and ansible red hat enterprise linux system roles simplified ... · rhel network rhel system roles...
TRANSCRIPT
Simplified configuration with Red Hat Enterprise Linux System Roles and Ansible
Terry BowlingTechnical Product Manager
Ondrej VasikSenior Engineering Manager
May, 2018
Simplified configuration with Red Hat Enterprise Linux System Roles and Ansible
Overview of RHEL Systems Roles
How to use it and demo time
Providing feedback and feature requests
I bet you’ve been here before...
# My wicked cool automation scripts
do.clever.stuff(with_my_servers)
automate --all-the-things
Watch.it.break --over-time --change# $@%!
rinse.repeat
We’ve all been here before...
# My wicked cool automation scripts
do.clever.stuff(with_stuff)
automate --all-the-things
watch.it.break(why_did_this_change)# $@%!
rinse.repeat
RHEL 5
RHEL 6
RHEL 7
Something we’ve been working on… RHEL System Roles with Ansible
Ansible Playbooks---- hosts: all- role: rhel-system-roles.network
RHEL
Network
RHEL System Roles
LoggingStorage
Metrics
SELinux
6 7 8++
TimeSync kdump
NFS
Tuned
Boot
Firewall
Identity
A collection of Ansible roles and modules
Consistent configuration interface to RHEL
Abstract configuration from implementation
Evolves with subsystem
Maintained by RHEL Subsystem Engineers
Manage RHEL 6, 7, and beyond
Something we’ve been working on… RHEL System Roles with Ansible
Ansible Playbooks---- hosts: all- role: rhel-system-roles.network
RHEL
Network
RHEL System Roles
LoggingStorage
Metrics
SELinux
6 7 8++
TimeSync kdump
NFS
Tuned
Boot
Firewall
Identity
Current Roles
Network
SELinux
TimeSync
Postfix
kdump
Targeted
Roles
Storage
Logging
Metrics
NFS
Tuned
Firewall
And more!
Give it a tryIntroduced in RHEL 7.4 as Technology Preview
# yum --enablerepo=rhel-7-server-extras-rpms install rhel-system-roles
# yum --enablerepo=rhel-7-ansible-2-rpms install ansible
simple DHCP---- hosts: rhel7, rhel6 vars: # network_provider: initscripts # or nm network_connections: - name: Private_Mgmt type: ethernet #interface_name: eno0 mac: "52:54:00:ae:83:49" autoconnect: yes ip: dhcp4: yes auto6: no roles: - role: rhel-system-roles.network
simple STATIC---- hosts: rhel7, rhel6 vars: network_connections: - name: Pub_Web type: ethernet mac: "52:54:00:ae:83:49" autoconnect: yes ip: auto6: no route_metric6: -1 gateway6: 2001:db8::1 address: - 192.168.99.99/24 - 2001:db8::80/7 roles: - role: rhel-system-roles.network
simple BOND---- hosts: rhel7, rhel6 vars: network_connections: - name: DBbond state: present type: bond interface_name: DBbond autoconnect: yes ip: address: "{{ hostvars[inventory_hostname].DBbond_ip }}" gateway4: 192.168.75.1 auto6: no bond: mode: balance-alb miimon: 70
Continued…
BONDlinks
… continued - name: DBbond-link1 state: up type: ethernet #interface_name: eth3 mac: "{{ hostvars[inventory_hostname].net3_mac }}" master: DBbond slave_type: bond
- name: DBbond-link2 state: up type: ethernet #interface_name: eth5 mac: "{{ hostvars[inventory_hostname].net5_mac }}" master: DBbond slave_type: bond
- name: DBbond state: up roles: - role: rhel-system-roles.network
TimeSync---- hosts: rhel7, rhel6 vars: #ntp_implementation: ntp # or chrony ntp_servers: - hostname: 0.rhel.pool.ntp.org iburst: true - hostname: foo.example.org pool: true minpoll: 6 maxpoll: 10 iburst: no - hostname: bar.example.org pool: false minpoll: 4 maxpoll: 6 iburst: true ptp_domains: - interfaces: [ eth0 ] roles: - role: rhel-system-roles.timesync
SELinux---- hosts: rhel7, rhel6 vars:
# Enable SELinux. Yes, do it, else Dan Walsh cries. SELinux_type: targeted SELinux_mode: enforcing SELinux_change_running: 1
SELinux_booleans: - { name: 'samba_enable_home_dirs', state: 'on' } - { name: 'ssh_sysadm_login', state: 'on', persistent: 'yes' }
roles: - role: rhel-system-roles.selinux
kdump---- hosts: rhel7, rhel6
vars: core_collector: "makedumpfile -l --message-level 2 -d 31 -c" path: /var/crash system_action: reboot # reboot | halt | poweroff | shell
roles: - role: rhel-system-roles.kdump
Considering the following future roles...
- Storage
- Partitions
- Filesystems
- LVM
- Logging
- Rsyslog
- Common logging (ElasticSearch)
- Metrics
- Performance Co-Pilot
- Prometheus
- NFS (client & server)
- Firewall
- Subscription Manager
Documentation & References
Red Hat Customer Portal Documentation:https://access.redhat.com/articles/3050101
Upstream Resources:Landing page and overview -
https://linux-system-roles.github.io/
Link to Galaxy page -https://galaxy.ansible.com/linux-system-roles/
Link github project -https://github.com/linux-system-roles
Example playbookshttps://github.com/linux-system-roles/linux-system-roles.github.io/tree/master/demo
Providing Feedback & Requests
Tell us...What new features or capabilities you need.What is needed.What needs to be fixed.
Methods...Our Survey.Open a Support case via the Red Hat Customer Portal.Open an issue at the upstream linux-system-roles project on github.Pull requests welcome!
LEARN MORE ABOUT IT OPTIMIZATION AT THE RED HAT BOOTH
Location: Booth #511, Moscone West
View technical demos, interact with our technology experts, get answers to your most pressing questions, and acquire some of our best shirts and stickers!