Tag Archives: ansible

Ansible EX294 practice exam and solutions

I am hopefully going to take the second half of my RHCE exam this year, which is EX294. I have taken inspiration from https://www.lisenet.com/2019/ansible-sample-exam-for-ex294/ and https://ziyonotes.uz/rJt6DcqXr, and have decided to provide my own answers and explanations as I myself prepare for the exam.

I’ve also only used 4 VM’s in total, 1 controller and 3 nodes, and not 4 nodes as the practice exam suggests.

Here are the tips that I’ve found helpful so far:

  • ansible and ansible-playbook share most of it’s syntax. So if it’s -b to use become on ansible-playbook, then it’s most likely the same with ansible.
  • The most important tip of all – use ansible-doc! ansible-doc <module> (like ansible-doc user) will not only give you a list of attributes that you can use, but if you see almost at the bottom of the page, there are examples!
  • Make sure that all of the services that are supposed to come back up at boot, do so! Make the services persistent, if the exam says so!
  • Remember that if you enable a service, that it doesn’t mean that the change is immediate! Remember to check the ansible-doc page for the module if there is an immediate attribute that you can use.
  • Use the command ansible all -m setup after you have set up your inventory to see all of the variables gathered by the facts module. They might come in handy!

Task 1 – Ansible installation and configuration

Remember that the default location for the original ansible.cfg is /etc/ansible/ansible.cfg, which you can copy over to your local folder (in this case it’s /home/automation/plays/).

ansible.cfg

These are the fields that I’ve changed in my own ansible.cfg file:

inventory

Task 2 – Ad-Hoc commands

What they mean by the use of “Ad-Hoc” is your typical ansible one liners. Which is to actually use the command ansible. I’ve placed the following ansible one liners in a file named adhoc. Remember to change the permissions on the file (chmod +x adhoc) before you run it.

adhoc

In this particular case I’m connecting as the user cloud_user, which will then use sudo to perform the commands.

The above is exactly the same as the playbook below (which I have named create_automation_user.yml):

Task 3 – File content

motd.yml

Task 4 – Configure SSH server

sshd.yml

Task 5 – Ansible vault

secret.yml

Use the following command to create the ansible vault file named secret.yml:

This file should contain:

Use the password devops to protect the file you create.

vault_key

Create a regular file named vault_key that contains the following:

Task 6 – Users and groups

This is the most difficult task I’ve encountered so far.

user_list.yml

users.yml

Task 7 – Scheduled tasks

regular_tasks.yml

Task 8 – Software repositories

repository.yml

Task 9 – Create and work with roles

mysql.yml

sample-mysql/tasks/main.yml

You can create an empty role, named sample-mysql, by running the commands:

I decided to go with the package mysql-server instead of the mysql-community-server that is listed in the Lisenet exam. The contents of the file sample-mysql/tasks/main.yml:

sample-mysql/templates/my.cnf.j2

Task 10 – Create and work with roles (some more)

apache.yml

sample-apache/handlers/main.yml

You can create an empty role, named sample-apache, by running the commands:

As for the contents of the file sample-apache/handlers/main.yml:

sample-apache/tasks/main.yml

Task 11: Download roles from Ansible Galaxy and use them

Install the role named geerlingguy.haproxy by running these commands:

It will install the role in the roles-location specified in ansible.cfg. In this case, /home/automation/plays/roles/.

haproxy.yml

Task 12: Security

We need to make sure that the package named rhel-system-roles is installed on the controller itself (not the nodes!). So run:

This will install the roles to the folder /usr/share/ansible/roles/.

ansible.cfg

Because the role is installed in a different location than we have specified in our ansible.cfg, we need to add this path. So the following line in ansible.cfg:

becomes this:

If you look in the folder /usr/share/ansible/roles/ now, you’ll see that there is a symlink named linux-system-roles.selinux, which points to rhel-system-roles.selinux. We will be using the symlink in the next configuration file.

selinux.yml

Task 13: Use conditionals to control play execution

sysctl.yml

Task 14 – Use archiving

archive.yml

Task 15 – Work with Ansible facts

facts.yml

Task 16 – Software packages

packages.yml

Task 17 – Services

target.yml

Task 18 – Create and use templates to create customised configuration files

server_list.j2

server_list.yml