Commands & Configuration Flashcards

Question

How could you ensure that the 'httpd' service is running on 'managed-node1' ?

Answer 1

`ansible managed-node1 -m service -a "name=httpd state=started"`

Answer 2

`ansible all -a 'whoami'` | The command module is **not** idempotent. ## Footnote '-m command' isn't necessary since the command module is the default module. The 'ansible.builtin.command' module doesn't support the use of shell metacharacters (a metacharacter is a space, tab, newline, or one of the following characters: ‘|’, ‘&’, ‘;’, ‘(’, ‘)’, ‘<’, or ‘>’)

Answer 3

ansible all -m shell -a 'rpm -qa | grep nginx' | Use of the pipe ('|') is supported in the 'ansible.builtin.shell' module

Answer 4

ansible all -m copy -a 'content="Welcome!" dest=/etc/motd'

Answer 5

The 'command' module is not idemptotent. The 'user' module is idemptotent. The 'command' module should only be used when no dedicated module exists or can be found for a task.

Answer 6

This playbook will install/enable the 'vsftpd' package on the 'ansible2' managed node. It will then use the 'copy' module to add content to the '/var/ftp/pub/README' file. Lines that begin with a dash (-) are part of a YAML list. The first line (-name: deploy vsftpd) is a 'play' within the playbook. Each playbook can contain multiple plays and within each play there can be multiple tasks. The first two tasks use the old, deprecated Ansible playbook syntax for specifying arguments. The final task (copy) uses the modern syntax for specifying arguments. This modern syntax conforms better with YAML syntax.

Answer 7

ansible-navigator run -m stdout --pp never vsftpd.yml ## Footnote '-m stdout' will write the command output to STDOUT instead of using interactive mode. '--pp never' will instruct 'ansible-navigator' to not check for a newer version of the specified container image.

Answer 8

Add the following to your '.ansible-navigator.yml' file: ## Footnote What matters here is the "policy: missing" for pulling container images. This will tell 'ansible-navigator' to only pull an image if the desired one is missing.

Answer 9

Interactive mode is good for debugging. It allows you to separately view each individual play/task in a playbook. It can be used by simply running a playbook with 'ansible-navigator' and **not** specifying '-m stdouot'

Answer 10

A 'play' is a series of tasks executed against selected hosts from the inventory, using specific credentials. Using multiple plays allows running tasks on different hosts, using different credentials from the same playbook. ## Footnote Each play can have its own escalation parameters defined. Some of the common ones include the following: ``` remote_user become become_method become_user ```

Answer 11

* Variables can be defined in playbooks * The output of a command/task can be used as a variable via the 'register' keyword * 'vars_prompt' can be used to ask for user input and then store that as a variable * Variables can be specified on the command line * Variables can be defined in include files ## Footnote Include files make for the most portable playbooks as an include file can be creatd per environment, rather than hardcoding site-specific values in multiple different playbooks.

Answer 12

## Footnote It's common practice to have a 'vars' subdirectory in your Ansible project directory for storing different include files. If the 'var' subdirectory exists, then it isn't necessary to include it in the path when including a variables file.

Answer 13

Refer to a variable as: `{{ web_package }}` If the variable is the first element, quotes must be used: `"{{ web_package }}"` If the variable is used in a conditional, no curly braces are needed: `web_package`

Answer 14

Host variables are variables that are specific to a single host. They are defined in a YAML file that has the name of the inventory hostname and are stored in a 'host_vars' subdirectory within the project directory. ## Footnote You can also define variables for host groups. This file should have the name of the host group and be located within the 'group_vars' directory in the project directory.

Answer 15

hostvars: a dictionary that contains all variables applied to a specific host inventory_hostname: inventory name of the current host inventory_hostname_short: short host inventory name groups: all hosts in inventory, and groups these hosts belong to group_names: list of groups the current host is a part of ansible_check_mode: boolean that indicates if play is in check mode ansible_play_hosts: active hosts in the current play ansible_version: current Ansible version ## Footnote System variables are built in and cannot be used for anything else.

Answer 16

1. The file could be located in a subdirectory (inside the base host_vars directory) named after the host in question. In this scenario that would be 'host_vars/webserver01/vault.yml' (the name of the variables file ultimately doesn't matter as long as it's inside the host_vars directory) 2. 'ansible-vault create host_vars/webserver01/vault.yml' 3. 'ansible-playbook --ask-vault-pass startup.yml' ## Footnote When creating a vault file via the 'ansible-vault create' command, the user will be prompted for a password that will then be used to protect the vault file. The '--ask-vault-pass' option allows the 'ansible-playbook' command to prompt the user for the encryption password for the vault file.

Answer 17

ansible-playbook --vault-password-file=/root/vault-pass startup.yml

Answer 18

In the play header, add the following: gather_facts: no ## Footnote Even if fact gathering is disabled, it can be enabled again by running the 'setup' module in a task.

Answer 19

ansible_facts

Answer 20

ansible_facts['default_ipv4']['address'] ## Footnote This syntax also works: ansible_facts.default_ipv4.address This syntax, although deprecated, works as well: ansible_default_ipv4.address

Answer 21

Custom facts, unlike host variables, are stored on the managed host. Custom facts are stored in an 'ini' or 'json' file in the '/etc/ansible/facts.d' directory on the managed host. These files must end with a '.fact' extension. Custom facts must have a '[label]' to help identify the variables. ## Footnote The '/etc/ansible/facts.d' directory doesn't usually exist by default on a host.

Answer 22

Custom facts are stored in the "ansible_facts['ansible_local']" variable.

Answer 23

[apache] package=httpd package_state=installed service=httpd state=started enabled=true

Answer 24

ansible pg-01 -m setup -a "filter=ansible_local" ## Footnote The 'setup' module is useful for verifying whether variables are available to a host. It is automatically called by other playbooks during the fact gathering phase.

Answer 25

loop: allows you to loop over a list of items when: performs tasks only when a variable is equal to a specific value handlers: tasks that only run when notified by other tasks

Answer 26

## Footnote 'item' is the variable that is automatically created per loop iteration.

Answer 27

## Footnote Remember, variables used in 'when' conditionals don't need to be surrounded in curly brackets or double quotes. They're automatically considered to be in Jinja2 syntax.

Answer 28

The 'httpd' package will only be installed when the target host is running CentOS and when the host has less than 512 MB of memory available. ## Footnote Ansible 'when' statements can take lists to form complex multi-conditional requirements.

Answer 29

'httpd' will be removed from a host if it is running RedHat and has less than 512 MB of memory free, or if the host is running CentOS and it has less than 1024 MB of memory available. ## Footnote The '>' at the beginning of the 'when' statement allows the following value to wrap across multiple lines.

Answer 30

This playbook prompts the user for a value and then places that value in the 'username' variable. Next, it searches the '/etc/passwd' file and prints out a debug message only when the '/etc/passwd' file contains the 'username' for which the user is searching. ## Footnote "private: no" allows the user to see their input as they type it out at the command line. This 'when' statement showcases how to access fields within registered output.

Answer 31

## Footnote To run a handler, a 'notify' statement with the name of the handler must be present in the main task. Normally, handlers only execute *after* running all tasks in a play. However, using 'meta: flush_handlers' will run handlers immediately. Only handlers that have been notified by this point in the play are flushed, not *all* handlers. If one of the next tasks in the play fails, handlers will not run. This can be overridden by using 'force_handlers: True'

Answer 32

Blocks are best used for error handling: 1. 'block' defines the main tasks to run 2. 'rescue' defines tasks to run if the tasks defined in 'block' fail 3. 'always' defines tasks that will *always* run

Answer 33

This block will attempt to remove the '/var/www/html/index.html' file. If this removal command fails, then the 'rescue' section will be triggered and '/tmp/rescuefile' will be created. Then, no matter the outcome of the previous sections, the 'always' section will be triggered. This will log a message to the system logs and then print a debug message.

Answer 34

Using 'ignore_errors' in a task/play will instruct Ansible to ignore errors generated and continue the play/task for that host. ## Footnote If 'ignore_errors: yes' and 'force_handlers: no' are both set, then handlers *will* run after failing tasks.

Answer 35

The first task in this playbook will *always* fail, however it will still continue to the debug task due to 'ignore_errors: yes' being set for the first task. ## Footnote 'failed_when' can be used to specify custom failure conditions for a task.

Answer 36

The first task in this playbook will *always* fail, however it will still continue to the debug task due to 'ignore_errors: yes' being set for the *entire* play. Additionally, the 'fail' module is being used to print a custom error message. The 'fail' task will trigger when the string 'world' is found in the output of the 'echo' command in the first task. ## Footnote When using the 'fail' module, the failing task must have 'ignore_errors' set to 'yes'

Answer 37

You may want to define custom 'changed' conditions for non-idempotent modules such as 'command' or 'shell.' Non-idempotent modules can only discern a difference between success and failure and cannot discern between changed/not-changed. Therefore, non-idempotent modules may falsely report 'changed' when in reality no change has happened.

Answer 38

An 'include' is a dynamic process. Ansible processes the contents of the included files at the moment the include is reached. An 'import' is a static process. Ansible preprocesses the imported file contents before the actual play is started. ## Footnote Playbook imports must be defined at the beginning of the playbook, using 'import_playbook' You cannot trigger a handler in an imported task file from the main task file.

Answer 39

This playbook will only *include* the tasks in the 'tasks/service.yaml' file when the host OS is in the RedHat family. This include will happen dynamically, meaning that the tasks will be included only once execution reaches this 'include_tasks' line. On the other hand, the 'tasks/firewall.yaml' file will always be *imported* into the playbook. Additionally, this will occur before the playbook begins executing tasks. ## Footnote Both tasks are using variables that are defined in the included/imported task files.

Answer 40

`ansible.builtin.lineinfile` - useful for changing a single line in a file `ansible.builtin.blockinfile` - manipulates multi-line blocks of text in files `ansible.builtin.file` - sets attributes to files, and can also create and remove files, symbolic links and more `ansible.builtin.stat` - useful for requesting file statistics (works well when combined with registering output to a variable)

Answer 41

`ansible.builtin.copy` - copies a file from a local machine to a location on a manged host `ansible.builtin.fetch` - used to fetch a file *from* a remote machine `ansible.posix.synchronize` - synchronizes files 'rsync' style (only works if 'rsync' is installed on on the target hosts) `ansible.posix.patch` - applies patches to files

Answer 42

'ansible_managed' is often used as a comment in configuration files to indicate that the file is managed by Ansible. It is commonly used in templates or tasks that generate files to ensure that users know the file is managed by Ansible and should not be modified manually. 'ansible_managed' is commonly defined in 'ansible.cfg' under the '[defaults]' section. ## Footnote Here is an example: `ansible_managed={file} modified by Ansible on %d-%m-%Y by {uid}`

Answer 43

``` - name: Create VSFTPD config from template template: src: vsftpd.j2 dest: /etc/vsftpd/vsftpd.conf ``` ## Footnote This assumes that 'vsftpd.j2' is located under './templates/vsftpd.j2'

Answer 44

``` {% for host in groups['db_servers'] %} {{ host }} {% endfor %} ```

Answer 45

``` {% for host in groups['db_servers'] %} {{ hostvars[host]['ansible_eth0']['ipv4']['address'] }} {% endfor %} ``` ## Footnote Before accessing facts about a host, you have to first be sure that the facts have been populated. You can ensure this by having a previous play/task contact the server.

Answer 46

'ansible.builtin.file' sets SELinux context directly on files and *not* in the policy. 'community.general.sefcontext' sets context in the SELinux policy but not to files. It's common to then use 'ansible.builtin.command' to run 'restorecon' so that these changes are applied to the filesystem.

Answer 47

policycoreutils-python-utils ## Footnote You can easily install this with the 'ansible.builtin.yum' module.

Answer 48

``` hostvars groups group_names inventory_hostname ``` ## Footnote `groups` is a dictionary of all groups in the inventory with each host that belongs to each group. `group_names` is a list of groups to which the current host belongs.

Answer 49

Ansible uses the 'roles_path' setting when installing roles. The default 'roles_path' will use the following order of precedence: * A roles directory in the current project directory * The '~/.ansible/roles' directory * '/etc/ansible/roles' * '/usr/share/ansible/roles' | Roles will be installed to the *first* directory in the 'roles_path' ## Footnote 'ansible-galaxy role install -p [alternate-path]' can be used to install roles in different locations.

Answer 50

ansible-galaxy role list

Answer 51

The first source installs version 2 of 'myrole' from a Git repository. The second source installs 'myrole' as 'mytarrole' from a file URI. The last source installs 'myrole' as 'mywebrole' from a web location. ## Footnote If a role is hosted in Git, the 'scm: git' attribute is required, otherwise Ansible will interpret the Git URL incorrectly. SCM (Source Code Management)

Answer 52

Tasks specified under 'pre_tasks:' will run before roles while tasks specified under 'post_tasks:' will run *after* roles.

Answer 53

Variables in the 'defaults' directory in the role provide default variables that are intended to be changed in plays. Variables in the 'vars' directory in the role are used for internal purposes in the role and are not intended to be overwritten in the playbook.

Answer 54

ansible-galaxy init database

Answer 55

Installing the RPM is better than installing the content collection. The RPM comes with sample playbooks located in the '/usr/share/doc/rhel-system-roles' directory. ``` dnf install rhel-system-roles ```

Answer 56

* at the play level with the 'roles' option: This is the classic way of using roles in a play. * at the tasks level with 'ansible.builtin.include_role': You can reuse roles dynamically anywhere in the tasks section of a play using 'include_role' * at the tasks level with 'ansible.builtin.import_role': You can reuse roles statically anywhere in the tasks section of a play using 'import_role' * as a dependency of another role

Answer 57

``` --- - hosts: webservers roles: - common - webservers ``` ## Footnote You could also use fully qualified paths: ``` --- - hosts: webservers roles: - role: '/path/to/my/roles/common' - role: '/path/to/my/roles/webservers' ```

Answer 58

Add the following to 'ansible-navigator.yml' ``` ansible-navigator: playbook-artifact: enable: false ```

Answer 59

'verbosity' allows you to set a condition for when specific 'debug' tasks will run. For example, if you have a 'debug' task with 'verbosity: 2' set, then the task will only execute if the playbook is executed from the command line with the '-vv' option. ## Footnote The number passed to 'verbosity' determines how many '-v' options are necessary for it to run.

Answer 60

You can use the '--check' option with 'ansible-playbook' on the command line. | '-C' is the short form of the check option. ## Footnote Modules in the playbook must support check mode for this to work. Check mode doesn't always work well in conditionals.

Answer 61

--diff ## Footnote For example, if you had a playbook named 'apache_setup.yml' that used the 'web_conf.j2' template to create the '/etc/issue' file, you could see the differences between the template and the current file by running the following: ``` ansible-playbook apache_setup.yml --check --diff ```

Answer 62

The 'uri' module is used to check content that is returned from a specific URL. The 'stat' module returns a dictionary of statistics about a specific file. These results can be registered in a variable for future testing. The 'assert' module will fail with an error if a specific condition is *not* met.

Answer 63

`atime`: last access time of the file `isdir`: true if file is a directory `exists`: true if file exists `size`: size in bytes

Answer 64

The playbook prompts the user for a number (representing a filesize in megabytes) and then stores that in the 'filesize' variable. Next, the 'assert' module is used to determine whether the input provided is in between 1 and 100. If it is, then the 'success_msg' is displayed. If not, the 'fail_msg' is displayed. Lastly, if the 'assert' is succesful, the file is created. ## Footnote In the 'assert' task, the 'filesize' variable must be converted into an integer before being compared. The input from 'vars_prompt' is stored as a string by default.

Answer 65

## Footnote To install a package group, put a '@' in front of the name.

Answer 66

``` - name: Get information about packages ansible.builtin.package_facts: manager: auto ``` ## Footnote This will cause Ansible to gather package facts and store them within the 'ansible_facts['packages']' variable. The 'manager' argument is used to specify which package manager to use. The value of 'auto' tells the module to automatically detect the appropriate package manager to use.

Answer 67

`ansible.builtin.yum_repository` This module creates a repository file in the '/etc/yum.repos.d' directory. ## Footnote If the module argument 'gpgcheck: yes' is used, then the 'ansible.builtin.rpm_key' module must be used to install the GPG key.

Answer 68

createrepo ## Footnote Install this command with 'dnf install createrepo_c'

Answer 69

`ansible.posix.authorized_key` ## Footnote The public key being copied must be in a public location on the control host, where it is readable.

Answer 70

ansible.builtin.known_hosts ## Footnote This is often used to ensure that users are not prompted to verify the remote host SSH key fingerprint before connecting to the server.

Answer 71

The 'shell' module can be used. Here is an example task using variables 'password' and 'user': ```- name: setting user password shell: echo {{ password }} | passwd --stdin {{ user }}``` The 'ansible.builtin.password_hash' filter can also be used. Example: ```"{{ 'testing' | password_hash('sha512') }}"```

Answer 72

'ansible.posix.at' is used to run a one-time job at a future time. 'ansible.builtin.cron' is used to run repeating jobs through the Linux cron daemon.

Answer 73

This playbook is using the 'ansible.builtin.cron' module to schedule a cron job to run every 2 minutes during the hours of 8 AM to 6 PM. The 'job' parameter contains the actual shell commands that will be executed. The 'cron_file' parameter specifies the file where the job definition will be stored. By default, a relative path will be interpreted with respect to the '/etc/cron.d' directory.

Answer 74

'ansible.posix.mount' is used to mount existing filesystems. 'community.general.parted' is used to manage partitions. 'community.general.lvg' is used for managing volume groups. 'community.general.lvol' is used to manage logical volumes. 'community.general.filesystem' can be used to create filesystems on the new devices.

Answer 75

Python must be installed on *both* the controller node *and* the managed nodes. Ansible generates Python scripts from playbooks and then pushes those scripts out to managed nodes where they will execute. ## Footnote Network devices are an exception, as they don't typically have a Python interpreter installed.

Answer 76

Ansible will attempt to run the playbook and/or commands against localhost.

Answer 77

``` server[1:10].example.com ``` ## Footnote Ansible allows you to specify ranges in inventory files.

Answer 78

``` ansible-inventory --graph ```

Answer 79

``` ansible-doc -s user ``` ## Footnote '-s' stands for snippet.

Answer 80

``` module_name= ```

Answer 81

``` ansible-playbook -C setup.yml ``` ## Footnote The long option also works: ```ansible-playbook --check setup.yml```

Answer 82

``` ansible-playbook --vault-id @prompt file_server.yml ``` ## Footnote When no ID is specified during the created of the vault encrypted file, the default Vault ID is used. Passing `--vault-id @prompt` to `ansible-playbook` tells Ansible to prompt for a password for the default Vault ID. If you wanted to ask for a password for a specific Vault ID, you would use `--vault-id @prompt` on the command line.

Answer 83

``` --- - name: test register hosts: all tasks: - shell: cat /etc/passwd register: passwd_contents - debug msg: passwd contains users lisa when: passwd_contents.stdout.find('lisa') != -1 ``` This 'debug' task will use the Python 'find' function to search for the string 'lisa' within 'passwd_contents.stdout' If the Python 'find' function finds the string, it returns a number (a byte offset) representing the location of the beginning of the string relative to the beginning of the file. If the string isn't found, the function returns the integer -1 ## Footnote The indentation of this example is incorrect, because Brainscape cannot properly format the YAML text.

Answer 84

``` any_errors_fatal: true ``` ## Footnote If you set `any_errors_fatal` and a task returns an error, Ansible finishes the fatal task on all hosts in the current batch and then stops executing the play on all hosts. Subsequent tasks and plays are not executed. You can recover from fatal errors by adding a rescue section to the block.

Answer 85

`ansible.builtin.wait_for_connection` ## Footnote The 'delay' parameter is the number of seconds to wait before starting to poll. The 'timeout' parameter is the maximum number of seconds to wait for.

Answer 86

1: In 'ansible.cfg' add: ```forks=50``` 2: As a command line option to 'ansible' or 'ansible-playbook' use: ```-f 50``` or ```--forks 50``` ## Footnote Processing is performed on the managed host when it has a Python stack. Network devices and IoT devices often do not have Python, in which case processing is performed on the control node.

Answer 87

``` ansible-config list ```

Answer 88

Insert the following into the play header: `serial: 1` ## Footnote You can define how many hosts Ansible should manage at a single time using the `serial` keyword. The `serial` keyword also takes batch sizes as a percentage of the total number of hosts being managed.

Answer 89

The 'log_path' parameter can be configured in the 'ansible.cfg' file. Alternatively, Ansible can log to the filename that is specified by the '$ANSIBLE_LOG_PATH' variable.

Answer 90

``` ansible-playbook --step postgres_setup.yml ```

Answer 91

``` ansible-playbook --start-at-task="gather repo info" cache_review.yml ```

Answer 92

``` ansible-playbook --list-tasks apache_setup.yml ``` ## Footnote This will not list tasks that are included dynamically.

Answer 93

In Ansible playbooks, tags are attributes applied to tasks (or other items such as blocks, plays, roles, *imported* tasks/playbooks) that allow you to selectively run specific parts of a playbook. On the command line, you can specify tags to be executed via the `ansible-playbook --tags "" ` command. Additionally, you can specify tags to not be executed via the `ansible-playbook --skip-tags "" ` command. ## Footnote The `""` is specified as a comma separated list of values.

Answer 94

`always`: makes sure a task always runs, unless specifically skipped via `--skip-tags always` `never`: never runs a task, unless it is specifically requested `tagged`: runs all tagged tasks `untagged`: runs all untagged tasks `all`: runs all tasks

Answer 95

Add the following line to the inventory file: ``` web-nginx-01.example.com ansible_host=192.168.4.55 ```

Answer 96

``` check_mode: no ```

Answer 97

``` - ansible.builtin.dnf name: '*' state: latest ```

Answer 98

1. Install the FTP package. 2. Start and enable the FTP server. 3. Open the firewall for FTP traffic. 4. Make sure the FTP shared repository directory is available. 5. Download packages to the repository directory. 6. Use the Linux `createrepo` command to generate the index that is required in each repository. ## Footnote A *repository* is a directory that contains RPM files, as well as the repository metadata. The *metadata* is an index that allows repository clients to figure out which packages are available in the repository. For a very basic FTP server, it's easiest to just allow anonymous login. If you're using VSFTPD, you can add the following line to the '/etc/vsftpd/vsftpd.conf' file: `anonymous_enable=YES`

Answer 99

``` - ansible.builtin.yum name: nmap download_only: true download_dir: /var/ftp/repo ``` ## Footnote The `download_only` argument ensures that the package is just downloaded, *not* installed. To finish setting up this repository, assuming all FTP related settings are configured, you would only need to run the `createrepo /var/ftp/repo` command (via the Ansible 'command' module) to generate the repository metadata.

Answer 100

Add the following three tasks: ``` - ansible.builtin.lineinfile: path: /etc/vsftpd/vsftpd.conf regexp: '^anonymous_enable=NO' line: anonymous_enable=YES - ansible.builtin.service: name: vsftpd state: started enabled: true - ansible.posix.firewalld: service: ftp state: enabled immediate: yes permanent: yes ```

Answer 101

``` createrepo_c ``` ## Footnote If you forget this, you can always execute `dnf whatprovides createrepo` to search the repositories for the relevant RPMs.

Answer 102

`sshpass` ## Footnote `sshpass` allows you to provide the ssh password without using the prompt, which can be helpful for scripting.

Answer 103

``` - community.general.redhat_subscription: username: "{{ rh_username }}" password: "{{ rh_password }}" state: present ``` ## Footnote Don't forget to run this playbook with the `--ask-vault-pass` option on the command line. This is necessary if no vault password file is being provided.

Answer 104

``` - ansible.builtin.user: name: william create_home: yes groups: wheel, students append: yes ``` ## Footnote The 'append' argument is necessary to ensure that exisiting group memberships are not overwritten.

Answer 105

``` validate: 'visudo -cf %s' ``` ## Footnote The '-c' or '--check' option for 'visudo' stands for check. By default, this instructs the command to check for syntax errors. The '-f' or '--file' option specifies an alternate sudoers file location. In the above example, the location passed to the '-f' option is the '%s' placeholder. The 'validate' argument in the 'ansible.builtin.template' module exposes the '%s' variable as a placeholder for working with the newly generated file.

Answer 106

ansible.builtin.known_hosts

Answer 107

ansible.posix.authorized_key

Answer 108

``` --- - name: lookup plugin demo hosts: localhost vars: file_contents: "{{ lookup('file', '/etc/hosts') }}" ```

Answer 109

``` - ansible.posix.authorized_key: user: ansible state: present key: "{{ lookup('file', 'files/ansible/id_rsa.pub) }}" ``` ## Footnote The `authorized_key` module cannot read files from a hidden directory, therefore the contents of the public SSH key file must be copied over to a non-hidden directory before being copied to the SSH server via this module.

Answer 110

``` --- - name: create user with SSH keys hosts: localhost vars: username: admin tasks: - ansible.builtin.user: name: "{{ username }}" generate_ssh_key: true ```

Answer 111

``` ansible.builtin.service_facts ```

Answer 112

`mask` marks a systemd service in such a way that it *cannot* be started, not even by accident.

Answer 113

``` - ansible.builtin.file: src: /usr/lib/systemd/system/graphical.target dest: /etc/systemd/system/default.target state: link ``` ## Footnote The default Systemd target is detemined by the symbolic link '/etc/systemd/system/default.target' pointing to the desired target unit file.

Answer 114

``` - ansible.builtin.cron: name: "run on reboot" state: present special_time: reboot job: "echo rebooted at $(date) >> /var/log/rebooted" ```

Answer 115

```ansible.builtin.set_fact``` For example, this task will search the devices on managed nodes and then set a new 'disk2name' variable if 'sdb' is detected: ```- ansible.builtin.set_fact: disk2name: sdb when: ansible_facts['devices']['sdb'] is defined```

Answer 116

``` - community.general.parted: name: partition1 label: gpt device: /dev/vdb number: 1 state: present part_start: 1MiB part_end: 2GiB ``` | Spacing is incorrect due to Brainscape. Each argument should be flush. ## Footnote The 'name' argument is required for GPT partitions. This gives the partition a unique name. The 'label' argument specifies the *type* of partition to be created. This is 'msdos' by default. The 'number' argument specifies the partition number. The 'state: present' argument is used to create/ensure the partition while 'state: absent' would delete the partition. The 'part_start' argument indicates the starting position for the partition, expressed as an offset from the beginning of the device. Similarly, the 'part_end' argument indicates the ending point for the partition, expressed as an offset from the beginning of the device. In the above example, the partition is not created right at the very beginning of the device in order to leave enough room for the metadata.

Answer 117

``` - community.general.parted: name: partition2 label: gpt device: /dev/vdb number: 2 state: present part_start: 2 GiB flags: [ lvm ] ``` | Spacing is incorrect due to Brainscape. Each argument should be flush. ## Footnote Leaving out the 'part_end' argument informs Ansible to use the default value of 100%, using up the rest of the device space. The 'flags' argument sets the partition type to 'lvm' and is required in order to use it in logical volume groups.

Answer 118

`/dev/vgdata/lvdata`

Answer 119

``` - community.general.lvg: vg: vgdata pesize: "8" pvs: /dev/sdb1, /dev/sdc1 ```

Answer 120

``` - community.general.lvol: lv: lvdata size: 100%FREE vg: vgdata ```

Answer 121

``` - community.general.filesystem: dev: /dev/vgdata/lvdata fstype: xfs ```

Answer 122

``` - ansible.posix.mount: src: /dev/vgdata/lvdata fstype: xfs state: mounted path: /indices ```

Answer 123

In Ansible, there's no well-known module designed specifically for managing swap space, therefore the 'ansible.builtin.command' module is used to directly run the 'swapon' command. Just make sure to format the filesystem as swap (via the 'community.general.filesystem' module or via the 'mkswap' command) before running the 'swapon' command.

Answer 124

``` ansible1 ansible_host=ansible1.example.com ansible2 ansible_host=ansible2.example.com ansible3 ansible_host=ansible3.example.com ```

Answer 125

At the command line, add the following argument: ``` -e ansible_python_interpreter=/usr/bin/python3.9 ``` In your playbook play header, add the following: ``` vars: ansible_python_interpreter: /usr/bin/python3.9 ```

Answer 126

``` hostvars[host]['ansible_facts'] ```

Answer 127

`ansible-playbook --vault-id prod@~/ansible/.prodpass apache_setup.yml`

Answer 128

Add the following line to the 'defaults' section of the 'ansible.cfg' file: `vault_identity_list=dev@~/ansible/.devpass,prod@~/ansible/.prodpass`

Commands & Configuration Flashcards

(156 cards)