Section 11 Flashcards
What is the module and arguments you will need to Setup a yum repo?
yum_repository:
name - name of repo
description - description of repo
file - the .repo file created in /etc/yum.repos.d on the managed machine to store the rpo info
baseurl - url that identifies how to access the repo
gpgcheck
Update all packages on a node
yum:
name: ‘*’
state: latest
What is a package group and how do you install one?
Group of related packages which makes installation easier
yum:
name: ‘@virtualization host’
state: latest
What module do you use to store installed packages in facts?
Perform a playbook that installs software, updates package information in facts.
Next show package information
- package_facts:
manager: auto - debug:
var: ansible_facts.packages[‘nmap’]
manage: This tells which package manager to communicate with. Auto auto detects appropriate package manager
apparently what we’re doing above is gathering facts on installed packages
What is a repository
Directory that contains rpm files as well as repo metadta which is an index that allows the repo client to figure out which packages are available in it.
Install FTP
Start and Enable FTP
Open firewall for FTP traffic
Make sure FTP shared repo directory is available
Download packages to the repo
Use createrepo to generate metadata/index
Page 290
What does a gpg check do?
Guarantees the integrity of packages, most repos are setup with a gpg key.
Enables client to verify that packages haven’t been tampered with. while transmitted between the repo server and client.
What is needed to perform a gpg check?
Client must know where to fetch the repo key, rpm_key can help with this
Why is creating a repo that your system can use complex?
RHEL works with subscriptions, and to be able to access software that is provided through your subscriptions entitlement, you need to setup managed systems to access these subscriptions.
To perform most of the examples for repos, we will need to register at https://developers.redhat.com and sign up for a free subscription.
Register your RHEL credentials for the subscription manager
Find out what pools are available in your account
Connect to a pool
Find out what additional repos are available to your account
Register to use additional repos
subscription-manager register –username=my_username –password=my_password
subscription-manager –available
subscription-manager attach –pool=poolID
subscription-manager repos –list
subscription-manager repos –enable “repos nameol;./”
pool - collection of software channels available to your account.
What are two modules for subscriptions you can use?
redhat_subscription - enables you to perform subscription and registration in one task
rhsm_reposistory - Enables you to add subscription manager repos
purge: true <- disable repos it requires name: though
or just
name: “*”
state: disabled
state can be enabled or disabled
name is always mandatory
name can be comma separated for multiple entries or you can use a yaml list
Fetch a gpg key and setup a repo client
- name: Get GPG pub key
rpm_key:
key: ftp://control.example.com/repo/RPM-GPG-KEY
state: present - name: Set up the repo client
yum_repository:
file: myrepo
name: myrepo
description: example repo
baseurl: ftp://control.example.com/repo
enabled: yes
gpgcheck: yes
state: present
I believe the below was a troubleshooting thing for the gpg keys from last time:
rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Via playbook fully register a new machine and add a new repo to the managed machine.
This play won’t be runnable as such because important additional info needs to be provided.
- name: register and subscribe ansible5
redhat_subscription:
username: bob@example.com
password: verysecretpassword
state: present - name: Configure additional repo access
rhsm_repository:
name: - rh-gluster-3-client-for-rhel-8-x86_64-rpms
- rhel-8-for-x86_64-appstream-debug-rpms
state: present
Set up a repo server that is based on ftp
Create a second play that configures the clients with appropriate repo access
Next install a package
pg 294
Create either an http repo or an ftp repo
install createrepo/createrepo_c
subscription-manager repos –list-enabled
subcription-manager repos –disable * - or just repo names
mkdir /localrepo
dnf install –downloadonly –downloaddir /localrepo
vi /etc/yum.repos.d/local.repo
[centos7]
name=centos7
baseurl=file:///localrepo/ (this is the direcat ctory we created)
enabled=1
gpgcheck=0
createrepo /localrepo
dnf clean all (clear repo cache)
dnf install nmap
if you setup http your base will be
baseurl=http://ansible3/repo
baseurl=ftp://ansible3/repo
localrepo should either be on /var/www/html/repo
or
var/ftp/repo/
or
var/vsftpd/repo/
You will need to configure selinux appropriately here
for ftp with user and pass
baseurl=http://user:pass@example.com/myrepo/Dev-Repo
What does a gpg key do vs a repomd.xml file?
GPG - enables verification
repomd.xml - creates a detached signature that crypotgraphically proves the metadata hasn’t been altered. This is signed with your private key.
Without signing and verifying a gpg key is just a pair of numbers.
