►
Description
A show that features the people and technology that make Red Hat® Enterprise Linux® into the the world’s leading enterprise Linux platform.
In this episode, Scott McBrien will be talking about utilizing the RHEL System Roles to automate changes across your system populations. Based on Ansible automation technology, but included with RHEL, these roles allow you to expand your playbooks to include selected system administration configuration changes and tasks.
A
A
C
B
Good
distinction
to
make
right
and
when
we
were
initially
doing
our
setup
for
the
show
we
were
talking
about
this
a
little
bit,
and
you
may
recall
that,
oh
two
or
three
episodes
ago
we
talked
with
rich
dorito
and
rich
dorito
was
we
were
talking
about
sys
subscription
manager
and
then
there's
this
affiliated
tool
called
system,
purpose
or
cis
purpose
right.
This
purpose
is
used
to
identify
this
box,
is
a
production
box
or
a
test
box
or
something
along
those
lines.
B
So
when
it
registers
with
red
hat
subscription
manager,
it
will
look
at
the
pool
of
available
subscriptions
in
your
account
and
choose
one
that
it
thinks
is
the
best
match
so
that
you're
not
tying
a
premium.
24X7
support
subscription
to
your
dev
box.
Right
right
doesn't
need
that
yeah,
and
so
that's
that's.
B
Extensions
for
playbooks,
okay,
so
ansible
has
a
whole
bunch
of
different
things
that
they
use
to
extend
beyond
just
like
their
yaml
and
playbook
infrastructure.
Right
they've
got
modules,
they've
got
plug-ins,
they
also
have
roles
and
that's
what
system
rules
is
it's
one
of
its
ansible
role
or
infrared
rules.
B
B
A
Releases
down
the
right
road-
and
I
just
found
it-
they
have
a
web
page
that
kind
of
breaks
down
everything.
That's
in
the
repo
for
you,
including
like
here's
demos,
here's
currently
supported
ones,
here's
ones
that
are
on
the
roadmap
so
be
sure
to
check
that
out.
If
you're
interested
right
is
so,
these
are
ansible
roles
like
I
get
them
from
red
hat.
I
apply
them
on
my
system
using
ansible,
not
rpm
or
yum,
or
anything
like
that.
B
B
Essentially,
your
rel
subscription
will
also
provide
you
access
to
an
ansible
repo
for
the
purpose
of
running
system
worlds,
so
that
you
get
a
supported
ansible
to
run
a
supported
feature
in
prowl,
which
is
system
roles
if
you're
doing
stuff.
Outside
of
that,
you
may
need
an
extra
informal
subscription,
but
for
real
system
roles.
What
comes
with
rel
is
what
you
can
use
and
then
to
to
actually
get
it
going.
B
A
B
A
B
Let's
see
I
like,
I
like
the
kernel
settings
system
rule,
so
it
actually
uses
tunde
behind
the
scenes
to
apply
changes
to
the
system.
But
the
reason
I
really
like
it
is
the
automation
piece
that
system
rules
gets
right.
So
I
worked
a
lot
of
places
where
you
would
have
a
farm
of
boxes.
That
are
databases,
and
maybe
you
know,
let's
say
mysql.
B
Somebody
finds
a
document
that
says
my
sequel
should
have
the
swappiness
value
of
the
kernel
set
to
20.
right,
so
you
go
around
and
as
you're
building
all
those
boxes,
that's
what
you
do
and
then
you
find
another
article
from
a
more
reputable
source
or
more
recently
that
says
no.
That
should
really
be
10
right,
not
20.,
okay!
B
And
then
you
know
when
you
go
to
rail
eight.
Well,
I
think
the
differential
between
seven
and
eight
was
not
as
large.
You
still
get
some
of
those
technological
changes
absolutely,
and
so
the
original
intention
behind
system
rules
was,
let's
provide
a
method
that
administrators
could
use
to
do
something
like
set
their
ntp
servers
like
right.
That's
a
pretty
common
thing
to
have
across
your
population.
A
A
B
But
like
from
a
customer
perspective
or
from
a
you
know,
administrator
user
perspective,
that's
super
annoying
because
here
you
are
you've
got
this
large
fleet
of
systems
on
route
six
and
then
row
seven
comes
out,
and
now
you
have
to
know.
Oh
there's
a
real
six
box.
I
need
to
do
it
this
way.
Oh,
it's
real
seven
blocks.
B
So
one
of
the
things
with
system
rules
is
that
when
you
use
it
it
is
cross
rel
capable
so,
for
example,
date
time
sake.
System
rule
is
a
good
example
of
that
you
can
just
put
in
the
ntp
servers.
You
want
your
boxes
to
get,
and
if
it's
on
rel
six
it
does
ntpd
configuration
stuff.
If
it's
on
rail
seven,
it
actually
checks
to
see
whether
using
ntpd
or
crony
and
does
the
right
thing
and
on
rail
eight
it
uses
crony.
B
B
Rel7
has
now
crossed
into
maintenance
phase
two,
so
we'll
no
longer
be
getting
new
features,
so
any
new
system
rules
we
make
aren't
going
to
be
backported
in
rel7,
and
then
there
are
some
like
session
recording
where
that
that
technology
doesn't
come
with
anything
about
rally
at
this
point.
So
if
you
run
it
on
a
route,
seven
or
six
bucks,
it's
not
gonna
do
anything.
Okay,.
B
A
B
A
Well,
I'm
thinking
of
the
the
folks
that
are
like
changing
jobs
and
they
walk
in
to
upgrade.
You
know
a
fleet
of
servers
and
it's
like
okay,
I
was
using
seven
and
they're
on
five
still
and
I'm
trying
to
get
them
upgraded
kind
of
thing
right,
like
I've
been
in
situations
like
that.
So
having
this
cheat
sheet
really
helps
you
like,
if
you've
been.
A
B
I
actually
was
just
asked
yesterday
about
six
to
seven
upgrades:
it's
like
okay,
so
six
is
it
extended
life
support
phase,
so
very
limited
updates,
essentially
critical
and
an
important
security
errata
only
with
an
add-on
subscription
right.
So
you
don't
have
that
on.
You
don't
get
any
updates
anymore
for
it.
Rel7
is
in
maintenance,
phase
2.
So
it's
got.
B
C
B
March,
I
think
it
is
we're
going
to
have
terry
bowling
on
he's
the
cool
and
we're
going
to
talk
about
leap
which
is
the
in-place
upgrade
utility
yeah.
So
we're
currently
using
that
for
seven
to
eight
we're
going
to
continue
to
use
it
for
eight
to
nine.
But
because
the
differential
between
eight
and
nine
is
not
as
great.
It
should.
C
A
A
A
B
As
that,
like,
let
me
run
some.
Let
me
have
a
slightly
different
administrative
interface
that
I
don't
have
to
care
about
version
so
that,
as
we
have
these
major
versions
changes,
you
don't
have
to
go
through
and
update
all
of
your
scripting
procedures.
Automation
right,
it
all
just
still
kind
of
works,
but
out
of
that
has
generated
kind
of
a
new
idea
of
what
we
could
use
system
rules
for
which
is
standard
operating
environment.
B
B
B
A
B
Hardware
is
so
if
all
your
hardware
has
the
exact
same
disk
layout,
has
the
exact
same
number
of
disks,
the
exact
same
devices
of
disk,
then
the
storage
role
is
really
really
handy.
You
can
execute
that
change
and
kind
of
know
that
across
your
population
that
new
partition
is
one
gonna,
be
able
to
be
made
and
two
isn't
gonna
bother
something
else
or
do
something
wonky
yeah.
So
if
you
have
a
really
disparate
population
of
all
random
stuff,
then
that
probably
would
not
be
the
best
choice
to
do.
Yeah.
A
We
had
my
first
job
out
of
the
air
force.
We
had
different
like
classes
of
servers
and
that's
where
I
see
that
being
helpful
right
like
if
you
have
20
batch
processing
boxes
and
they
need
this
amount
of
storage
and
this
much
intent.
And
this
much
and
you
know
var
that
is
super
helpful.
But
that
could
be
something
completely
different.
B
And
maybe
you
have
a
standard
operating
environment
that
gets
applied
to
a
specific
type
of
box.
You
have
your
web
server
soe.
You
have
your
database
soe,
but
I
worked
for
a
large
media
conglomerate
and
their
process
for
acquiring
new
hardware
was
buying
whatever
was
left
over
at
the
hardware
manufacturer.
B
C
B
So
we
would
get
things
like
dl280s
hpdl280s,
but
they
would
have
different
number
of
necks,
different
amount
of
ram
different
number
of
cores
different
discs,
and
so
you
know,
while
we
could
guarantee
some
basic
sameness
like
they're
all
going
to
be
the
same
processor
generation
or
there
was
going
to
be
a
minimum
amount
of
ram
that
was
in
there.
We
wouldn't
necessarily
know
the
complete
package
before
we
got
on
and
deployed
it
out
the
data
center
and
some
things
like
knicks,
you
can't
understand.
Oh,
you
can
never
guarantee
yeah
right.
A
C
B
B
B
So
I'd
really
like
to
get
it
once.
I've
gotten
all
the
instructional
stuff
ironed
out,
I'd
like
to
get
it
so
that
we
can
apply
the
same
playbook
across
all
the
hosts.
So
that's
that's
my
plan.
I
had
originally
intended
to
have
it
completed
by
the
end
of
2020..
You
can
see
how
that
worked
out
for
me.
A
B
A
A
B
A
B
B
There's
some
documentation:
that's
installed,
that's
text-based,
it's
pretty
basic,
but
here
in
user
share
ansible
roles,
that's
where
the
actual
ansible
stuff
that
makes
it
work
is,
and
so
earlier
we
were
talking
about
the
differential
between
upstream
and
what
comes
as
part
of
realm
there.
It
is
yeah
and.
B
B
The
other
ones,
I
think,
are
all
all
now
fully
supported,
but
that
would
be
referenced
in
the
rel
documentation
that
you
learned
earlier
chris.
So
if
you're
interested
in
which
ones
are
tech
preview
or
not,
you
can
find
them
there
and
so
inside.
These
directories
is
all
the
the
ends
of
holiness.
That
makes
the
roles
work
with
ansible.
A
B
There
we
go
all
right,
so
this
is
a
starting
point
that
I
wanted
to
have
in
the
lab,
especially
because
people
may
not
be
familiar
with
ansible
and
how
they
would
write
a
playbook.
So
I
wanted
to
at
least
give
them
a
starting
point
to
kind
of
work
off
of,
and
what
we
can
see
is
down
here
in
the
roles
section.
A
B
And
I
was
just
talking
with
mike
girette
over
in
the
isv
team
today
about
doing
a
webinar
around
developing
2d
profiles,
specifically
for
people
who
are
writing
and
distributing
software
unreal,
because
I
think
that
including
a
2d
profile
for
your
thing
has
like
that.
Like
extra
level
of
polish-
and
it's
really
not
hard
to
do.
A
B
B
B
B
Along
with
that,
I
put
in
some
other
tunables
for
databases
here,
so
in
order
to
kind
of
bring
as
much
performance
as
you
can
out
of
databases,
a
lot
of
the
open
source
and
enterprise
databases
also
tell
you
to
make
some
changes
to
how
your
cache
is
written
and
managed.
Your
file
cache
is
written
and
managed,
and
so
the
vm
dirty
ratio
is
don't
sync
file
cache
until
it's
40
percent,
dirty
and
or
40
of
memory
is
being
used.
They
expire
sent
to
sex
and
right
back
into
sex.
B
B
So
semaphores
are
a
type
of
shared
memory
where
processes
can
pass
information
back
and
forth
to
each
other,
and
so
we're
setting
things
like
the
size.
The
total
number
of
the
minimum
and
maximum
length
of
single
fours
and
it's
a
set
of
four
values
to
get
stuck
in
this
one
kernel
setting
nice
so
so
yeah.
Once
I
applied
this
playbook,
those
are
the
settings
that
are
going
to
be
applied
to
this
system
through
system
rules.
B
B
But,
looking
at
at
these
recorded
session,
you
get
everything
in
context,
nice,
and
so
not
only
did
that
help
us
or
would
it
help
you
detangle
those
situations
and
maybe
repair
them,
but
you
could
also
then
use
it
as
a
training
aid
to
be
like
look
here.
You
ran
this
command
and
you
received
this
error
right
and.
B
B
A
So,
and
this
would
be
for
every
single
user
right
so
like
let's
say,
somebody's
credentials
got
cracked
or
you
know
somebody
came
inside
the
wire.
You
could
then
have
an
analysis
on
what's
coming
out
of
your
logging
service,
your
centralized
logging
service.
If
you
have
one
and
say
hey,
this
isn't
cool
somebody
just
ran
this
command
and
you
know
who
knows
what
happened?
So
that's
that's!
That's
very
handy.
I
feel
like
in
larger
environments
right
like
that,
could
get
to
become
a
very
useful
thing.
A
B
But
this
is
something
that's
in
rel,
eight,
it's
not
in
previous
versions
of
row.
There
is
actually
a
lab
for
it.
So
if
you're
really
interested
in
it,
you
could
go
through
the
lab
yourself
on
creating
it
and
the
playback
there's
a
command
line.
Playback
utility
called
t-log
play
or
there's
a
really
really
sweet,
plugin
for
cockpit
or
web
console.
Where
you
can
get
into
video,
you
can
do
zoom
it'll,
you
can
actually
put
in
a
search
term
and
because
this
is
all
stored
in
text.
B
B
B
B
All
right
with
with
t
log,
I
didn't
have
the
software
installed
for
it
so
up
in
here,
where
it
talks
about
package
facts
and
then
installing
session
recording
plug-in
like
that,
that's
actually
installing
all
the
software
you
need
to
make
that
happen.
That's
built
into
the
system
for
very
cool
first
session,
recording
all
right.
So
as
expected,
when
I
look
at
the
swappiness
value
now
it's
up
to
20
and
let
me
just
real
quick
reset,
my
password
for
this
user.
A
A
B
It
would
secure
oh
yeah,
I
think
it's
gear.
I
don't
think
it
is
it's
not.
I
don't
know
what
if
we
have
time
at
the
end,
I'll
pull
that
one
up,
and
we
can
do
that,
one
too,
all
right
all
right
so
that
that's
like
we
created
a
playbook.
We
set
our
parameters,
we
told
it
which
roles
to
use,
so
we
could
know
which
parameters
to
use
and
then
we
executed
it
and
the
parameters
were
applied
to
the
system
all
right.
B
B
So
so,
when
I
executed
it
right,
there
is
my
addition
of
the
new
role
that
I
want
to
use
timesync
and
then
that
said,
inline
edit
added
this
section
got
it
nice.
Where
currently
on
this
box,
it's
probably
set
up
to
use
a
bunch
of
ntp
pool
servers,
but
maybe
I
have
very
specific
ones.
I
want
to
use
so
I'm
going
to
use
time.net.gov
box
and
then
one
out
of
the
pool
as
like
a
backup
all
right.
In
reality,
you
probably
want
three
four
or
five.
B
So
if
we
look
at
our
crony
sources
right
now
right,
these
are
all
pulled
out
of
the
pool
and
one
of
their
yeah
three
six,
eight
of
them,
but
because
they're
pulled
out
of
the
pool
notice
they're,
like
stratum,
two
three
I've
seen
you
have
no
idea
six
right,
whereas
I
know
time
time,
d
b,
nist.gov
is
a
stratum
y.
I
didn't
just
like
connect
to
the
clock.
B
C
A
A
B
Well,
like
the
then,
this
servers,
oftentimes
random
clients,
aren't
permitted
to
connect
to
them
right.
The
only
accept
connection
is
from
a
list
of
of
known
servers,
so
if
you
want
to
be
one
of
those,
you
need
to
like
fill
out
an
application
and
review
it
and
decide
where
they
want
to
do
it.
So
if
you
were
say,
I
don't
know.
A
B
Yeah,
but
if
you're
like
a
a
large
news
organization
where
time
is
important
right
when
you're
like
time,
stamping
the
publication
date
on
articles
or
on
news
stories
or
whatever
you
could
register,
maybe
three
boxes
as
an
organization
to
that
and
then
inside
you
use
those
three
boxes
anyway,
all
right
enough
on
time.
For
short,
super
boring,
stop
it
all
right.
So
I'm
just
going
to
apply
my
updated
playbook.
B
And
it's
basically
going
through
and
running
all
the
same
things,
and
it
should
be
reporting
mostly
okays
and
skips,
because
it's
not
doing
anything
except
the
time
stuff
yeah.
So
especially
when
you
get
down
to
t
log
right,
it's
already
installed
it's
already
configured
we
didn't
make.
Any
changes
should
be
good
all
right.
So
now
we're
installing
crony
and
making
changes
based
off
crony.
B
B
It's
bad
right,
but
in
reality
this
is
okay,
because
what
it's
done
is
it.
I
said
earlier
that
we
go
across
different
versions
of
rel.
Some
versions
of
rel
have
ndps,
some
have
crony,
some
have
both,
which
would
be
using,
and
so
essentially
in
here
we're
we're
looking
to
see
what's
configured
and
then
based
off
of
the
configuration
we're
making
the
changes,
but
it's
actually
checking
and
failing
because
it's
not
there
right.
A
So
this
is
actually
a
thing
in
ansible
right
where
you
can
accept
a
failure
right,
like
a
failure
in
this
thing,
does
not
mean
an
entire
failure
of
the
whole
process.
It
could
just
be
a
failure
to
check
that
the
thing
is
actually
there.
So
I'm
not
going
to
continue
down
that
roll
or
down
you
know
some
other
role
that
it
needs
to
pull
in.
A
It'll
in
theory
quote,
skip
over
it,
but
it's
not
skipped
because
you
have
to
check
something
with
ansible
to
actually
skip
it.
So,
therefore,
it's
failing
to
see
the
presence
of
something
so
therefore
it
ignores
it
and
continues
on,
because
it's
not
a
failure
that
is
detrimental
to
what
you're
trying
to
do
right.
A
C
B
Time
master
yet
another
service
that
one
could
use
to
manage
time.
Yes,
exactly
right,
yeah
all
right.
So
at
this
point,
if
I
check
my
currently
sources
again
right,
there's
there's
my
two
that
I
said
I
wanted.
One
is
time.net.gov
and
the
other
one
is
random
out
of
the
pool
right,
just
like
my
playbook
all
right.
So
when
you
want
to
make
changes
right,
I
said
earlier.
B
Maybe
you're
set
up
your
database
servers
so
that
they
use
20,
and
then
you
read
this
other
article
and
it
says
you
should
use
10
so
you're,
like
alright
cool
boom.
There
we
go
I'll,
make
the
change
right
that
little
in
place
edit
just
updated
that
guy
and
then
once
you've
made
your
change.
You
apply
the
playbook
again
and
just
like
before
it
skips
all
the
stuff
that
it
had
already
done,
and
it's
still
the
same
state
and
then
applies
the
new
changes
or
the
differentials.
B
C
A
B
Right
and
so
the
documentation
that's
provided,
tells
you
about
the
layout.
I
find
it
easier
to
read
from
the
upstream
system
rules
project
because
it's
like
you
know,
I
pull
up
the
github.
I
click
on
it.
It
gives
me
the
markdown
based
description
of
it.
It's
a
little
bit
easier
to
read
than
a
text
file
on
the
terminal.
A
B
A
B
Well
kind
of,
but
not
really
because
it's
really
using
tunde
and
so
tundy
has
an
already
established
syntax
that
it
uses
so,
for
example,
for
for
these
in
the
documentation,
it
just
says:
use
use
the
syscontrol
tunable
right
and
that's
what
I'm
using
and
tell
me
what
to
set
it
to.
So.
If
I
wanted
to
change.
C
B
A
B
Well,
yeah,
I
mean,
unless
it's
routing
between
networks,
there's
really
no
need,
but
for
a
number
of
years
I
worked
as
a
so
there
it
is
cool
so
excited.
I
worked
as
a
red
hat
instructor
for
training,
cr
and
certification,
nice
and
we
needed
a
route
between
networks
and
after
you
did
your
setup,
you
went
in
and
you
twiddled
this
bit
or
if
things
weren't
working
properly,
you
would
check
this
this
value
yeah.
So
there
you
go.
A
C
C
A
B
A
C
B
A
B
A
B
B
B
C
B
So
so
yeah,
it's
like
in
april
right
right
about
a
year
until
we
can
expect
real
nine.
Let's
talk
about
in-place
upgrade
because
yeah,
as
we
talked
about
already
in
this
episode
right,
roll
seven
is
getting
to
be
a
short
timer
and
relate
role.
9
is
is
where
you're
you're
wanting
to
be
so
dear
I'll,
be
on
in
the
next
next
episode
and
a
few
episodes
past
that
and
I'm
going
to
be
better
about
booking
guests
for
short,
because.
A
All
right
so
cool
yeah,
so
folks
this
is
it
for
streaming.
For
today.
I
appreciate
everybody.
That's
tuned
in
throughout
this
show.
Throughout
the
day
today,
you
know:
stick
around,
you
know
subscribe
to
the
calendar.
If
you
have
not
already,
we
have
a
calendar
of
events
that
you
can
subscribe
to
and
know
every
show
that's
coming
up
in
the
future,
including
brand
new
ones
that
we're
launching
this
year.