Red Hat Enterprise Linux (RHEL) System Roles

Updated -

Red Hat Enterprise Linux (RHEL) 7.4 Beta introduces RHEL System Roles. The RHEL System Roles are a collection of Ansible roles that provide a stable and consistent configuration interface to remotely manage RHEL 6.9 and later versions of Red Hat Enterprise Linux. The effort is based on development of the Linux System Roles upstream project.

RHEL System Roles Overview

Red Hat Enterprise Linux (RHEL) 7.4 Beta introduces RHEL System Roles. The RHEL System Roles are a collection of Ansible roles that provide a stable and consistent configuration interface to remotely manage RHEL 6.9 and later versions of Red Hat Enterprise Linux. The effort is based on development of the Linux System Roles upstream project.

The initial set of roles includes:

  • kdump
  • postfix
  • network
  • selinux
  • timesync

Ansible is provided as an unsupported dependency as means of implementing RHEL System Roles. Full support for Ansible is not planned as part of the Red Hat Enterprise Linux subscription. RHEL System Roles are currently available as a Technology Preview with the intent to promote to Full Support at a later date.

RHEL System Roles and Ansible packages will be provided in the RHEL Extras channel according to the Red Hat Enterprise Linux Extras Product Life Cycle.
Typically Ansible and the RHEL System Roles only need to be installed on a single, or few, management node(s) which can then be used to manage or configure client nodes. While the roles will likely work with earlier versions, compatibility is only tested against versions RHEL 6.9 and later.

Getting Started

Installing RHEL System Roles and Ansible

The rhel-system-roles and ansible RPM packages are provided in the RHEL 7.4 Beta Extras channel.

  • To temporarily enable the Extras channel and install:

    # yum  --enablerepo=rhel-7-server-extras-beta-rpms  install  rhel-system-roles  ansible
    
  • To persistently enable the Extras channel and install using yum-config-manager:

    # yum-config-manager  --enable rhel-7-server-extras-beta-rpms  
    # yum install  rhel-system-roles  ansible
    
  • To persistently enable the Extras channel and install using Red Hat Subscription Manager:

    # subscription-manager  --enablerepo=rhel-7-server-extras-beta-rpms  install  rhel-system-roles  ansible
    # yum install  rhel-system-roles  ansible
    

Documentation

The rhel-system-roles package will install by default to the following locations where SUBSYSTEM is the name of the subsystem that the individual role manages. Examples may include network, timesync, or other subsystems as they become supported. Each subsystem role will include a README file which documents how to use the role and supported parameter values, as well as the matching README in the linux-system-roles Ansible Galaxy landing space.

  • Documentation

        /usr/share/doc/rhel-system-roles/SUBSYSTEM/
    
  • Ansible Roles

        /usr/share/ansible/roles/rhel-system-roles.SUBSYSTEM/
    

Example usage of the rhel-system-roles.network role

This example assumes the following

  • Generally, Ansible is not installed on every system, but rather on a single system designated as the Ansible management or control node who's purpose is to manage other systems via Ansible.
  • This example is executed from a RHEL 7.4 system used as the Ansible control node.
  • A target, or client test system with a hostname of rhel7.4-beta
  • rhel7.4-beta has a primary network interface to access (eth0), and a secondary interface for this example (eth1).
  • Either the rhel7.4-beta FQDN or IP Address has been added to the Ansible Inventory file /etc/ansible/hosts on the control node.
  • The control node user ID running the test playbook has ssh access to, and sudo ability on rhel7.4-beta. Alternatively, the -u option can be used to specify a user which does have this ability.
  • For further details, see the Ansible Getting Started or Quick Start Video at http://docs.ansible.com/ for further details on how to use Ansible.
  1. Using a text editor, create a file containing contents similar to the following:

    $ vim example-network-playbook.yml
    ---
    - hosts: rhel7.4-beta
      vars:
        network_connections:
          - name: DBnic
            state: up
            type: ethernet
            interface_name: eth1
            autoconnect: yes
            ip:
              dhcp4: yes
              auto6: no
      roles:
        - role: rhel-system-roles.network
    
  2. Test that we have access to the machine. If not, refer to the Ansible documentation on how to enable Ansible to access a remote system.

    $ ansible -m ping rhel7.4-beta
    rhel7.4-beta | SUCCESS => {
        "changed": false, 
        "ping": "pong"
    }
    
  3. Query the Ansible Facts to see the guests network configuration.

    $ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_interfaces' 
    
    rhel7.4-beta | SUCCESS => {
        "ansible_facts": {
            "ansible_interfaces": [
                "lo", 
                "eth1", 
                "eth0"
            ]
        }, 
        "changed": false
    }
    
  4. Query the Ansible Facts to see the characteristics of eth1

    $ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_eth1' 
    rhel7.4-beta | SUCCESS => {
        "ansible_facts": {
            "ansible_eth1": {
                "active": true, 
                "device": "eth1", 
                "features": {
                    "busy_poll": "off [fixed]", 
                    "fcoe_mtu": "off [fixed]", 
                    "generic_receive_offload": "on", 
                    "generic_segmentation_offload": "on", 
                    "highdma": "on [fixed]", 
                    "hw_tc_offload": "off [fixed]", 
                    "l2_fwd_offload": "off [fixed]", 
                    "large_receive_offload": "off [fixed]", 
                    "loopback": "off [fixed]", 
                    "netns_local": "off [fixed]", 
                    "ntuple_filters": "off [fixed]", 
                    "receive_hashing": "off [fixed]", 
                    "rx_all": "off [fixed]", 
                    "rx_checksumming": "on [fixed]", 
                    "rx_fcs": "off [fixed]", 
                    "rx_vlan_filter": "on [fixed]", 
                    "rx_vlan_offload": "off [fixed]", 
                    "rx_vlan_stag_filter": "off [fixed]", 
                    "rx_vlan_stag_hw_parse": "off [fixed]", 
                    "scatter_gather": "on", 
                    "tcp_segmentation_offload": "on", 
                    "tx_checksum_fcoe_crc": "off [fixed]", 
                    "tx_checksum_ip_generic": "on", 
                    "tx_checksum_ipv4": "off [fixed]", 
                    "tx_checksum_ipv6": "off [fixed]", 
                    "tx_checksum_sctp": "off [fixed]", 
                    "tx_checksumming": "on", 
                    "tx_fcoe_segmentation": "off [fixed]", 
                    "tx_gre_segmentation": "off [fixed]", 
                    "tx_gso_robust": "off [fixed]", 
                    "tx_ipip_segmentation": "off [fixed]", 
                    "tx_lockless": "off [fixed]", 
                    "tx_mpls_segmentation": "off [fixed]", 
                    "tx_nocache_copy": "off", 
                    "tx_scatter_gather": "on", 
                    "tx_scatter_gather_fraglist": "off [fixed]", 
                    "tx_sctp_segmentation": "off [fixed]", 
                    "tx_sit_segmentation": "off [fixed]", 
                    "tx_tcp6_segmentation": "on", 
                    "tx_tcp_ecn_segmentation": "on", 
                    "tx_tcp_segmentation": "on", 
                    "tx_udp_tnl_segmentation": "off [fixed]", 
                    "tx_vlan_offload": "off [fixed]", 
                    "tx_vlan_stag_hw_insert": "off [fixed]", 
                    "udp_fragmentation_offload": "on", 
                    "vlan_challenged": "off [fixed]"
                }, 
                "macaddress": "52:54:00:e1:c2:4c", 
                "module": "virtio_net", 
                "mtu": 1500, 
                "pciid": "virtio4", 
                "promisc": false, 
                "type": "ether"
            }
        }, 
        "changed": false
    }
    
  5. Execute your example playbook. Note: You may safely ignore the warning message for now that the “wait for activation” feature is not yet implemented.

    $ ansible-playbook -l rhel7.4-beta example-network-playbook.yml
    PLAY [rhel7.4-beta] **********************************************************************
    
    TASK [Gathering Facts] *******************************************************************
    ok: [rhel7.4-beta]
    
    TASK [rhel-system-roles.network : Set version specific variables] ***********************
    ok: [rhel7.4-beta] => (item=/etc/ansible/roles/rhel-system-roles.network/vars/default.yml)
    
    TASK [rhel-system-roles.network : Install packages] *************************************
    ok: [rhel7.4-beta]
    
    TASK [rhel-system-roles.network : Enable network service] *******************************
    ok: [rhel7.4-beta]
    
    TASK [rhel-system-roles.network : Configure networking connection profiles] *************
    
    changed: [rhel7.4-beta]
    
    TASK [rhel-system-roles.network : Re-test connectivity] *********************************
    ok: [rhel7.4-beta]
    
    PLAY RECAP *******************************************************************************
    rhel7.4-beta               : ok=6    changed=1    unreachable=0    failed=0   
    
  6. Query again to see that eth1 is now online and has a IP Address assigned.

    $ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_eth1' 
    
    rhel7.4-beta | SUCCESS => {
        "ansible_facts": {
            "ansible_eth1": {
                "active": true, 
                "device": "eth1", 
                "features": {
                    "busy_poll": "off [fixed]", 
                    "fcoe_mtu": "off [fixed]", 
                    "generic_receive_offload": "on", 
                    "generic_segmentation_offload": "on", 
                    "highdma": "on [fixed]", 
                    "hw_tc_offload": "off [fixed]", 
                    "l2_fwd_offload": "off [fixed]", 
                    "large_receive_offload": "off [fixed]", 
                    "loopback": "off [fixed]", 
                    "netns_local": "off [fixed]", 
                    "ntuple_filters": "off [fixed]", 
                    "receive_hashing": "off [fixed]", 
                    "rx_all": "off [fixed]", 
                    "rx_checksumming": "on [fixed]", 
                    "rx_fcs": "off [fixed]", 
                    "rx_vlan_filter": "on [fixed]", 
                    "rx_vlan_offload": "off [fixed]", 
                    "rx_vlan_stag_filter": "off [fixed]", 
                    "rx_vlan_stag_hw_parse": "off [fixed]", 
                    "scatter_gather": "on", 
                    "tcp_segmentation_offload": "on", 
                    "tx_checksum_fcoe_crc": "off [fixed]", 
                    "tx_checksum_ip_generic": "on", 
                    "tx_checksum_ipv4": "off [fixed]", 
                    "tx_checksum_ipv6": "off [fixed]", 
                    "tx_checksum_sctp": "off [fixed]", 
                    "tx_checksumming": "on", 
                    "tx_fcoe_segmentation": "off [fixed]", 
                    "tx_gre_segmentation": "off [fixed]", 
                    "tx_gso_robust": "off [fixed]", 
                    "tx_ipip_segmentation": "off [fixed]", 
                    "tx_lockless": "off [fixed]", 
                    "tx_mpls_segmentation": "off [fixed]", 
                    "tx_nocache_copy": "off", 
                    "tx_scatter_gather": "on", 
                    "tx_scatter_gather_fraglist": "off [fixed]", 
                    "tx_sctp_segmentation": "off [fixed]", 
                    "tx_sit_segmentation": "off [fixed]", 
                    "tx_tcp6_segmentation": "on", 
                    "tx_tcp_ecn_segmentation": "on", 
                    "tx_tcp_segmentation": "on", 
                    "tx_udp_tnl_segmentation": "off [fixed]", 
                    "tx_vlan_offload": "off [fixed]", 
                    "tx_vlan_stag_hw_insert": "off [fixed]", 
                    "udp_fragmentation_offload": "on", 
                    "vlan_challenged": "off [fixed]"
                }, 
                "ipv4": {
                    "address": "192.168.122.216", 
                    "broadcast": "192.168.122.255", 
                    "netmask": "255.255.255.0", 
                    "network": "192.168.122.0"
                }, 
                "ipv6": [
                    {
                        "address": "fe80::5054:ff:fee1:c24c", 
                        "prefix": "64", 
                        "scope": "link"
                    }
                ], 
                "macaddress": "52:54:00:e1:c2:4c", 
                "module": "virtio_net", 
                "mtu": 1500, 
                "pciid": "virtio4", 
                "promisc": false, 
                "type": "ether"
            }
        }, 
        "changed": false
    }
    

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.