with Ansible Configuration Settings

4. Working with Ansible Configuration Settings

4.1. Examining Ansible Configuration with Automation
Content Navigator
Section Info Here

4.1.1. Inspecting Configuration in Interactive Mode

4.1.1.1. Searching for Specific Configuration Parameters

4.1.1.2. Accessing Parameter Details

4.1.1.3. Inspecting Local Configuration

4.1.2. Inspecting Ansible Configuration in Standard Output Mode

Version: 1.1 DO374 - Instructor Demo Guide 54

 Section 4.2. Configuring Automation Content Navigator

4.2. Configuring Automation Content Navigator

Section Info Here

4.2.1. Format of the Settings File

4.2.2. Locating the Settings File

4.2.2.1. Selecting a Settings File to Use

4.2.3. Editing the Settings File

4.2.3.1. Setting a Default Automation Execution Environment

4.2.3.2. Default to Running in Standard Output Mode

4.2.3.3. Disabling Playbook Artifacts

4.2.3.4. Overview of an Example Settings File

55 DO374 - Instructor Demo Guide Version: 1.1

Chapter 5. Managing Inventories

5. Managing Inventories
5.1. Managing Dynamic Inventories
Section Info Here

5.1.1. Generating Inventories Dynamically

5.1.2. Discussing Inventory Plug-ins

5.1.2.1. Using Inventory Plug-ins

5.1.3. Developing Inventory Scripts

5.1.3.1. Using Inventory Scripts

5.1.4. Managing Multiple Inventories

Version: 1.1 DO374 - Instructor Demo Guide 56

 Section 5.2. Writing YAML Inventory Files

5.2. Writing YAML Inventory Files

Section Info Here

5.2.1. Discussing Inventory Plug-ins

5.2.2. Writing YAML Static Inventory Files

5.2.2.1. Setting Inventory Variables

5.2.3. Converting a Static Inventory File in INI Format to YAML

5.2.4. Troubleshooting YAML Files

5.2.4.1. Protecting a Colon Followed by a Space

5.2.4.2. Protecting a Variable that Starts a Value

5.2.4.3. Knowing the Difference Between a String and a Boolean or Float

57 DO374 - Instructor Demo Guide Version: 1.1

Chapter 5. Managing Inventories

5.3. Managing Inventory Variables

Section Info Here

5.3.1. Describing the Basic Principles of Variables

5.3.2. Variable Merging and Precedence

5.3.2.1. Determining Command-line Option Precedence

5.3.2.2. Determining Role Default Precedence

5.3.2.3. Determining Host and Group Variable Precedence

5.3.2.4. Determining Play Variable Precedence

5.3.2.5. Determining the Precedence of Extra Variables

5.3.3. Separating Variables from Inventory

5.3.4. Using Special Inventory Variables

5.3.4.1. Configuring Human Readable Inventory Host Names

5.3.5. Identifying the Current Host Using Variables

Version: 1.1 DO374 - Instructor Demo Guide 58

 Section 6.1. Controlling Privilege Escalation

6. Managing Task Execution

6.1. Controlling Privilege Escalation
Section Info Here

6.1.1. Privilege Escalation Strategies

6.1.1.1. Privilege Escalation by Configuration

6.1.1.2. Defining Privilege Escalation in Plays

6.1.1.3. Privilege Escalation in Tasks

6.1.1.4. Grouping Privilege Escalation Tasks with Blocks

6.1.1.5. Applying Privilege Escalation in Roles

6.1.1.6. Listing Privilege Escalation with Connection Variables

6.2. Choosing Privilege Escalation Approaches

59 DO374 - Instructor Demo Guide Version: 1.1

Chapter 6. Managing Task Execution

6.3. Controlling Privilege Escalation (DEMO)

Version: 1.1 DO374 - Instructor Demo Guide 60

 Section 6.3. Controlling Privilege Escalation (DEMO)

Example 8. DEMO - Controlling Privilege Escalation

1. Ensure ansible-navigator.yml config is updated, the ansible.cfg has a valid (non-root) user, and playbooks are
available.

Listing 41. ansible-navigator.yml

---
ansible-navigator:
ansible:
config: ./ansible.cfg

execution-environment:
image: ee-supported-rhel8:2.0
pull-policy: missing

mode: stdout ①

playbook-artifact:
enable: false

① Set Mode to Standard Out to see output from the terminal interface.

Listing 42. ansible.cfg

[defaults]
inventory=inventory.yml
remote_user=devops
order = reverse_sorted

61 DO374 - Instructor Demo Guide Version: 1.1

Chapter 6. Managing Task Execution

Listing 43. Ansible Playbook Priv_Demo_Book.yml

---
- name: Playbook to Show Users
hosts: all
become: true

tasks:
- name: show ansible_user_id with BECOME=true
debug:
var: ansible_user_id ①

- name: Test ansible_user_id

hosts: all
become: false

tasks:
- name: show ansible_user_id with BECOME=false
debug:
var: ansible_user_id

① The ansible_user_id is a special variable from Ansible gathered facts. This variable captures the user
executing the commands for a given task. If Fact Gathering is set to false, this value is not available.

2. Use ansible-navigator to run the playbook and review the results

✔ ~/Github/do374/Demos/CH6/Priv_Escallation [main|✔]
11:51 $ ansible-navigator run Priv_Demo_Book.yml

PLAY [Playbook to Show Users]

********************************************************

TASK [Gathering Facts]

***************************************************************
ok: [serverc.lab.example.com]
ok: [servera.lab.example.com]
ok: [serverb.lab.example.com]

TASK [show ansible_user_id]

**********************************************************
ok: [servera.lab.example.com] => {
"ansible_user_id": "root"
}
ok: [serverb.lab.example.com] => {
"ansible_user_id": "root"
}
ok: [serverc.lab.example.com] => {

Version: 1.1 DO374 - Instructor Demo Guide 62

 Section 6.3. Controlling Privilege Escalation (DEMO)

"ansible_user_id": "root"
}

PLAY [Test ansible_user_id]

**********************************************************

TASK [Gathering Facts]

***************************************************************
ok: [servera.lab.example.com]
ok: [serverc.lab.example.com]
ok: [serverb.lab.example.com]

TASK [show ansible_user_id]

**********************************************************
ok: [servera.lab.example.com] => {
"ansible_user_id": "devops"
}
ok: [serverb.lab.example.com] => {
"ansible_user_id": "devops"
}
ok: [serverc.lab.example.com] => {
"ansible_user_id": "devops"
}

PLAY RECAP
***************************************************************************
servera.lab.example.com : ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
serverb.lab.example.com : ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0
serverc.lab.example.com : ok=4 changed=0 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

63 DO374 - Instructor Demo Guide Version: 1.1

Chapter 6. Managing Task Execution

6.4. Controlling Task Execution

Section Info Here

6.4.1. Controlling the Order of Execution

6.4.1.1. Importing or Including Roles as a Task

6.4.1.2. Defining Pre- and Post-tasks

6.4.1.3. Reviewing the Order of Execution

6.4.2. Listening to Handlers

6.4.2.1. Notifying Handlers

6.4.3. Controlling the Order of Host Execution

Version: 1.1 DO374 - Instructor Demo Guide 64

 Section 6.5. Running Selected Tasks

6.5. Running Selected Tasks

Section Info Here

6.5.1. Tagging Ansible Resources

6.5.2. Managing Tagged Resources

6.5.2.1. Running Tasks with Specific Tags

6.5.2.2. Combining Tags to Run Multiple Tasks

6.5.2.3. Skipping Tasks with Specific Tags

6.5.2.4. Listing Tags in a Playbook

6.5.3. Assigning Special Tags

65 DO374 - Instructor Demo Guide Version: 1.1

Chapter 6. Managing Task Execution

6.6. Controlling Tasks with Tags (DEMO)

Example 9. DEMO - Controlling Tasks with Tags

1. Change to the Demo Directory

cd /home/student/Github/do374/Demos/CH6/tags

2. Execute the Playbook with No Tags

00:14 $ anr tag_demo.yml

3. Execute the Playbook with Never Tag

19:20 $ anr tag_demo.yml tag_demo.yml --tags never

4. Execute the Playbook with Never Tag Skip Always

19:20 $ anr tag_demo.yml tag_demo.yml --tags never --skip-tags always

5. Execute the Playbook with Demo Tags

19:22 $ anr tag_demo.yml tag_demo.yml --tags demo

Version: 1.1 DO374 - Instructor Demo Guide 66

 Section 6.7. Optimizing Execution for Speed

6.7. Optimizing Execution for Speed

Section Info Here

6.7.1. Optimizing Playbook Execution

6.7.1.1. Optimizing the Infrastructure

6.7.1.2. Disabling Fact Gathering

6.7.1.3. Reusing Gathered Facts with Fact Caching

6.7.1.4. Limiting Fact Gathering

6.7.1.5. Increasing Parallelism

6.7.1.6. Avoiding Loops with the Package Manager Modules

6.7.1.7. Efficiently Copying Files to Managed Hosts

6.7.1.8. Using Templates

6.7.1.9. Enabling Pipelining

6.7.2. Profiling Playbook Execution with Callback Plug-ins

6.7.2.1. Timing Tasks and Roles

67 DO374 - Instructor Demo Guide Version: 1.1

Chapter 7. Transforming Data with Filters and Plug-ins

7. Transforming Data with Filters and Plug-ins

7.1. Processing Variables Using Filters
Section Info Here

7.1.1. Ansible Filters

7.1.2. Variable Types

7.1.3. Manipulating Lists

7.1.3.1. Extracting list elements

7.1.3.2. Modifying the Order of List Elements

7.1.3.3. Merging Lists

7.1.3.4. Operating on Lists as Sets

7.1.4. Manipulating Dictionaries

7.1.4.1. Joining dictionaries

7.1.4.2. Converting Dictionaries

7.1.5. Hashing, Encoding, and Manipulating Strings

7.1.5.1. Hashing strings and passwords

7.1.5.2. Encoding strings

7.1.5.3. Formatting Text

7.1.5.4. Replacing Text

7.1.6. Manipulating JSON Data

7.1.6.1. JSON Queries

7.1.6.2. Parsing and Encoding Data Structures

Version: 1.1 DO374 - Instructor Demo Guide 68

 Section 7.2. Demo - JSON Queries on Data

7.2. Demo - JSON Queries on Data

While it is possible that the json_query functionality can be used in playbooks to test for data and to be used
for assertions and other things, the functionality may not exist on the Ansible Controller, the controller node, or
within the Ansible Execution Environment (EE). It is necessary to create a custom EE or ensure that all utilities
are available.

ansible-galaxy collection install community.general ①

python3.6 -m pip install jmespath ②
python3.9 -m pip install jmespath ③

① The community.general collection has the modules and filters necessary to perform JSON Queries and
manipulate data.
② The jmespath Python installation is needed for the modules and filters in the community.general
collection and needs to be installed for the Python 3.6 version (if that is what is used)
③ The jmespath Python installation is needed for the modules and filters in the community.general
collection and needs to be installed for the Python 3.9 version (if that is what is used)

Essentially, in addition to the community.general collection, the jmespath Python Package is needed to
function and it is version specific to the version of Python being used by Ansible.

 The quay.io/tmichett/travis_do374:1.1 is a custom collection which contains the modules,

filters, and Python packages needed to demonstrate the use of the filter.

69 DO374 - Instructor Demo Guide Version: 1.1

Chapter 7. Transforming Data with Filters and Plug-ins

Example 10. DEMO - JSON Queries

1. Run demo with the RHEL8-Supported EE

anr json_query_demo.yml

... OUTPUT OMITTED ...

[WARNING]: an unexpected error occurred during Jinja2 environment setup: unable

to
locate collection community.general
fatal: [localhost]: FAILED! => {"msg": "template error while templating string:
unable to locate collection community.general. String: {{ hosts |
json_query('[*].name') | sort }} is eq( ['bastion', 'classroom'] )" ①

① Missing JSON and JINJA2 templating modules

2. Run demo with the custom EE

18:19 $ anr json_query_demo.yml --eei quay.io/tmichett/travis_do374:1.1 -m

stdout

... OUTPUT OMITTED ...

TASK [Get the 'name' elements from the list of dictionaries in 'hosts']
**************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}

... OUTPUT OMITTED ...

3. Run demo with the custom EE (but failure playbook)

Version: 1.1 DO374 - Instructor Demo Guide 70

 Section 7.2. Demo - JSON Queries on Data

18:21 $ anr json_query_demo_fail.yml --eei quay.io/tmichett/travis_do374:1.1

-m stdout

... OUTPUT OMITTED ...

TASK [Get the 'name' elements from the list of dictionaries in 'hosts']
**************
fatal: [localhost]: FAILED! => {
"assertion": "['bastion', 'classroom', 'nada'] is eq( ['bastion',
'classroom'] )", ①
"changed": false,
"evaluated_to": false,
"msg": "Assertion failed"
}

① Can see the assertion and why/how it failed because nada isn’t in the check.

71 DO374 - Instructor Demo Guide Version: 1.1

Chapter 7. Transforming Data with Filters and Plug-ins

7.3. Templating External Data using Lookups

Section Info Here

7.3.1. Lookup Plug-ins

7.3.2. Calling Lookup Plug-ins

7.3.3. Selecting Lookup Plug-ins

7.3.3.1. Reading the Contents of Files

7.3.3.2. Applying Data with a Template

7.3.3.3. Reading Command Output in the Execution Environment

7.3.3.4. Getting Content from a URL

7.3.3.5. Getting Information from the Kubernetes API

7.3.3.6. Using Custom Lookup Plug-ins

7.3.4. Handling Lookup Errors

Version: 1.1 DO374 - Instructor Demo Guide 72

 Section 7.4. Implementing Advanced Loops

7.4. Implementing Advanced Loops

Section Info Here

7.4.1. Comparing Loops and Lookup Plug-ins

7.4.2. Example Iteration Scenarios

7.4.2.1. Iterating over a List of Lists

7.4.2.2. Iterating Over Nested Lists

7.4.2.3. Iterating Over a Dictionary

7.4.2.4. Iterating Over a File Globbing Pattern

7.4.2.5. Retrying a Task

73 DO374 - Instructor Demo Guide Version: 1.1

Chapter 7. Transforming Data with Filters and Plug-ins

7.5. Using Filters to Work with Network Addresses

Section Info Here

7.5.1. Gathering and Processing Networking Information

7.5.2. Network Information Filters

7.5.2.1. Testing IP Addresses

7.5.2.2. Filtering Data

7.5.2.3. Manipulating IP Addresses

7.5.2.4. Reformatting or Calculating Network Information

Version: 1.1 DO374 - Instructor Demo Guide 74

 Section 8.1. Delegating Tasks and Facts

8. Coordinating Rolling Updates

8.1. Delegating Tasks and Facts
Section Info Here

8.1.1. Delegating Tasks

8.1.1.1. Delegating to localhost

8.1.2. Delegating Facts

75 DO374 - Instructor Demo Guide Version: 1.1

Chapter 8. Coordinating Rolling Updates

8.2. Configuring Parallelism

Section Info Here

8.2.1. Configure Parallelism in Ansible Using Forks

8.2.2. Running Batches of Hosts Through the Entire Play

Version: 1.1 DO374 - Instructor Demo Guide 76

 Section 8.3. Managing Rolling Updates

8.3. Managing Rolling Updates

Section Info Here

8.3.1. Overview

8.3.2. Controlling Batch Size

8.3.2.1. Setting a Fixed Batch Size

8.3.2.2. Setting Batch Size as a Percentage

8.3.2.3. Setting Batch Sizes to Change During the Play

8.3.3. Aborting the Play

8.3.3.1. Specifying Failure Tolerance

8.3.4. Running a Task Once

77 DO374 - Instructor Demo Guide Version: 1.1

Chapter 9. Creating Content Collections and Execution Environments

9. Creating Content Collections and Execution

Environments
9.1. Writing Ansible Content Collections
Section Info Here

9.1.1. Developing Ansible Content Collections

9.1.1.1. Selecting a Namespace for Collections

9.1.1.2. Creating Collection Skeletons

9.1.1.3. Adding Content to Collections

9.1.1.4. Updating Collection Metadata

9.1.1.5. Declaring Collection Dependencies

9.1.1.6. Building Collections

9.1.1.7. Validating and Testing Collections

9.1.2. Publishing Collections

Version: 1.1 DO374 - Instructor Demo Guide 78

 Section 9.2. Building a Custom Execution Environment

9.2. Building a Custom Execution Environment

Section Info Here

9.2.1. Deciding When to Create a Custom Automation Execution Environment

9.2.2. Preparing for a New Automation Execution Environment

9.2.2.1. Declaring the Ansible Content Collections to Install

9.2.2.2. Declaring Python Packages

9.2.2.3. Declaring RPM Packages

9.2.3. Building a New Automation Execution Environment

9.2.3.1. Interacting with the Build Process

79 DO374 - Instructor Demo Guide Version: 1.1

Chapter 9. Creating Content Collections and Execution Environments

9.3. Validating a Custom Execution Environment

Section Info Here

9.3.1. Testing Automation Execution Environments Locally

9.3.1.1. Running a Test Playbook

9.3.1.2. Providing Authentication Credentials

9.3.2. Sharing an Automation Execution Environment from Private Automation Hub

Version: 1.1 DO374 - Instructor Demo Guide 80

 Section 9.4. Using Custom Content Collections and Execution Environments in Automation Controller

9.4. Using Custom Content Collections and Execution

Environments in Automation Controller
Section Info Here

9.4.1. Using Custom Collections with Existing Execution Environments

9.4.1.1. Preparing Ansible Projects for Automation Controller

9.4.1.2. Storing Authentication Credentials for Collections

9.4.2. Using Custom Automation Execution Environments with Automation

Controller

9.4.2.1. Storing Container Registry Credentials

9.4.2.2. Configuring Automation Execution Environments

9.4.2.3. Configuring the Default Automation Execution Environment for a Project

9.4.2.4. Specifying an Automation Execution Environment in a Template

81 DO374 - Instructor Demo Guide Version: 1.1

Chapter Appendix A: Exam Objectives

Appendix A: Exam Objectives

Listing 44. The jq Package

yum install jq

Listing 45. The perl-json-pp Package

yum install perl-JSON-PP

A.1. Understand and use Git

Chapters in Book for Topic
 Chapter 1

• GE: Managing Ansible Projects and materials using Git

Listing 46. Git Commands to Setup Git and the Repository behavior

git config --global user.name "Travis Michette" ①

git config --global user.email "[email protected]" ②
git config --global push.default simple ③
git config --global credential.helper store ④

git config --global -l ⑤

① Sets the User Name in the configuration

② Sets the E-mail address in the configuration
③ Sets the default push method to simple
④ Stores credentials locally to a file. Can use store or cache
⑤ Lists global configurations from file ~/.giconfig

GIT Config Commands

 The git config XXX commands are tab complete aware so it is possible to get the syntax
and items using tab completion.

• Clone a Git repository

Listing 47. Cloning with Git

# git clone <ADDRESS>

• Create, modify and push files in a Git repository

Version: 1.1 DO374 - Instructor Demo Guide 82

 Section A.2. Manage inventory variables

Listing 48. Using Git

# git add .

# git commit -m "Message"

# git push

A.2. Manage inventory variables

Chapters in Book for Topic
 Chapter 5

Listing 49. Converting INI Inventory to YAML Format

ansible-inventory --yaml -i inventory --list --output inventory.yaml

• Structure host and group variables using multiple files per host or group
◦ GE: Managing Inventory Variables
• Use special variables to override the host, port, or remote user for a specific host
◦ Section: Using Special Inventory Variables
◦ GE: Managing Inventory Variables
• Set up directories containing multiple host variable files for managed hosts
◦ Section: Separating Variables from Inventory
• Override names used in inventory files with a different name or IP address
◦ Section: Using Special Inventory Variables

A.3. Manage task execution

Chapters in Book for Topic
 Chapter 6

FORKS

 The Forks setting controls parallel runs and is in the defaults section of the ansible.cfg file
as forks=#. It can also be overriden on the command line using -f #.

• Control privilege execution

◦ GE: Controlling Privilege Escallation
• Run selected tasks from a playbook
◦ GE: Running Selected Tasks

83 DO374 - Instructor Demo Guide Version: 1.1

Chapter Appendix A: Exam Objectives

A.4. Transform data with filters and plugins

Chapters in Book for Topic
 Chapter 7

Listing 50. Required Package for ipaddr and other filters

yum install python3-netaddr

Common Filters (Section: Hashing, Encoding, and Manipulating Strings)

• upper
• lower
• capitalize

Hashing and Encrypting Filters (Section: Hashing, Encoding, and Manipulating Strings)
• hash
• password_hash
• Populate variables with data from external sources using lookup plugins
◦ GE: Templating External Data Using Lookups
• Use lookup and query functions to incorporate data from external sources into playbooks and deployed
template files
◦ GE:
• Implement loops using structures other than simple lists using lookup plugins and filters
◦ GE: Implementing Advanced Loops
• Inspect, validate, and manipulate variables containing networking information with filters
◦ GE: Using Filters to work with Network Addresses

A.5. Delegate tasks

Chapters in Book for Topic
 Chapter 8

• Run a task for a managed host on a different host

• Control whether facts gathered by a task are delegated to the managed host or the controlling host
◦ GE: Delegation of Tasks and Facts

A.6. Manage content collections

Chapters in Book for Topic

 Chapter 9

LAB: Creating Content Collections and Execution Environments

Version: 1.1 DO374 - Instructor Demo Guide 84

 Section A.7. Manage execution environments

• Create a content collection

◦ GE: Writing Ansible Content Collections

Commands Used
• ansible-galaxy collection init <namespace>.<collectionname>
• ansible-galaxy collection build
• ansible-galaxy collection publish

Getting Help

 There is very little information in the man pages. However, the ansible-galaxy collection
--help and ansible-galaxy collection init --help commands can provide assistance and
context.

Manual Tasks to Remember

The ansible-galaxy collection init will build a basic skeleton of the collection. However, in
the current AAP 2.0 version used in this course, it doesn’t create the meta/runtime.yml
directory or file. This is a manual step.

Listing 51. Creating Directory

# mkdir meta


Listing 52. Creating meta/runtime.yml File

# vim meta/runtime.yml
---
requires_ansible: '>=2.9.10'

The above commands require being in the top-level of the collection directory.

Plugins and Modules

 The plugins sub-directory is created and part of the skeleton. In order to leverage any
custom modules, it is necessary to create a plugins/modules subdirectory and copy the
modules to this location.

• Install a content collection

◦ GE: Finding and Installing Ansible Content Collections (Chapter) 2
• Publish a content collection

A.7. Manage execution environments

Chapters in Book for Topic

 Chapter 9

LAB: Creating Content Collections and Execution Environments

85 DO374 - Instructor Demo Guide Version: 1.1

Chapter Appendix A: Exam Objectives

• Build an execution environment

◦ GE: Building a Custom EE
• Run playbooks in a execution environment
◦ GE: Validating a Custom Execution Environment (EE)
◦ GE: Selecting an EE (Chapter 2)
• Upload execution environments into automation hub
◦ GE: Validating a Custom Execution Environment (EE)
• Using execution environments in automation controller
◦ GE: Using Custom Content Collections and Execution Environments in Automation Controller

A.8. Manage inventories and credentials

Chapters in Book for Topic
 Chapter 3

• Manage advanced inventories

• Create a dynamic inventory from an identity management server or a database server
• Create machine credentials to access inventory hosts
◦ GE: Running Playbooks in Automation Controller
• Create a source control credential
◦ GE: Running Playbooks in Automation Controller

A.9. Manage automation controller

Chapters in Book for Topic
 Chapter 3 Chapter 9

• Run playbooks in automation controller

◦ GE: Running Playbooks in Automation Controller
• Pull content into automation controller from either git or automation hub
• Pull an execution environment from automation hub and run a playbook in it.

Version: 1.1 DO374 - Instructor Demo Guide 86

 Section B.1. Ansible Roles, Collections, and Content

Appendix B: References
B.1. Ansible Roles, Collections, and Content
• Ansible Collections Overview
◦ https://github.com/ansible-collections/overview/blob/main/README.rst
• Introduction to RHEL System Roles
◦ https://www.redhat.com/en/blog/introduction-rhel-system-roles
• Ansible Galaxy: Collections and Roles
◦ https://docs.rockylinux.org/books/learning_ansible/04-ansible-galaxy/
• Ansible Collection Index
◦ https://docs.ansible.com/ansible/latest/collections/index.html#list-of-collections
• Ansible Module Mapping - Where have all the modules gone??
◦ https://github.com/ansible/ansible/blob/devel/lib/ansible/config/ansible_builtin_runtime.yml
• Ansible Posix Collection
◦ https://github.com/ansible-collections/ansible.posix
• Ansible Automation Platform Certified Content
◦ https://access.redhat.com/articles/3642632
• Migrating to Ansible Collections
◦ <a href="https://www.ansible.com/hubfs/Webinar%20PDF%20slides/2020-Dec-
08&#8212;&#8203;Webinar%20Migrating%20to%20Ansible%20Collections.pdf"
class="bare">https://www.ansible.com/hubfs/Webinar%20PDF%20slides/2020-Dec-08&#8212;&#
8203;Webinar%20Migrating%20to%20Ansible%20Collections.pdf</a>
• Ansible Netcommon
◦ https://github.com/ansible-collections/ansible.netcommon/blob/main/meta/runtime.yml
• Ansible Collections on Galaxy
◦ https://galaxy.ansible.com/ui/namespaces/ansible/
◦ https://galaxy.ansible.com/ui/namespaces/community
◦ https://galaxy.ansible.com/ui/namespaces/tmichett
◦ https://galaxy.ansible.com/ui/namespaces/redhat_cop
• Creating collections
◦ https://docs.ansible.com/ansible/devel/dev_guide/developing_collections_creating.html#creating-
collections-skeleton
• Using collections
◦ https://docs.ansible.com/ansible/latest/user_guide/collections_using.html
• Ansible Posix Collection
◦ https://galaxy.ansible.com/ansible/posix

87 DO374 - Instructor Demo Guide Version: 1.1

Chapter Appendix B: References

B.2. Ansible Automation Platform (AAP 2)

• 6 steps to install Ansible Automation Platform 2.3 on RHEL
◦ https://developers.redhat.com/articles/2023/03/07/install-ansible-23-on-rhel-91?
sc_cid=7013a0000034ro3AAA#
• Introducing Ansible Automation Platform 2
◦ https://www.ansible.com/blog/introducing-ansible-automation-platform-2
• What’s new in Ansible Automation Platform 2: private automation hub
◦ https://www.ansible.com/blog/whats-new-in-ansible-automation-platform-2-private-automation-hub
• Introducing Red Hat Ansible Automation Platform 2.1
◦ https://www.ansible.com/blog/introducing-red-hat-ansible-automation-platform-2.1
• When localhost isn’t what it seems in Red Hat Ansible Automation Platform 2
◦ https://www.ansible.com/blog/when-localhost-isnt-what-it-seems-in-red-hat-ansible-automation-
platform-2

B.3. Execution Environments

• Automating execution environment image builds with GitHub Actions
◦ https://www.ansible.com/blog/automating-execution-environment-image-builds-with-github-actions

B.4. Callback Plugins

• Callback Plugins
◦ https://docs.ansible.com/ansible/latest/plugins/callback.html
• ansible.posix.timer callback – Adds time to play stats
◦ https://docs.ansible.com/ansible/latest/collections/ansible/posix/timer_callback.html#ansible-
collections-ansible-posix-timer-callback-requirements
• ansible.posix.profile_tasks callback – adds time information to tasks
◦ https://docs.ansible.com/ansible/latest/collections/ansible/posix/profile_tasks_callback.html
• ansible.posix.cgroup_perf_recap callback – Profiles system activity of tasks and full execution
using cgroups
◦ https://docs.ansible.com/ansible/latest/collections/ansible/posix/cgroup_perf_recap_callback.html#
ansible-collections-ansible-posix-cgroup-perf-recap-callback-requirements
• Assess resource consumption with Ansible callback plugins
◦ https://www.redhat.com/sysadmin/ansible-callback-plugins-metrics
• ansible.posix.cgroup_perf_recap callback – Profiles system activity of tasks and full execution
using cgroups
◦ https://docs.ansible.com/ansible/latest/collections/ansible/posix/cgroup_perf_recap_callback.html

Version: 1.1 DO374 - Instructor Demo Guide 88

 Section B.5. Ansible Facts and Variables

B.5. Ansible Facts and Variables

• Discovering variables: facts and magic variables
◦ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html#ansible-facts

B.6. Ansible Galaxy

• Galaxy User Guide - Configuring Ansible Galaxy Client
◦ https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#configuring-the-ansible-galaxy-client

B.7. Ansible Navigator

• Github Navigator Project
◦ https://github.com/ansible/ansible-navigator
• Ansible Navigator Settings
◦ https://ansible-navigator.readthedocs.io/settings/
• Ansible Navigator Cheat Sheet
◦ https://www.techbeatly.com/ansible-navigator-cheat-sheet/

Ansible Navigator Settings

With AAP 2.0 release, ansible-navigator can dump settings.

 ansible-navigator settings --sample

https://github.com/ansible/ansible-navigator/issues/611

B.8. Ansible Automation Hub

• To Install & configure the Ansible Ansible Automation Hub
◦ https://www.jazakallah.info/post/to-install-configure-the-ansible-ansible-automation-hub

B.9. Ansible Builder

• Introduction to Ansible Builder
◦ https://www.ansible.com/blog/introduction-to-ansible-builder
• How to create execution environments using ansible-builder
◦ https://developers.redhat.com/articles/2023/05/08/how-create-execution-environments-using-ansible-
builder#continue_your_automation_journey_with_ansible_automation_platform
• How to build Ansible execution environment images for unconnected environments
◦ https://www.redhat.com/sysadmin/ansible-execution-environment-unconnected === Github

89 DO374 - Instructor Demo Guide Version: 1.1

Chapter Appendix B: References

Git Logline: git config --global alias.logline "log --graph --pretty=format:'%Cred%h%Creset

-%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"

Github CLI Installation

• Linux: https://github.com/cli/cli/blob/trunk/docs/install_linux.md
• General Instructions: https://cli.github.com/manual/installation

GH Token Creation

 To get started with GitHub CLI, please run: gh auth login Alternatively, populate the
GH_TOKEN environment variable with a GitHub API authentication token.

Github Training and Skills: https://github.blog/2022-06-06-introducing-github-skills/

• Saving Credentials Locally: git config --global credential.helper store

• Turning off SSL Verification for Self-Signed/Self-Hosted Instances: git config --global http.sslverify false

B.10. Pre-Commit
The Jenkins jobs use pre-commit rules to check items before running. Failure to pass these checks will result
in Jenkins build failures. Instructions for using pre-commit are in the text, but it might be recommended and
easier to enable pre-commit automatically.

automatically enabling pre-commit on repositories: https://pre-commit.com/#automatically-enabling-pre-

commit-on-repositories

B.11. Ansible Real-World Examples and Articles

• awx_pod - Github Project Ansible AWX in Containers
◦ https://github.com/ikke-t/awx_pod
• How I used Ansible to automate updates at home
◦ https://www.redhat.com/sysadmin/ansible-automate-updates-home
• Install Ansible AWX on CentOS 8 / Rocky Linux 8
◦ https://computingforgeeks.com/install-and-configure-ansible-awx-on-centos/
• Ansible Blender
◦ https://github.com/TomasTomecek/ansible-bender
• Streamlining AWS Deployments with Python & Ansible Part I
◦ https://www.capitalone.com/tech/cloud/python-ansible-aws-building-ansible-playbooks/
• Streamlining AWS Deployments with Python & Ansible Part II
◦ https://www.capitalone.com/tech/cloud/python-ansible-aws-unit-testing-ansible-modules/
• Streamlining AWS Deployments with Python & Ansible Part III
◦ https://www.capitalone.com/tech/cloud/python-ansible-aws-refactoring-code/

Version: 1.1 DO374 - Instructor Demo Guide 90

 Section B.12. Other Ansbile Examples and Repositories (from other Instructors)

B.12. Other Ansbile Examples and Repositories (from other

Instructors)
• https://eenfach.de/gitblit/tree/rht!rh294.git

B.13. Python
• How to install Python 3 on Red Hat Enterprise Linux
◦ https://developers.redhat.com/blog/2018/08/13/install-python3-rhel?source=sso#tl_dr

B.14. VSCode Resources

• Ansible VS Code Extension by Red Hat
◦ https://marketplace.visualstudio.com/items?itemName=redhat.ansible
• Ansible Core and Red Hat Collection Snippets
◦ https://marketplace.visualstudio.com/items?itemName=TravisMichette.tm-ansible-snippets

B.15. DISA STIG

• DISA releases the first Ansible STIG
◦ https://www.redhat.com/en/blog/disa-releases-first-ansible-stig

91 DO374 - Instructor Demo Guide Version: 1.1