►
Description
A show that features the people and technology that make Red Hat® Enterprise Linux® into the the world’s leading enterprise Linux platform.
In this episode, Scott McBrien will be talking about utilizing the RHEL System Roles to automate changes across your system populations. Based on Ansible automation technology, but included with RHEL, these roles allow you to expand your playbooks to include selected system administration configuration changes and tasks.
A
A
B
Well,
we
talked
last
episode
was
with
john
spinks
and
we're
talking
about
management
and
insights,
and
I
think
we
will
touch
on
it
a
little
bit
when
we
we
start
talking
about
system
rules
a
bit
because
base
ansible.
C
A
Cool,
so
system
roles
are
not
system
purpose
right.
That
is
a.
B
Good
distinction
to
make
right
and
when
we
were
initially
doing
our
setup
for
the
show
we
were
talking
about
this
a
little
bit,
and
you
may
recall
that,
oh
two
or
three
episodes
ago
we
talked
with
rich
dorito
and
rich
dorito
was
we
were
talking
about
sys
subscription
manager
and
then
there's
this
affiliated
tool
called
system,
purpose
or
cis
purpose
right.
This
purpose
is
used
to
identify
this
box,
is
a
production
box
or
a
test
box
or
something
along
those
lines.
B
So
when
it
registers
with
red
hat
subscription
manager,
it
will
look
at
the
pool
of
available
subscriptions
in
your
account
and
choose
one
that
it
thinks
is
the
best
match
so
that
you're
not
tying
a
premium.
24X7
support
subscription
to
your
dev
box.
Right
right
doesn't
need
that
yeah,
and
so
that's
that's.
B
Extensions
for
playbooks,
okay,
so
ansible
has
a
whole
bunch
of
different
things
that
they
use
to
extend
beyond
just
like
their
yaml
and
playbook
infrastructure.
Right
they've
got
modules,
they've
got
plug-ins,
they
also
have
roles
and
that's
what
system
rules
is
it's
one
of
its
ansible
role
or
infrared
rules.
B
We
never
tell
them
how
to
use
them
right,
and
so,
when
we
get
to
the
demo,
I'll
actually
be
showing
like
how
it
all
hooks
up
in
your
playbook,
but
they
are
pre-made
by
red
hat,
there's
actually
an
upstream
project
for
them
and
then
what
gets
sent
as
part
of
red
hat
enterprise
linux
so
as
we're
working
on
new
ones,
you'll
see
them
up
here
in
the
upstream
project
prior
to
their
appearance,
in
red
hat
enterprise
linux.
B
B
But,
for
example,
I
know
that
they're
working
on
one
for
the
rel
h
a
plug-in
or
rel
aj
add-on.
So
you
can
do
some
configuration
of
your
pacemaker
clusters
and
if
you
look
at
the
upstream,
there's,
there's
not
a
lot
there
yet
because
it's
still
very
much
in
development.
B
So
I
would
not
expect
that
one
to
land
in
in
a
recent
release
of
raul
right.
It
might
be
a
couple.
A
Releases
down
the
right
road-
and
I
just
found
it-
they
have
a
web
page
that
kind
of
breaks
down
everything.
That's
in
the
repo
for
you,
including
like
here's
demos,
here's
currently
supported
ones,
here's
ones
that
are
on
the
roadmap
so
be
sure
to
check
that
out.
If
you're
interested
right
is
so,
these
are
ansible
roles
like
I
get
them
from
red
hat.
I
apply
them
on
my
system
using
ansible,
not
rpm
or
yum,
or
anything
like
that.
B
B
Essentially,
your
rel
subscription
will
also
provide
you
access
to
an
ansible
repo
for
the
purpose
of
running
system
worlds,
so
that
you
get
a
supported
ansible
to
run
a
supported
feature
in
prowl,
which
is
system
roles
if
you're
doing
stuff.
Outside
of
that,
you
may
need
an
extra
informal
subscription,
but
for
real
system
roles.
What
comes
with
rel
is
what
you
can
use
and
then
to
to
actually
get
it
going.
B
A
Playbooks,
okay,
cool.
That
makes
sense
so
one
step
to
get
the
thing
another
step
to
actually
execute
the
thing.
B
Yeah
and
when
we
hit
demo
time
I'll
actually
start
from
like
here's,
how
we
subscribe
to
the
ansible
repo
okay,
now,
let's
install
the
pieces,
we
need.
So
it's
not
too
bad.
It's
like
two
rpms,
so
you
need.
A
Yeah,
so
if
folks
are
looking
for
the
official
docs
as
far
as
like
rel
stuff
goes,
since
we've
talked
about.
A
B
So
I,
like
the
the
session
recording
system
role,
it
uses
t
log
as
the
back
end
and
does
the
configuration
for
it
okay,
but
it
only
applies
to
rel
eight.
B
Let's
see
I
like,
I
like
the
kernel
settings
system
rule,
so
it
actually
uses
tunde
behind
the
scenes
to
apply
changes
to
the
system.
But
the
reason
I
really
like
it
is
the
automation
piece
that
system
rules
gets
right.
So
I
worked
a
lot
of
places
where
you
would
have
a
farm
of
boxes.
That
are
databases,
and
maybe
you
know,
let's
say
mysql.
B
Somebody
finds
a
document
that
says
my
sequel
should
have
the
swappiness
value
of
the
kernel
set
to
20.
right,
so
you
go
around
and
as
you're
building
all
those
boxes,
that's
what
you
do
and
then
you
find
another
article
from
a
more
reputable
source
or
more
recently
that
says
no.
That
should
really
be
10
right,
not
20.,
okay!
B
Well,
in
the
olden
days,
you
then
ran
around
all
the
boxes
and
like
did
the
needful
on
them,
and
now,
if
you
had
implemented
a
system
role
for
that,
you
can
literally
just
like
update
the
playbook,
actually
keep
the
playbook
across
population.
B
So,
okay,
that
that's
why
I
like
it
and
systemworld,
has
kind
of
an
interesting
history
of
how
it
came
about.
B
So
originally
it
started
because,
as
we
release
new
major
releases
of
growl
right
so
from
six
to
seven,
there
was
a
lot
of
change
that
happened
there.
B
B
And
then
you
know
when
you
go
to
rail
eight.
Well,
I
think
the
differential
between
seven
and
eight
was
not
as
large.
You
still
get
some
of
those
technological
changes
absolutely,
and
so
the
original
intention
behind
system
rules
was,
let's
provide
a
method
that
administrators
could
use
to
do
something
like
set
their
ntp
servers
like
right.
That's
a
pretty
common
thing
to
have
across
your
population.
B
What
ntp
servers
should
they
use,
and
so
in
six
seven
and
eight
those
were
potentially
different
methods
of
applying
that
change,
different
technologies,
different
files
and
you
had
to
know.
A
A
B
And
we
still
have
that
it's
and
it's
great
protocol
is
a
great
resource.
B
But
like
from
a
customer
perspective
or
from
a
you
know,
administrator
user
perspective,
that's
super
annoying
because
here
you
are
you've
got
this
large
fleet
of
systems
on
route
six
and
then
row
seven
comes
out,
and
now
you
have
to
know.
Oh
there's
a
real
six
box.
I
need
to
do
it
this
way.
Oh,
it's
real
seven
blocks.
B
So
one
of
the
things
with
system
rules
is
that
when
you
use
it
it
is
cross
rel
capable
so,
for
example,
date
time
sake.
System
rule
is
a
good
example
of
that
you
can
just
put
in
the
ntp
servers.
You
want
your
boxes
to
get,
and
if
it's
on
rel
six
it
does
ntpd
configuration
stuff.
If
it's
on
rail
seven,
it
actually
checks
to
see
whether
using
ntpd
or
crony
and
does
the
right
thing
and
on
rail
eight
it
uses
crony.
B
So,
for
example,
kernel
settings
was
added
in
rel
8.3
and
I
believe
it
had
also
been
added
in
seven
to
nine,
but
rel
six
was
already
in
maintenance
phase,
two,
which
means
no
new
features,
including
system
rules.
So
it
was
not
put
into
rule
six.
B
Rel7
has
now
crossed
into
maintenance
phase
two,
so
we'll
no
longer
be
getting
new
features,
so
any
new
system
rules
we
make
aren't
going
to
be
backported
in
rel7,
and
then
there
are
some
like
session
recording
where
that
that
technology
doesn't
come
with
anything
about
rally
at
this
point.
So
if
you
run
it
on
a
route,
seven
or
six
bucks,
it's
not
gonna
do
anything.
Okay,.
B
A
B
Sorry
for
the
dog
here
we
go.
B
Yeah,
I
still
use
that
567
web-based
cheat
sheet
occasionally,
but
mostly
because,
like
wait,
five
was
12
years
ago.
What
did
I
do.
A
Well,
I'm
thinking
of
the
the
folks
that
are
like
changing
jobs
and
they
walk
in
to
upgrade.
You
know
a
fleet
of
servers
and
it's
like
okay,
I
was
using
seven
and
they're
on
five
still
and
I'm
trying
to
get
them
upgraded
kind
of
thing
right,
like
I've
been
in
situations
like
that.
So
having
this
cheat
sheet
really
helps
you
like,
if
you've
been.
A
B
I
actually
was
just
asked
yesterday
about
six
to
seven
upgrades:
it's
like
okay,
so
six
is
it
extended
life
support
phase,
so
very
limited
updates,
essentially
critical
and
an
important
security
errata
only
with
an
add-on
subscription
right.
So
you
don't
have
that
on.
You
don't
get
any
updates
anymore
for
it.
Rel7
is
in
maintenance,
phase
2.
So
it's
got.
B
I
don't
know
two
two
and
a
half
years
left
before
it
goes
extended
life,
support
and
end
of
life
phase.
B
Maybe
it's
worthwhile
to
go
through
all
that
effort
to
get
up
to
eight,
which
is
currently
in
full
support
phase
for
another
see
a
year
year
and
a
half.
A
So
I
forget,
but
I
did
stumble
across
the
life
cycle
page
when
I
was
searching.
So
let
me
go.
B
Yeah,
it
was
released
in
2019,
so
2024
is
when
it
goes
out
of
full
support
and
goes
into
maintenance
support
for
another
five
years.
So
I
mean
you
still
got
a
lot
of
life
left
on
rail
eight
and
we're
doing
work
to
make
the
transition
between
major
versions
easier.
C
B
March,
I
think
it
is
we're
going
to
have
terry
bowling
on
he's
the
cool
and
we're
going
to
talk
about
leap
which
is
the
in-place
upgrade
utility
yeah.
So
we're
currently
using
that
for
seven
to
eight
we're
going
to
continue
to
use
it
for
eight
to
nine.
But
because
the
differential
between
eight
and
nine
is
not
as
great.
It
should.
C
B
Easier
and
smoother
for
people
to
use
for
eight
to
nine.
A
Yeah
and
it's
like
we've
gotten
way
better
at
point
releases
too
right
the
whole
release
process
right.
I
feel
the
evolution
right
like
happening
underneath
me
as
a
user,
all
right,
it's
pretty
great
yeah.
So
is
there
any
other
questions
I
needed
to
ask
you
specific
to
system
roles.
Let
me
double.
A
A
Right
this
is
part
of
rel.
You
don't
have
to
buy
ansible
the
purpose
of
system
roles
we
kind
of
discussed.
Oh.
B
As
that,
like,
let
me
run
some.
Let
me
have
a
slightly
different
administrative
interface
that
I
don't
have
to
care
about
version
so
that,
as
we
have
these
major
versions
changes,
you
don't
have
to
go
through
and
update
all
of
your
scripting
procedures.
Automation
right,
it
all
just
still
kind
of
works,
but
out
of
that
has
generated
kind
of
a
new
idea
of
what
we
could
use
system
rules
for
which
is
standard
operating
environment.
B
B
To
use
your
isp
well,
whoever
you
can,
you
can
do
that
and
you
could
put
it
in
your
your
ansible
playbook,
using
system
roll
to
apply
it
across.
There
are
also
some
newer
system
rules
that
do
administrative
tasks.
B
B
It
will
something
like
storage
will,
provide
you
more
value,
the
more
complicated
the
more
homogeneous.
A
B
Hardware
is
so
if
all
your
hardware
has
the
exact
same
disk
layout,
has
the
exact
same
number
of
disks,
the
exact
same
devices
of
disk,
then
the
storage
role
is
really
really
handy.
You
can
execute
that
change
and
kind
of
know
that
across
your
population
that
new
partition
is
one
gonna,
be
able
to
be
made
and
two
isn't
gonna
bother
something
else
or
do
something
wonky
yeah.
So
if
you
have
a
really
disparate
population
of
all
random
stuff,
then
that
probably
would
not
be
the
best
choice
to
do.
Yeah.
A
We
had
my
first
job
out
of
the
air
force.
We
had
different
like
classes
of
servers
and
that's
where
I
see
that
being
helpful
right
like
if
you
have
20
batch
processing
boxes
and
they
need
this
amount
of
storage
and
this
much
intent.
And
this
much
and
you
know
var
that
is
super
helpful.
But
that
could
be
something
completely
different.
B
And
maybe
you
have
a
standard
operating
environment
that
gets
applied
to
a
specific
type
of
box.
You
have
your
web
server
soe.
You
have
your
database
soe,
but
I
worked
for
a
large
media
conglomerate
and
their
process
for
acquiring
new
hardware
was
buying
whatever
was
left
over
at
the
hardware
manufacturer.
B
C
B
So
we
would
get
things
like
dl280s
hpdl280s,
but
they
would
have
different
number
of
necks,
different
amount
of
ram
different
number
of
cores
different
discs,
and
so
you
know,
while
we
could
guarantee
some
basic
sameness
like
they're
all
going
to
be
the
same
processor
generation
or
there
was
going
to
be
a
minimum
amount
of
ram
that
was
in
there.
We
wouldn't
necessarily
know
the
complete
package
before
we
got
on
and
deployed
it
out
the
data
center
and
some
things
like
knicks,
you
can't
understand.
Oh,
you
can
never
guarantee
yeah
right.
B
Like
I'll
know,
it
has
at
least
two
because
that
was
in
my
spec
when
I,
when
I
put
it
out,
to
be
fulfilled,
but
it
might
have
six
so
yeah
anyway,
but
fun
times
about
standardization
from
the
guy
who
used
to
work
at
nest.
A
C
B
Absolutely
so
let
me
just
reprint
it
in
this
box
here
and
let
me
share
my
screen.
B
Yep,
these
boxes
only
exist
for
30
minutes
at
a
time,
so
you
know
we're
talking
for
20
minutes.
It
would
kind
of
suck
in
10
minutes
and
then
yeah
all
right.
B
So
this
is
a
a
lab
experience
that
I
have
not
completed
if
you
ever
used
a
lab
from
lab.redhat.com
before
typically
there's
like
a
lot
of
pros
in
the
instructions
that
tell
you
like
why
you're
doing
this
step
and
what
to
look
for
in
the
output,
I
haven't
gotten
to
that
yet
so
at
this
point,
this
this
lab
is
essentially
like
click
to
run
this
command.
B
That
might
be
super
complicated
and
has
no
explanation
of
what
it's
doing,
but
here's
the
output
and
there's
no
explanation
of
the
output
either
so
we'll
do
that
live
on
on
the
demo
here
cool.
The
other
thing
I'd
like
to
do
with
this
demo
is
it's
on
a
multi-node
environment.
B
So
I'd
really
like
to
get
it
once.
I've
gotten
all
the
instructional
stuff
ironed
out,
I'd
like
to
get
it
so
that
we
can
apply
the
same
playbook
across
all
the
hosts.
So
that's
that's
my
plan.
I
had
originally
intended
to
have
it
completed
by
the
end
of
2020..
You
can
see
how
that
worked
out
for
me.
A
B
Enough
all
right,
so
I
said
that
the
first
thing
we
need
to
do
was
make
sure
we
have
the
right
software
and
part
of
that
is
getting
access
to
the
ansible
rpm
that
we
need
that
provides
the
hands-on
executable.
B
A
A
B
All
right,
the
next
thing
is
installing
the
software
you
need,
so
I'm
going
to
install
both
the
ansible
rpm
and
the
rel
system,
rules
rpm
and
they'll
pull
in
a
couple
of
different
dependencies
as
well.
Of
course,
yeah.
A
B
So
before
we
go
further,
I
do
just
want
to
point
out
like
where
things
are
going.
So
if
we
take
a
look
at
the
list
of
files
that
were
provided
by
rel
system
roles,.
B
There's
some
documentation:
that's
installed,
that's
text-based,
it's
pretty
basic,
but
here
in
user
share
ansible
roles,
that's
where
the
actual
ansible
stuff
that
makes
it
work
is,
and
so
earlier
we
were
talking
about
the
differential
between
upstream
and
what
comes
as
part
of
realm
there.
It
is
yeah
and.
B
B
The
other
ones,
I
think,
are
all
all
now
fully
supported,
but
that
would
be
referenced
in
the
rel
documentation
that
you
learned
earlier
chris.
So
if
you're
interested
in
which
ones
are
tech
preview
or
not,
you
can
find
them
there
and
so
inside.
These
directories
is
all
the
the
ends
of
holiness.
That
makes
the
roles
work
with
ansible.
A
B
There
we
go
all
right,
so
this
is
a
starting
point
that
I
wanted
to
have
in
the
lab,
especially
because
people
may
not
be
familiar
with
ansible
and
how
they
would
write
a
playbook.
So
I
wanted
to
at
least
give
them
a
starting
point
to
kind
of
work
off
of,
and
what
we
can
see
is
down
here
in
the
roles
section.
B
Nice
craziness,
all
right,
so
kernel
settings
allows
me
to
change
stuff
that
a
2d
can
you
can
change.
A
B
And
I
was
just
talking
with
mike
girette
over
in
the
isv
team
today
about
doing
a
webinar
around
developing
2d
profiles,
specifically
for
people
who
are
writing
and
distributing
software
unreal,
because
I
think
that
including
a
2d
profile
for
your
thing
has
like
that.
Like
extra
level
of
polish-
and
it's
really
not
hard
to
do.
A
Right
to
make
your
thing
perform,
you
know
at
a
certain,
you
know,
performance
level
or
maybe
there'd
be
multiple
profiles,
so
you
could
be
like.
Oh,
is
this
a
high
right?
Is
this
just
a
read-only
replica
like
what
is
this?
You
know
that
kind
of
thing.
B
Folks,
there
we
go
yeah
so
because
I
use
this
kernel
setting
system
rule
and
I'm
now
able
to
do
these
variables.
I'm
just
going
to
set
some
parameters
in
the
proxis
directory
right
and
that's
what
is
happening
here.
B
B
100
it's
going
to
like
try
and
use
swappiness
as
much
spot
or
swap
space
as
much
as
possible,
right
and
so
for
for
databases.
Typically,
you
want
this
to
be
20
or
less
depending
on
the
database,
depending
on
the
workload
you
might
be,
choosing
between
10
and
20-ish.
B
Along
with
that,
I
put
in
some
other
tunables
for
databases
here,
so
in
order
to
kind
of
bring
as
much
performance
as
you
can
out
of
databases,
a
lot
of
the
open
source
and
enterprise
databases
also
tell
you
to
make
some
changes
to
how
your
cache
is
written
and
managed.
Your
file
cache
is
written
and
managed,
and
so
the
vm
dirty
ratio
is
don't
sync
file
cache
until
it's
40
percent,
dirty
and
or
40
of
memory
is
being
used.
They
expire
sent
to
sex
and
right
back
into
sex.
B
So
when
we
decide
that
we
need
to
do
a
a
sink
of
file
cash,
how
long
should
it
be
until
we
decide
that
we
need
to
do
it?
B
And
so
here
we're
saying
that
dirty
pages
expire
in
500
seconds
and
then
trying
to
remember
what
right
back?
Is
it's
another
setting
around
kernel,
chrome
pages?
It
escapes
me
at
the
moment
and
then
the
last
one
is
the
setting
for
semaphores.
B
So
semaphores
are
a
type
of
shared
memory
where
processes
can
pass
information
back
and
forth
to
each
other,
and
so
we're
setting
things
like
the
size.
The
total
number
of
the
minimum
and
maximum
length
of
single
fours
and
it's
a
set
of
four
values
to
get
stuck
in
this
one
kernel
setting
nice
so
so
yeah.
Once
I
applied
this
playbook,
those
are
the
settings
that
are
going
to
be
applied
to
this
system
through
system
rules.
B
The
other
one
is
one
of
the
ones
we
talked
about
is
one
of
my
favorites.
This
is
session,
recording
it's
based
on
a
technology
called
t-log
and
essentially,
with
this
variable,
I'm
saying
start
doing
session
recording
for
everyone.
So.
B
Okay,
so
same
media
conglomerate,
whereas
serving
a
professional
services
engagement,
we
had
a
team
of
administrators
that
worked
there,
and
it
was
often
the
case
that
you
would
get
a
call
like
two
or
three
o'clock
in
the
morning,
because
it
was
not
two
or
three
o'clock
in
the
morning
somewhere
else
in
the
world,
and
they
need
you
to
do
something.
B
B
But,
looking
at
at
these
recorded
session,
you
get
everything
in
context,
nice,
and
so
not
only
did
that
help
us
or
would
it
help
you
detangle
those
situations
and
maybe
repair
them,
but
you
could
also
then
use
it
as
a
training
aid
to
be
like
look
here.
You
ran
this
command
and
you
received
this
error
right
and.
B
Error
is
telling
you
and
yeah.
B
B
A
So,
and
this
would
be
for
every
single
user
right
so
like
let's
say,
somebody's
credentials
got
cracked
or
you
know
somebody
came
inside
the
wire.
You
could
then
have
an
analysis
on
what's
coming
out
of
your
logging
service,
your
centralized
logging
service.
If
you
have
one
and
say
hey,
this
isn't
cool
somebody
just
ran
this
command
and
you
know
who
knows
what
happened?
So
that's
that's!
That's
very
handy.
I
feel
like
in
larger
environments
right
like
that,
could
get
to
become
a
very
useful
thing.
A
B
Well-
and
you
know-
we've
had
this
in
previous
versions
of
rel
kind
of
you
could
do
a
whole
bunch
of
gymnastics
with
the
audit
d
daemon
and
get
a
lot
of
the
same
data,
but
it
would
also
do
things
like
capture
passwords,
which
you
probably
right
and
yeah.
B
It
goes
into
the
audit
logs,
which
are
different
than
the
system
logs,
but
still
like
you
probably
don't
want
that
stuff,
whereas
t-log
and
session
recording
are
set
up
to
like
do
you
do
this
in
a
more
sane
way
than
just
capture
system
events
and
report
on
it.
B
But
this
is
something
that's
in
rel,
eight,
it's
not
in
previous
versions
of
row.
There
is
actually
a
lab
for
it.
So
if
you're
really
interested
in
it,
you
could
go
through
the
lab
yourself
on
creating
it
and
the
playback
there's
a
command
line.
Playback
utility
called
t-log
play
or
there's
a
really
really
sweet,
plugin
for
cockpit
or
web
console.
Where
you
can
get
into
video,
you
can
do
zoom
it'll,
you
can
actually
put
in
a
search
term
and
because
this
is
all
stored
in
text.
B
B
Yeah,
it's
got
a
lot
of
got
a
lot
of
the
use
all
right,
so
I've
got
my
initial
one
and
just
to
kind
of
see
where
we're
at.
If
I
look
at
the
swappiness
value
on
this
box
right
now,
it's
set
to
30
after
I
run
my
playbook,
it
should
be
set
to
20.
all
right.
B
B
All
right
with
with
t
log,
I
didn't
have
the
software
installed
for
it
so
up
in
here,
where
it
talks
about
package
facts
and
then
installing
session
recording
plug-in
like
that,
that's
actually
installing
all
the
software
you
need
to
make
that
happen.
That's
built
into
the
system
for
very
cool
first
session,
recording
all
right.
So
as
expected,
when
I
look
at
the
swappiness
value
now
it's
up
to
20
and
let
me
just
real
quick
reset,
my
password
for
this
user.
A
A
B
It
would
secure
oh
yeah,
I
think
it's
gear.
I
don't
think
it
is
it's
not.
I
don't
know
what
if
we
have
time
at
the
end,
I'll
pull
that
one
up,
and
we
can
do
that,
one
too,
all
right
all
right
so
that
that's
like
we
created
a
playbook.
We
set
our
parameters,
we
told
it
which
roles
to
use,
so
we
could
know
which
parameters
to
use
and
then
we
executed
it
and
the
parameters
were
applied
to
the
system
all
right.
B
B
So
now
we're
going
to
do
things
in
the
playbook
for
kernel,
settings
for
t
log
and
for
time,
sync,
nice
and
then
I'm
going
to
this
is
super
complex
command,
but
essentially
what
it's
doing
is
it's
a
clickable
so
that
I
can
shove
stuff
into
the
playbook
without
making
you
type
it
and
just
type
it
yeah.
B
So
so,
when
I
executed
it
right,
there
is
my
addition
of
the
new
role
that
I
want
to
use
timesync
and
then
that
said,
inline
edit
added
this
section
got
it
nice.
Where
currently
on
this
box,
it's
probably
set
up
to
use
a
bunch
of
ntp
pool
servers,
but
maybe
I
have
very
specific
ones.
I
want
to
use
so
I'm
going
to
use
time.net.gov
box
and
then
one
out
of
the
pool
as
like
a
backup
all
right.
In
reality,
you
probably
want
three
four
or
five.
B
So
if
we
look
at
our
crony
sources
right
now
right,
these
are
all
pulled
out
of
the
pool
and
one
of
their
yeah
three
six,
eight
of
them,
but
because
they're
pulled
out
of
the
pool
notice
they're,
like
stratum,
two
three
I've
seen
you
have
no
idea
six
right,
whereas
I
know
time
time,
d
b,
nist.gov
is
a
stratum
y.
I
didn't
just
like
connect
to
the
clock.
B
C
A
A
B
Well,
like
the
then,
this
servers,
oftentimes
random
clients,
aren't
permitted
to
connect
to
them
right.
The
only
accept
connection
is
from
a
list
of
of
known
servers,
so
if
you
want
to
be
one
of
those,
you
need
to
like
fill
out
an
application
and
review
it
and
decide
where
they
want
to
do
it.
So
if
you
were
say,
I
don't
know.
A
B
Yeah,
but
if
you're
like
a
a
large
news
organization
where
time
is
important
right
when
you're
like
time,
stamping
the
publication
date
on
articles
or
on
news
stories
or
whatever
you
could
register,
maybe
three
boxes
as
an
organization
to
that
and
then
inside
you
use
those
three
boxes
anyway,
all
right
enough
on
time.
For
short,
super
boring,
stop
it
all
right.
So
I'm
just
going
to
apply
my
updated
playbook.
B
And
it's
basically
going
through
and
running
all
the
same
things,
and
it
should
be
reporting
mostly
okays
and
skips,
because
it's
not
doing
anything
except
the
time
stuff
yeah.
So
especially
when
you
get
down
to
t
log
right,
it's
already
installed
it's
already
configured
we
didn't
make.
Any
changes
should
be
good
all
right.
So
now
we're
installing
crony
and
making
changes
based
off
crony.
B
B
It's
bad
right,
but
in
reality
this
is
okay,
because
what
it's
done
is
it.
I
said
earlier
that
we
go
across
different
versions
of
rel.
Some
versions
of
rel
have
ndps,
some
have
crony,
some
have
both,
which
would
be
using,
and
so
essentially
in
here
we're
we're
looking
to
see
what's
configured
and
then
based
off
of
the
configuration
we're
making
the
changes,
but
it's
actually
checking
and
failing
because
it's
not
there
right.
B
A
So
this
is
actually
a
thing
in
ansible
right
where
you
can
accept
a
failure
right,
like
a
failure
in
this
thing,
does
not
mean
an
entire
failure
of
the
whole
process.
It
could
just
be
a
failure
to
check
that
the
thing
is
actually
there.
So
I'm
not
going
to
continue
down
that
roll
or
down
you
know
some
other
role
that
it
needs
to
pull
in.
A
It'll
in
theory
quote,
skip
over
it,
but
it's
not
skipped
because
you
have
to
check
something
with
ansible
to
actually
skip
it.
So,
therefore,
it's
failing
to
see
the
presence
of
something
so
therefore
it
ignores
it
and
continues
on,
because
it's
not
a
failure
that
is
detrimental
to
what
you're
trying
to
do
right.
A
C
B
Time
master
yet
another
service
that
one
could
use
to
manage
time.
Yes,
exactly
right,
yeah
all
right.
So
at
this
point,
if
I
check
my
currently
sources
again
right,
there's
there's
my
two
that
I
said
I
wanted.
One
is
time.net.gov
and
the
other
one
is
random
out
of
the
pool
right,
just
like
my
playbook
all
right.
So
when
you
want
to
make
changes
right,
I
said
earlier.
B
Maybe
you're
set
up
your
database
servers
so
that
they
use
20,
and
then
you
read
this
other
article
and
it
says
you
should
use
10
so
you're,
like
alright
cool
boom.
There
we
go
I'll,
make
the
change
right
that
little
in
place
edit
just
updated
that
guy
and
then
once
you've
made
your
change.
You
apply
the
playbook
again
and
just
like
before
it
skips
all
the
stuff
that
it
had
already
done,
and
it's
still
the
same
state
and
then
applies
the
new
changes
or
the
differentials.
B
So
now
we
shouldn't
see
time,
servers
being
set
or
changed,
or
anything
like
that,
because
it's
already
been
done,
it
hasn't
been
updated
in
the
playbook,
has
not
been
mucked
with
correct
right.
B
All
right,
so,
no
no
surprise
there
that
purchase
is
actually
done
yep.
So
that's
that's
basic
system
rules.
So
let
me
pull
up
that
yaml
file,
one
more.
C
A
B
Right
and
so
the
documentation
that's
provided,
tells
you
about
the
layout.
I
find
it
easier
to
read
from
the
upstream
system
rules
project
because
it's
like
you
know,
I
pull
up
the
github.
I
click
on
it.
It
gives
me
the
markdown
based
description
of
it.
It's
a
little
bit
easier
to
read
than
a
text
file
on
the
terminal.
A
B
B
A
B
Well
kind
of,
but
not
really
because
it's
really
using
tunde
and
so
tundy
has
an
already
established
syntax
that
it
uses
so,
for
example,
for
for
these
in
the
documentation,
it
just
says:
use
use
the
syscontrol
tunable
right
and
that's
what
I'm
using
and
tell
me
what
to
set
it
to.
So.
If
I
wanted
to
change.
C
B
A
A
Is
not
something
that
I
always
did
when
I
was
administering
railbox.
B
Well,
yeah,
I
mean,
unless
it's
routing
between
networks,
there's
really
no
need,
but
for
a
number
of
years
I
worked
as
a
so
there
it
is
cool
so
excited.
I
worked
as
a
red
hat
instructor
for
training,
cr
and
certification,
nice
and
we
needed
a
route
between
networks
and
after
you
did
your
setup,
you
went
in
and
you
twiddled
this
bit
or
if
things
weren't
working
properly,
you
would
check
this
this
value
yeah.
So
there
you
go.
A
C
C
A
B
Yeah
and
like
we're
continuing
to
grow
the
catalog
of
roles,
so
I
know
that
we're
in
development
on
one,
like
I
said
earlier
for
the
aha
add-on,
there's
one
for
firewall
settings,
there
is
one
already
out
there
for
sc
linux
because,
like
let's,
let's
make
sure
it's
enabled.
B
B
Yeah
exactly
so
yeah
there's,
there's
a
bunch
out
there
kind
of
circling.
B
We
added
we're,
starting
to
add
some
for
specific
things
like
you
may
have
noticed
the
certificate
role
that
was
added
in
with
idm
for
eight
either
eight
two
or
eight
three,
and
so
you
know
how
you
have
to
manage
your
ssl
certs
and
if
they
expire,
it's
like
really
bad
yeah
right,
so
that
system
role
can
manage
certificates
that
are
issued
either
self
from
a
ca,
a
local
ca
or
through
the
cert
monger
service,
which
is
part
of
idm.
A
Yeah
yeah.
A
C
B
A
A
So
cool
anything
else
you
want
to
talk
about
as
far
as
system
roles
go.
B
A
B
B
Yeah
so
next
show
we're
gonna
have
terry
bowling
on.
He
actually
he's
a
product
manager
for
rel
he's
moving
between
product
experiences,
so
system
roles
actually
were
his
and
he's
handing
it
over
to
a
new
product
manager.
B
I
think
we're
talking
convert
and
then
he'll
come
on
again
in
april,
maybe
to
talk
leap,
because
so
the
new
rel
cadence
is
minor
release
every
six
months,
major
release
every
three
years,
so
rail
eight
was
released
in
2019
in
the
spring
guess,
what's
happening
in
the
spring
of
2022..
B
C
B
So
so
yeah,
it's
like
in
april
right
right
about
a
year
until
we
can
expect
real
nine.
Let's
talk
about
in-place
upgrade
because
yeah,
as
we
talked
about
already
in
this
episode
right,
roll
seven
is
getting
to
be
a
short
timer
and
relate
role.
9
is
is
where
you're
you're
wanting
to
be
so
dear
I'll,
be
on
in
the
next
next
episode
and
a
few
episodes
past
that
and
I'm
going
to
be
better
about
booking
guests
for
short,
because.
A
All
right
so
cool
yeah,
so
folks
this
is
it
for
streaming.
For
today.
I
appreciate
everybody.
That's
tuned
in
throughout
this
show.
Throughout
the
day
today,
you
know:
stick
around,
you
know
subscribe
to
the
calendar.
If
you
have
not
already,
we
have
a
calendar
of
events
that
you
can
subscribe
to
and
know
every
show
that's
coming
up
in
the
future,
including
brand
new
ones
that
we're
launching
this
year.