Red Hat Enterprise Linux (RHEL) System Roles
Red Hat Enterprise Linux (RHEL) 7.4 Beta introduces RHEL System Roles. The RHEL System Roles are a collection of Ansible roles that provide a stable and consistent configuration interface to remotely manage RHEL 6.9 and later versions of Red Hat Enterprise Linux. The effort is based on development of the Linux System Roles upstream project.
RHEL System Roles Overview
Red Hat Enterprise Linux (RHEL) 7.4 Beta introduces RHEL System Roles. The RHEL System Roles are a collection of Ansible roles that provide a stable and consistent configuration interface to remotely manage RHEL 6.9 and later versions of Red Hat Enterprise Linux. The effort is based on development of the Linux System Roles upstream project.
The initial set of roles includes:
- kdump
- postfix
- network
- selinux
- timesync
Ansible is provided as an unsupported dependency as means of implementing RHEL System Roles. Full support for Ansible is not planned as part of the Red Hat Enterprise Linux subscription. RHEL System Roles are currently available as a Technology Preview with the intent to promote to Full Support at a later date.
RHEL System Roles and Ansible packages will be provided in the RHEL Extras channel according to the Red Hat Enterprise Linux Extras Product Life Cycle.
Typically Ansible and the RHEL System Roles only need to be installed on a single, or few, management node(s) which can then be used to manage or configure client nodes. While the roles will likely work with earlier versions, compatibility is only tested against versions RHEL 6.9 and later.
Getting Started
Installing RHEL System Roles and Ansible
The rhel-system-roles and ansible RPM packages are provided in the RHEL 7.4 Beta Extras channel.
-
To temporarily enable the Extras channel and install:
# yum --enablerepo=rhel-7-server-extras-beta-rpms install rhel-system-roles ansible -
To persistently enable the Extras channel and install using
yum-config-manager:# yum-config-manager --enable rhel-7-server-extras-beta-rpms # yum install rhel-system-roles ansible -
To persistently enable the Extras channel and install using Red Hat Subscription Manager:
# subscription-manager --enablerepo=rhel-7-server-extras-beta-rpms install rhel-system-roles ansible # yum install rhel-system-roles ansible
Documentation
The rhel-system-roles package will install by default to the following locations where SUBSYSTEM is the name of the subsystem that the individual role manages. Examples may include network, timesync, or other subsystems as they become supported. Each subsystem role will include a README file which documents how to use the role and supported parameter values, as well as the matching README in the linux-system-roles Ansible Galaxy landing space.
-
Documentation
/usr/share/doc/rhel-system-roles/SUBSYSTEM/ -
Ansible Roles
/usr/share/ansible/roles/rhel-system-roles.SUBSYSTEM/
Example usage of the rhel-system-roles.network role
This example assumes the following
- Generally, Ansible is not installed on every system, but rather on a single system designated as the Ansible management or control node who's purpose is to manage other systems via Ansible.
- This example is executed from a RHEL 7.4 system used as the Ansible control node.
- A target, or client test system with a hostname of rhel7.4-beta
- rhel7.4-beta has a primary network interface to access (eth0), and a secondary interface for this example (eth1).
- Either the rhel7.4-beta FQDN or IP Address has been added to the Ansible Inventory file /etc/ansible/hosts on the control node.
- The control node user ID running the test playbook has ssh access to, and
sudoability on rhel7.4-beta. Alternatively, the-uoption can be used to specify a user which does have this ability. - For further details, see the Ansible Getting Started or Quick Start Video at http://docs.ansible.com/ for further details on how to use Ansible.
-
Using a text editor, create a file containing contents similar to the following:
$ vim example-network-playbook.yml --- - hosts: rhel7.4-beta vars: network_connections: - name: DBnic state: up type: ethernet interface_name: eth1 autoconnect: yes ip: dhcp4: yes auto6: no roles: - role: rhel-system-roles.network -
Test that we have access to the machine. If not, refer to the Ansible documentation on how to enable Ansible to access a remote system.
$ ansible -m ping rhel7.4-beta rhel7.4-beta | SUCCESS => { "changed": false, "ping": "pong" } -
Query the Ansible Facts to see the guests network configuration.
$ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_interfaces' rhel7.4-beta | SUCCESS => { "ansible_facts": { "ansible_interfaces": [ "lo", "eth1", "eth0" ] }, "changed": false } -
Query the Ansible Facts to see the characteristics of eth1
$ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_eth1' rhel7.4-beta | SUCCESS => { "ansible_facts": { "ansible_eth1": { "active": true, "device": "eth1", "features": { "busy_poll": "off [fixed]", "fcoe_mtu": "off [fixed]", "generic_receive_offload": "on", "generic_segmentation_offload": "on", "highdma": "on [fixed]", "hw_tc_offload": "off [fixed]", "l2_fwd_offload": "off [fixed]", "large_receive_offload": "off [fixed]", "loopback": "off [fixed]", "netns_local": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "rx_all": "off [fixed]", "rx_checksumming": "on [fixed]", "rx_fcs": "off [fixed]", "rx_vlan_filter": "on [fixed]", "rx_vlan_offload": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "scatter_gather": "on", "tcp_segmentation_offload": "on", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "tx_checksumming": "on", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gso_robust": "off [fixed]", "tx_ipip_segmentation": "off [fixed]", "tx_lockless": "off [fixed]", "tx_mpls_segmentation": "off [fixed]", "tx_nocache_copy": "off", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_sit_segmentation": "off [fixed]", "tx_tcp6_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_segmentation": "on", "tx_udp_tnl_segmentation": "off [fixed]", "tx_vlan_offload": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "udp_fragmentation_offload": "on", "vlan_challenged": "off [fixed]" }, "macaddress": "52:54:00:e1:c2:4c", "module": "virtio_net", "mtu": 1500, "pciid": "virtio4", "promisc": false, "type": "ether" } }, "changed": false } -
Execute your example playbook. Note: You may safely ignore the warning message for now that the “wait for activation” feature is not yet implemented.
$ ansible-playbook -l rhel7.4-beta example-network-playbook.yml PLAY [rhel7.4-beta] ********************************************************************** TASK [Gathering Facts] ******************************************************************* ok: [rhel7.4-beta] TASK [rhel-system-roles.network : Set version specific variables] *********************** ok: [rhel7.4-beta] => (item=/etc/ansible/roles/rhel-system-roles.network/vars/default.yml) TASK [rhel-system-roles.network : Install packages] ************************************* ok: [rhel7.4-beta] TASK [rhel-system-roles.network : Enable network service] ******************************* ok: [rhel7.4-beta] TASK [rhel-system-roles.network : Configure networking connection profiles] ************* changed: [rhel7.4-beta] TASK [rhel-system-roles.network : Re-test connectivity] ********************************* ok: [rhel7.4-beta] PLAY RECAP ******************************************************************************* rhel7.4-beta : ok=6 changed=1 unreachable=0 failed=0 -
Query again to see that eth1 is now online and has a IP Address assigned.
$ ansible rhel7.4-beta -m setup -a 'gather_subset=network filter=ansible_eth1' rhel7.4-beta | SUCCESS => { "ansible_facts": { "ansible_eth1": { "active": true, "device": "eth1", "features": { "busy_poll": "off [fixed]", "fcoe_mtu": "off [fixed]", "generic_receive_offload": "on", "generic_segmentation_offload": "on", "highdma": "on [fixed]", "hw_tc_offload": "off [fixed]", "l2_fwd_offload": "off [fixed]", "large_receive_offload": "off [fixed]", "loopback": "off [fixed]", "netns_local": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "rx_all": "off [fixed]", "rx_checksumming": "on [fixed]", "rx_fcs": "off [fixed]", "rx_vlan_filter": "on [fixed]", "rx_vlan_offload": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "scatter_gather": "on", "tcp_segmentation_offload": "on", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "tx_checksumming": "on", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gso_robust": "off [fixed]", "tx_ipip_segmentation": "off [fixed]", "tx_lockless": "off [fixed]", "tx_mpls_segmentation": "off [fixed]", "tx_nocache_copy": "off", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_sit_segmentation": "off [fixed]", "tx_tcp6_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_segmentation": "on", "tx_udp_tnl_segmentation": "off [fixed]", "tx_vlan_offload": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "udp_fragmentation_offload": "on", "vlan_challenged": "off [fixed]" }, "ipv4": { "address": "192.168.122.216", "broadcast": "192.168.122.255", "netmask": "255.255.255.0", "network": "192.168.122.0" }, "ipv6": [ { "address": "fe80::5054:ff:fee1:c24c", "prefix": "64", "scope": "link" } ], "macaddress": "52:54:00:e1:c2:4c", "module": "virtio_net", "mtu": 1500, "pciid": "virtio4", "promisc": false, "type": "ether" } }, "changed": false }