This comprehensive guide provides a series of practice tasks designed to simulate the Red Hat Certified Engineer (RHCE) exam environment. Each task is crafted to test and reinforce your skills in Ansible automation, system administration, and configuration management.
- Basic understanding of Ansible concepts
- Access to a lab environment with multiple nodes (node1, node2, node3, node4, node5)
- Familiarity with RHEL 9 administration
- Install and Configure Ansible on the Control Node
- Create repo.yml for Configuring Repository in All Nodes
- Create Roles Directory and Download Roles
- Create Offline Apache Role
- Create Balancer and PHPInfo Roles Playbook
- Install Ansible Content Collections
- Install Packages in Multiple Groups
- Create Web Content Playbook
- Collect Hardware Report
- Replace /etc/issue File
- Configure /etc/myhosts
- Create and Encrypt Vault Variable File
- Configure Users Using Variable Files
- Rekey Variable File
- Create Cronjob for User student
- Create and Use Logical Volume
- Use RHEL Timesync System Role
- Use SELinux Role for All Nodes
- Install required Ansible packages.
- Verify if ansible is installed
ansible --version
- If not installed do this:
sudo dnf install ansible
- Create a static inventory file at
/home/student/ansible/inventory:- node1: dev group
- node2: test group
- node3, node4: prod group
- node5: balancers group
- prod group is a member of the host group
- Create the /ansible folder
mkdir /ansible
- Create the inventory file and add the configuration.
vim inventory
[dev]
node1
[test]
node2
[prod]
node3
node4
[balancers]
node5
[host:children]
prod
- Create
ansible.cfgwith the following configurations:- Inventory file:
/home/student/ansible/inventory - Roles location:
/home/student/ansible/roles - Collections location:
/home/student/ansible/mycollection
- Inventory file:
vim ansible.cfg
[defaults]
remote_user=student
inventory=/home/student/ansible/inventory
roles_path=/home/student/ansible/roles
collection_path=/home/student/ansible/mycollection
[privilege_escalation]
become=true
become_method=sudo
become_user=root
Create repo.yml to configure the following repositories on all nodes:
-
baseos-internal:
- Description: "baseos description"
- URL:
http://content/rhel9.0/x86_64/dvd/baseos - GPG enabled, key:
http://content.example.com/rhel9.0/x86_64/dvd/rpm-gpg-key-redhat-release - Repository enabled
-
appstream-internal:
- Description: "app description"
- URL:
http://content/rhel9.0/x86_64/dvd/appstream - GPG enabled, key:
http://content.example.com/rhel9.0/x86_64/dvd/rpm-gpg-key-redhat-release - Repository enabled
vim repo.yml
---
- name: Configuring Repositories in ALL Nodes.
hosts: all
tasks:
- name: BaseOS
yum_repository:
name: baseos-internal
description: baseos description
baseurl: http://content/rhel9.0/x86_64/dvd/baseos
gpgkey: http://content.example.com/rhel9.0/x86_64/dvd/rpm-gpg-key-redhat-release
gpgcheck: yes
enabled: yes
- name: AppStream
yum_repository:
name: appstream-internal
description: app description
baseurl: http://content/rhel9.0/x86_64/dvd/appstream
gpgkey: http://content.example.com/rhel9.0/x86_64/dvd/rpm-gpg-key-redhat-release
gpgcheck: yes
enabled: yes
- Create
/home/student/ansible/rolesdirectory. - Create
requirements.ymlin the roles directory. - Download roles using Galaxy command:
- balancer:
http://content.example.com/rhce/balancer.tar - phpinfo:
http://content.example.com/rhce/phpinfo.tar
- balancer:
- Download and set the roles:
wget http://content.example.com/rhce/balancer.tar
wget http://content.example.com/rhce/phpinfo.tar
vim requirements.yml
---
- src: /home/student/ansible/roles/balancer.tar
name: balancer
- src: /home/student/ansible/roles/phpinfo.tar
name: phpinfo
ansible-galaxy install -r requirements.yml
- Move the roles created in .ansible to your roles folder:
cd /home/student/.ansible/roles
mv * /home/student/ansible/roles/
- Create role 'apache' under roles directory:
- Install and enable httpd package and service
- Host web page using
template.j2 template.j2content:Welcome to <hostname> on <ipaddress>
- Create
apache_role.ymlplaybook and run the role in the dev group.
ansible-galaxy init apache
cd apache/
vim /templates/template.j2
Welcome to {{ ansible_facts['hostname'] }} on {{ ansible_facts[ansible_default_ipv4][address] }}
vim /tasks/main.yml
---
- name: Install Apache
dnf:
name:
- httpd
- firewalld
state: latest
- name: Start httpd service
service:
name: httpd
state started
enabled: yes
- name: Start firewalld service
service:
name: firewalld
state: restarted
enabled: yes
- name: add http service in firewall rule
firewalld:
service httpd
state enabled
permanent yes
immediate: yes
- name: copy the template.j2 file to web server directory
template:
src template.j2
dest: /var/www/html/index.html
- In your /ansible folder
vim apache_role.yml
---
- name: Use apache role
hosts: dev
roles:
- apache
ansible-playbook apache_role.yml
Create /home/admin/ansible/roles.yml:
- Use roles from Ansible Galaxy.
- Configure load balancing for webserver host group.
- Implement phpinfo role for webserver host group.
- Ensure proper output for balancer and phpinfo pages.
Install the following collections in the local collections directory:
http://server.lab.example.com/role-collections/redhat-rhel_system_roles.tar.gzhttp://server.lab.example.com/role-collections/community-general-8.3.0.tar.gzhttp://server.lab.example.com/role-collections/ansible-posix-1.5.4.tar.gz
wget http://server.lab.example.com/role-collections/redhat-rhel_system_roles.tar.gz
wget http://server.lab.example.com/role-collections/community-general-8.3.0.tar.gz
wget http://server.lab.example.com/role-collections/ansible-posix-1.5.4.tar.gz
ansible-galaxy collection install /home/student/ansible/mycollection/redhat-rhel_system_roles.tar.gz -p /home/student/ansible/mycollection/
ansible-galaxy collection install /home/student/ansible/mycollection/community-general-8.3.0.tar.gz -p /home/student/ansible/mycollection/
ansible-galaxy collection install /home/student/ansible/mycollection/ansible-posix-1.5.4.tar.gz -p /home/student/ansible/mycollection/
Create packages.yml:
- Install vsftpd and mariadb-server in dev and test groups.
- Install "RPM Development Tools" group package in prod group.
- Update all packages in each group.
- Use separate plays for each task.
vim packages.yml
---
- name: packages installation
hosts: dev,test
tasks:
- name: Install vsftpd and mariadb-server
dnf:
name:
- vsftpd
- mariadb-server
state: present
- name: Install "RPM Development Tools" group package
hosts: prod
tasks:
- name: Install RPM
dnf:
name: '@RPM Development Tools'
state: present
- name: update packages
hosts: all
tasks:
- name: updating all
dnf:
name: '*'
state: latest
ansible-playbook packages.yml
Create webcontent.yml for dev group:
- Create
/devwebdirectory owned by devops group. - Set context type as httpd.
- Set permissions: user=rwx, group=rwx, others=rx, with group special permission.
- Create
/devweb/index.htmlwith content "Development". - Link
/devwebto/var/www/html/devweb.
vim webcontent.yml
---
- name: Create web content
hosts: dev
tasks:
- name: create a dir
file:
path: /devweb
state: directory
mode: '2775'
group: devops
setype: httpd_sys_content_t
- name: create a symbolic link
file:
src: /devweb
dest: /var/www/html/devweb
state: link
setype: httpd_sys_content_t
- name: copy using inline content
copy:
content:
dest:
setype:
- name: permit traffic in default zone
firewalld:
service: http
permanent: true
state: enabled
immediate: true
```
ansible-playbook webcontent.yml
Create hwreport.yml:
- Download
hwreport.txtfromhttp://content.example.com/rhce/hwreport.empty. - Save as
/root/hwreport.txt. - Show "none" if no information is available.
wget http://content.example.com/rhce/hwreport.empty
vim hwreport.j2
Hostname={{ ansible_facts['hostname'] | default('none') }}
Total_memory={{ ansible_facts['memtotal_mb'] | default('none') }}
Bios_version={{ ansible_facts['bios_version'] | default('none') }}
CPU={{ ansible_facts['processor']['processor_cores'] | default('none') }}
vda_size={{ ansible_facts['devices']['vda']['size'] | default('none') }}
vdb_size={{ ansible_facts['devices']['vda']['size'] | default('none') }}
vim hwreport.yml
---
- name: Collect Hardware Report
hosts: all
tasks:
- name: Create template
template:
src: hwreport.j2
dest: /root/hwreport.txt
ansible-playbook hwreport.yml
Create issue.yml:
- dev group: "Development"
- test group: "Test"
- prod group: "Production"
- Run on all managed nodes.
vim issue.yml
---
- name: Replace issue file on hosts
hosts: all
tasks:
- name: Replace template
template:
src: issue.j2
dest: /etc/issue
vim issue.j2
{% if 'dev' in group_names %}
"Development"
{% elif 'test' in group_names %}
"Test"
{% elif 'prod' in group_names %}
"Production"
{% endif %}
ansible-playbook issue.yml
Create hosts.yml:
- Download template from
http://content.example.com/rhce/hosts.j2. - Populate with node information (IP, FQDN, hostname).
- Save as
/etc/myhostson all managed nodes. - Run in dev group.
wget http://content.example.com/rhce/hosts.j2
vim host.j2
add this to the hosts.j2 template
...
{% for in groups['all'] %}
{{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{
hostvars[host].ansible_hostname }}
{% endfor %}
vim hosts.yml
---
- name: use template hosts.j2
hosts: all
tasks:
- name: execute the template
template:
src: ./hosts.j2
dest: /etc/myhosts
- name: delete from all
hosts: all, !dev
tasks:
- name: delete file
file:
path: /etc/myhosts
state: absent
ansible-playbook hosts.yml
- Create
vault.ymlwith variables:- pw_developer: lamdev
- pw_manager: lammgr
- Encrypt using password "P@ssword".
- Store password in
secret.txt.
vim secret.txt
P@assword
ansible-vault create vault.yml --vault-password-file=secret.txt
pw_developer: lamdev
pw_manager: lammgr
ansible-vault view vault.yml --vault-password-file=secret.txt
- Modify the ansible.cfg and add the vault password file
vim ansible.cfg
[defaults]
remote_user=student
inventory=/home/student/ansible/inventory
roles_path=/home/student/ansible/roles
collection_path=/home/student/ansible/mycollection
vault_password_file=./secret.txt
[privilege_escalation]
become=true
become_method=sudo
become_user=root
Create users.yml:
- Download
user_list.ymlfromhttp://content.example.com/rhce/user_list.yml. - Use
user_list.ymlandvault.yml. - Create opsdev and opsmgr groups.
- Create users based on job roles.
- Set passwords using SHA512 format.
- Use when conditions for different host groups.
wget http://content.example.com/rhce/user_list.yml
vim users.yml
---
---
- name: Configure users using variables files
hosts: all
vars_files:
- vault.yml
- user_list.yml
tasks:
- name: Configure group for development hosts
group:
name: opsdev
state: present
when: "'dev' in group_names or 'test' in group_names"
- name: Configure user for dev hosts
user:
name: "{{ item.name }}"
group: opsdev
password: "{{ pw_developer | password_hash('sha512') }}"
when: "'dev' in group_names or 'test' in group_names and item.job == 'developer'"
loop: "{{ myusers }}"
- name: Configure group for prod hosts
group:
name: opsmgr
state: present
when: "'prod' in group_names"
- name: Configure user for prod hosts
user:
name: "{{ item.name }}"
group: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
when: "'prod' in group_names and item.job == 'manager'"
loop: "{{ myusers }}"
ansible-playbook users.yml
Rekey http://content.example.com/rhce/salaries.yml:
- Old password: cisco
- New password: redhat
wget http://content.example.com/rhce/salaries.yml
ansible-vault rekey solaries.yml
Create crontab.yml:
- Set up cron job for user student on all nodes.
- Run every 2 minutes:
logger "EX294 in progress"
vim crontab.yml
---
- name: Create Cronjob for User student
hosts: all
tasks:
-name: Execute cronjob
cron:
name: logger
minute: "*/2"
user: student
job: logger "EX294 in progress"
state: present
ansible-playbook crontab.yml
Create /home/admin/ansible/ansible/lv.yml:
- Create logical volume "data" in "research" volume group.
- Size: 1500 MiB (fallback to 800 MiB if not possible).
- Format with ext4 filesystem.
- Handle errors for non-existent volume group.
- Do not mount the logical volume.
vim lv.yml
---
name: Create LV
hosts: all
tasks:
- name: Print not existent
debug:
msg: "The volume group does not exist"
when: ansible_lvm.vgs.research is not defined
- name: Create lv 1500m
lvol:
vg: research
lv: data
size: 1500m
ignore_errors: yes
register: lv_result
- name: Create lv 800m
lvol:
vg: research
lv: data
size: 800m
when: lv_result is failed
- name: Format to ext4
filesystem:
fstype: ext4
dev: /dev/research/data
Create /home/admin/ansible/timesync.yml:
- Run on all managed nodes.
- Use timesync role.
- Configure active NTP provider.
- Use time server: classroom.lab.example.com.
- Enable iburst parameter.
vim timesync.yml
---
- name: use timesync
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.lab.example.com
iburst: yes
roles:
- rhel.system-roles.timesync
ansible-playbook timesync.yml
Create selinux.yml:
- Set SELinux to enforcing mode on all nodes.
vim selinux.yml
---
- name: configure selinux
hosts: all
vars:
selinux_state: enforcing
roles:
- role: rhel-system-roles.selinux
become: true
ansible-playbook selinux.yml
Work through these tasks systematically to prepare for your RHCE exam. Test each playbook in your lab environment and verify the expected outcomes. Remember to consult the official Red Hat documentation for any clarifications. Good luck with your exam preparation!