Simplified configuration with Red Hat Enterprise Linux System Roles and Ansible

Terry BowlingTechnical Product Manager

Ondrej VasikSenior Engineering Manager

May, 2018

Simplified configuration with Red Hat Enterprise Linux System Roles and Ansible

Overview of RHEL Systems Roles

How to use it and demo time

Providing feedback and feature requests

I bet you’ve been here before...

# My wicked cool automation scripts

do.clever.stuff(with_my_servers)

automate --all-the-things

Watch.it.break --over-time --change# $@%!

rinse.repeat

We’ve all been here before...

# My wicked cool automation scripts

do.clever.stuff(with_stuff)

automate --all-the-things

watch.it.break(why_did_this_change)# $@%!

rinse.repeat

RHEL 5

RHEL 6

RHEL 7

It’s an ugly, old problem...That keeps coming back...

The RHEL Self Help Book

How can we make RHEL easier to manage,

in an automatable way,

at scale?

The RHEL Self Help Book

How can we make RHEL easier to manage,

in an automatable way,

at scale?

Attempts were made

Something we’ve been working on… RHEL System Roles with Ansible

Ansible Playbooks---- hosts: all- role: rhel-system-roles.network

RHEL

Network

RHEL System Roles

LoggingStorage

Metrics

SELinux

6 7 8++

TimeSync kdump

NFS

Tuned

Boot

Firewall

Identity

A collection of Ansible roles and modules

Consistent configuration interface to RHEL

Abstract configuration from implementation

Evolves with subsystem

Maintained by RHEL Subsystem Engineers

Manage RHEL 6, 7, and beyond

Something we’ve been working on… RHEL System Roles with Ansible

Ansible Playbooks---- hosts: all- role: rhel-system-roles.network

RHEL

Network

RHEL System Roles

LoggingStorage

Metrics

SELinux

6 7 8++

TimeSync kdump

NFS

Tuned

Boot

Firewall

Identity

Current Roles

Network

SELinux

TimeSync

Postfix

kdump

Targeted

Roles

Storage

Logging

Metrics

NFS

Tuned

Firewall

And more!

Give it a tryIntroduced in RHEL 7.4 as Technology Preview

# yum --enablerepo=rhel-7-server-extras-rpms install rhel-system-roles

# yum --enablerepo=rhel-7-ansible-2-rpms install ansible

simple DHCP---- hosts: rhel7, rhel6 vars: # network_provider: initscripts # or nm network_connections: - name: Private_Mgmt type: ethernet #interface_name: eno0 mac: "52:54:00:ae:83:49" autoconnect: yes ip: dhcp4: yes auto6: no roles: - role: rhel-system-roles.network

simple STATIC---- hosts: rhel7, rhel6 vars: network_connections: - name: Pub_Web type: ethernet mac: "52:54:00:ae:83:49" autoconnect: yes ip: auto6: no route_metric6: -1 gateway6: 2001:db8::1 address: - 192.168.99.99/24 - 2001:db8::80/7 roles: - role: rhel-system-roles.network

simple BOND---- hosts: rhel7, rhel6 vars: network_connections: - name: DBbond state: present type: bond interface_name: DBbond autoconnect: yes ip: address: "{{ hostvars[inventory_hostname].DBbond_ip }}" gateway4: 192.168.75.1 auto6: no bond: mode: balance-alb miimon: 70

Continued…

BONDlinks

… continued - name: DBbond-link1 state: up type: ethernet #interface_name: eth3 mac: "{{ hostvars[inventory_hostname].net3_mac }}" master: DBbond slave_type: bond

- name: DBbond-link2 state: up type: ethernet #interface_name: eth5 mac: "{{ hostvars[inventory_hostname].net5_mac }}" master: DBbond slave_type: bond

- name: DBbond state: up roles: - role: rhel-system-roles.network

TimeSync---- hosts: rhel7, rhel6 vars: #ntp_implementation: ntp # or chrony ntp_servers: - hostname: 0.rhel.pool.ntp.org iburst: true - hostname: foo.example.org pool: true minpoll: 6 maxpoll: 10 iburst: no - hostname: bar.example.org pool: false minpoll: 4 maxpoll: 6 iburst: true ptp_domains: - interfaces: [ eth0 ] roles: - role: rhel-system-roles.timesync

SELinux---- hosts: rhel7, rhel6 vars:

# Enable SELinux. Yes, do it, else Dan Walsh cries. SELinux_type: targeted SELinux_mode: enforcing SELinux_change_running: 1

SELinux_booleans: - { name: 'samba_enable_home_dirs', state: 'on' } - { name: 'ssh_sysadm_login', state: 'on', persistent: 'yes' }

roles: - role: rhel-system-roles.selinux

kdump---- hosts: rhel7, rhel6

vars: core_collector: "makedumpfile -l --message-level 2 -d 31 -c" path: /var/crash system_action: reboot # reboot | halt | poweroff | shell

roles: - role: rhel-system-roles.kdump

Considering the following future roles...

- Storage

- Partitions

- Filesystems

- LVM

- Logging

- Rsyslog

- Common logging (ElasticSearch)

- Metrics

- Performance Co-Pilot

- Prometheus

- NFS (client & server)

- Firewall

- Subscription Manager

IT’S DEMO TIME!

Documentation & References

Red Hat Customer Portal Documentation:https://access.redhat.com/articles/3050101

Upstream Resources:Landing page and overview -

https://linux-system-roles.github.io/

Link to Galaxy page -https://galaxy.ansible.com/linux-system-roles/

Link github project -https://github.com/linux-system-roles

Example playbookshttps://github.com/linux-system-roles/linux-system-roles.github.io/tree/master/demo

Providing Feedback & Requests

Tell us...What new features or capabilities you need.What is needed.What needs to be fixed.

Methods...Our Survey.Open a Support case via the Red Hat Customer Portal.Open an issue at the upstream linux-system-roles project on github.Pull requests welcome!

LEARN MORE ABOUT IT OPTIMIZATION AT THE RED HAT BOOTH

Location: Booth #511, Moscone West

View technical demos, interact with our technology experts, get answers to your most pressing questions, and acquire some of our best shirts and stickers!

Rate our session, please!

THANK YOUplus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews