Ansible Mastery | Dániel Ernő Szabó | Skillshare

Playback Speed


  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

56 Lessons (5h 38m)
    • 1. Amas Intro

      3:14
    • 2. Amas Environment

      3:42
    • 3. Amas Mgmt Setup

      6:47
    • 4. Amas Linux Clients

      8:26
    • 5. Amas Priv key to ppk

      2:23
    • 6. Amas Windows basic

      11:40
    • 7. Amas Windows cert

      15:04
    • 8. Amas Windows Ntlm

      5:40
    • 9. Amas Windows Kerberos

      8:28
    • 10. Amas Playbooks

      11:32
    • 11. Amas Playbook Args

      6:02
    • 12. Amas Windows CredSSP

      4:28
    • 13. Amas Special configs

      11:27
    • 14. Amas Facts Gathering

      6:48
    • 15. Amas Facts Caching

      9:18
    • 16. Amas Network Auth

      5:46
    • 17. Amas Static vs Dynamic

      10:15
    • 18. Amas Roles

      6:26
    • 19. Amas Group variables

      6:26
    • 20. Amas IOS Tshoot pbook

      7:52
    • 21. Amas IOS Tshoot pbook v2

      4:43
    • 22. Amas IOS Port Decomission

      6:23
    • 23. Amas IOS Config Backup

      3:25
    • 24. Amas IOS Config HSRP

      11:44
    • 25. Amas IOS Ending

      2:53
    • 26. Amas Lin Docker handlers

      8:17
    • 27. Amas Lin handlers 2

      4:03
    • 28. Amas Lin Asserting

      4:33
    • 29. Amas Lin Assert 2

      2:54
    • 30. Amas Lin Jinja2

      10:22
    • 31. Amas Facts Custom

      6:15
    • 32. Amas Lin Jinja

      5:13
    • 33. Amas CMDB

      3:18
    • 34. Amas Ubuntu Docker Setup

      3:44
    • 35. Amas Ubuntu Docker App

      9:33
    • 36. Amas Ubuntu Docker Info

      3:36
    • 37. Amas Ubuntu Docker Net

      4:08
    • 38. Amas Docker Container Info

      6:11
    • 39. Amas Docker Container Vol

      3:28
    • 40. Amas Win Local Disk Info

      5:18
    • 41. Amas Win Local User

      6:33
    • 42. Amas Win Local Groups

      3:23
    • 43. Amas Win Domain Users

      7:02
    • 44. Amas Win Domain Groups

      3:16
    • 45. Amas Win Domain Chrome

      6:53
    • 46. Amas Windows Domain Wshark

      10:47
    • 47. Amas Ansible Galaxy

      2:56
    • 48. Amas CentOS Docker Setup

      3:02
    • 49. Amas Win Docker Install

      3:15
    • 50. Amas Win Docker Action

      4:38
    • 51. Amas Vault

      3:38
    • 52. Amas The End

      1:26
    • 53. Amas Strategies

      3:28
    • 54. Amas Mitogen

      3:01
    • 55. Amas AWX

      6:27
    • 56. Amas AWX Hands on

      6:57
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

20

Students

--

Projects

About This Class

This is a very long course full of content which allows you to become the master of ansible and AWX to increase your job security and automate whatever you can in your infrastructure. We start from the very beginning like setup and configuration of ansible and as we gain more and more knowledge we dive into more complex topics.

The supporting material can be found here: Gitrepo

Meet Your Teacher

Teacher Profile Image

Dániel Ernő Szabó

Pythonista in the making

Teacher

Hello, I'm Dániel Ernő.

I currently work as a devops engineer. I have several years of experience with various platforms and I'm here to teach some advanced techniques which may attribute your job security ;)

Cheers,

Daniel

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

Transcripts

1. Amas Intro: Hello there and welcome to my course on ansible. So I had been using NCBI for a couple of years as of now and have created this course to give you my experience and knowledge as to how you can use NCBI to automate your environment. And this course is based on the official NCBO documentation. So as of now, we have the 2.9 version of ansible available for us, has the latest one and we are going to use it. And in this course we are going to walk through from basic antebellum item and set up to more advanced configurations. And in these videos we are going to take a look at how you can set up ansible authentication for Linux servers, Windows servers, and network clients. And for the network, I'm going to use G and S three, which is basically a network emulator. And seemingly at each one of those is sufficient. So basically we are going to odd network devices from G and S three. And the line is devices. As far as it goes, we are going to have a central as 8.2 as our ansible management server. And we are going to have a Windows client. We do Windows server 2019 and Linux client, which is the event, the desktop version. And as of now is the 20 04 LTS. And we are going to have a Cisco router that is going to be our Cisco network device. There are going to be like extra videos as to how you can configure additional devices, which are not Cisco devices. But that will come at the later part in this course. So what does this course cover? So basic setup of NCBO, basic setup of authentication against Linux, Windows, and network devices. And it is going to have this support repository, which is called NCBO mastery. And in this repository you will have the guide for each of the video courses that are available. You will have the playbooks that I created to run demonstration or example. And you will have nice hand-drawn pictures as to what each section is going to offer you. So if you are interested in how NCBO works, out, how you can use as a bird to make your life easier in an enterprise environment. Then this course is for 2. Amas Environment: Hello there and welcome back. In this video, I would like to talk to you about the environment that we are going to use. And the environment is going to be documented on our GitHub repository as to what the setup looks like, how you can configure it and whatnot. So basically we have a CentOS management machine and that is going to reach the Windows, Linux, and the cisco clients. So the for the virtual machines, I'm using VMware Workstation. And this VM workstation is 15.1 below. So it's like something that you have to pay for it if you want to use it officially. But you could use virtualbox or Hyper-V or KVM if you are on a Linux system. And what I would also like to show you is that I have set top name resolution. So if I ping the CentOS machine, it will reply. And what I did was to add edit on my Windows host, the C Windows system 32 drivers at c host five. And yeah, so basically this is it. And I can also pin you want to and I can also blink ping 2019 machine. So the Ubuntu is the desktop version or no, I don't want to install any updates. And I have set up my own Reaper Pi user account. But if I am going to proceed with this course, we would like to create the user which is called ansible. And I'm going to show you in the, in the later videos how you can set up authentication, I guess, different target machines. So for the G And as part I have this single router, which is the C 7200. And it is connected to my NAT one network. And it is using the faster turn at 0 slash 0 to communicate with the infrastructure. So you need to install the G and S three. Do you need to grab an iOS image If you have available? And then you can continue with the network-related part for this. And you also need to have a virtualization and vitamins for the Windows, Linux, and the management systems. And it is really dependent on you, how you set up the access for that. So it is perfectly valid if you don't one name resolution, you don't want to edit your hosts file. The idea behind is to show you how this infrastructure is set up, is to make it more convenient to attend this course and see you in the next video. 3. Amas Mgmt Setup: Hello there and welcome back. In this video, I'm going to show you how I have set up the management server. So basically what we would like to do is SSH with our user, the descent OS machine. Yes, who would like to accept this? And now, again, clear the console. So if you want, we can have the pseudo access and user and NCBO password as a row. I'm going to specify super-secret password, which you are not allowed to do, but you can follow this guide. And with the at C pseudo ours, what we can do is to add a password less pseudo access to this user. So and z bar or a equals o. No password. Or. And now what I would like to do is to go to my WinSCP and stance and login to the centers machine with ansible user with the password that is already given. And now what I need is that dot SSH folder. But it is not existence because I need to switch danceable user and use the SSH key Jan. And the type is RSA and the b, which is the strengths, so to speak, 2048. Alright, now this is out of the way. What we can do is to copy down the public and private keys. And under the config, we could say that anywhere we can act based on the host star, we would like to use this private key for authentication. So now if I go and the SSH copy ID to local host. Yes, I would like to. After specifying the password, I should be but the log of two from this CentOS machine. And just simply say that I want to SSH into the CentOS machine. And it will give me two a prompt with ansible user. And I have passed for less pseudo axis. So the next thing that we would like to do is to install with the iamb. Apa release with the dash y. So basically it is going to add an extra repository which provides us with ansible. So now we can issue the yum install and z VO dash y and y. Did it wait for the process anyway? So basically now we should have the NCBO installed and we're going to configure it. So we have the NCBO 2.9.10 and they face should ansible, dash m ping, localhost, we get back a success and what I want to do, and then ansible ends. Cfg under the ETC folder is to disable or enable out though. And this is concerned about the husky are being. So when you are talking to the two remote systems, which are like based on host or public key authentication. What you need to do is to either always accept that that is a new whiskey and add it to your ansible inventory. Or you could configure and CBA to automatically add it. So now if I issue that S NCBO, dash m ping localhost, I can see that the spin was successful. And one very important thing that you need to be aware of is that you can add after either playbooks or ad hoc commands. So if you are executing an atoll command, it will look like this. So ansible and the module name and horse and the argument, or it will look like this. So ansible playbook and then the hostname or the playbook name or whatnot. So you cannot add the dash V variable. And this is going to provide you with different levels of verbose output. So two ways means more than one v and we cannot three weeds, which is more like verbose. And four V's are more verbose than the standard as it were commands. And five is the most verbose. So if you want to troubleshoot and after command or playbook or whatever you are executing, VI ansible, you should turn to the verbose option. So tune and axon, we will configure the Linux client. 4. Amas Linux Clients: Hello there and welcome back. In this video, we are going to talk about how you can set up answer or to communicate to a Linux clients. So it can be that beyond Red Hat based, FreeBSD pays or whatever distribution. But in this course we are going to dock or stick with Ubunto. So let me login to my user account. And first thing that we need to do is to create the user account. So I'm going to use standard naming convention. So adds just make this console a little bit bigger. So unnamed, hold on. And here we can adjust the custom font, make it like 20. And it's much better. So now we acquire root prompt, and here we used at User command and support. And the password is thought exclamation mark 123. Start exclamation mark 123. And we don't care about this information, but we know that this is correct. The second thing that we need to do is to provide it the password less pseudo access. So you could define the pseudo password if you don't have this setup. But I would like to make our lives easier. I'm going to show you how you can specify sudo password, but on the long run, in my opinion, it's not efficient. So we used a wee I sudo. And here under my own user, what I would like to do is to add the NCBO. All equals o. Hold on. It should be capital L. No password. All great. Now if you save it and logo off from our system. Come on. Logout. We should be able to log back in with ansible user and simply should a sudo su command without password prom, that's just something that I would like to verify. So this is it. And yeah, let's open up a terminal, sudo, so we're good to go. So now if we go back to our management server, first thing that we need to do is turn it to the inventory. So I will explain later to you what the mentor is our group Fourier buzz for now, we should just simply first issued a pseudo CHO and CBO, the ash that NCBO on the ATCC NCBO folder with the recursive switch. So this makes sure that we don't need sudo to edit. This folder or any sub folders or files. Now, we need to create the ETC and CBO group wars. And the insight here, what we would like to do is to create the all GMO won't make it to imo. So now we will have to define somebody abuzz. So ansible user is ends and the algebra password is start. Exclamation mark 1234123. Sorry. Now we can go ahead and eco nothing to our ETC. Ansible hosts file and go ahead and edit this file. So here what I would like to do is to add a new group, so it's called Linux. And here we will have our Ubunto system. So in order for this to work, I'm going to need to make sure that name resolution is working. So if I ping my newborn to machine from my main Windows machine, I have this IP address. And what I would like to do is to edit the host file. And here we already have this IP address present. So there is nothing that we need to do. Of course, I had before him. So if you ping the Ubunto machine, we get back a reply now which try to NCBO dash m being the machine. And it says using SSH password instead of a key is not possible because hosts key checking is enabled and SSH pass does not support this. So please that this host fingerprint OS file. What we need to do here is to go ahead to dance versus CFG. And key checking, or just key. Husky checking is false. We need to modify that one. And now we got back the response. So if by default the host key checking is true, which prevalence you to create less secure setup. And I kind of after all these years get Y by default ans per tries to force you to use them or sicker you are approach. So basically that's all about that. And what we can do is to issue a command with a Who am I on the Ubunto machine. And it says we are ansible and we say that dash b. So we would like to become, and we didn't have to specify a password because pastoralist pseudo axis is already there. So that's one way to set it up. It's perfectly fine and it works. And it's I mean, it really depends on your situation, which one, which way you would like to go with. But what I would recommend for you to use is to copy over the SSH key, remove the group wars file. So SSH copy ID, you want to, and we specify the password. And if SSH to my machine, I will get an instant access. And now what we need to do is to edit the NCBO and CFG and go to the husky checking. Let's put back the comments. So we enabled husky checking and remove the APSC, ansible, group fours or YAML. So all that GMO means that the, the defined variables in this Yammer file are accessible to every host that you have and are willing to show you the use cases when this is like really acceptable solution. So what is my dash f? And now if I go back to my ansible and try to ping the Ubuntu machine. I get back the same response, but now we have used our public key authentication. And that's kind of fall I wanted to show you in this video. See you in the Windows videos. 5. Amas Priv key to ppk: Hello and welcome back. In this video, we are going to convert our private key to, but the compatible private key. And in order to do this, we need to have the but the gen downloaded. So basically, if you go to the website, you can download the 32-bit or 64-bit version. I have downloaded the 64-bit version and it adds us this nice little tool. So basically what I would like to do is to go to my CentOS machine, go under the dot SSH folder and download my private key. After it was downloaded, what I can do is to go to this little tool and load this key. And I'm able to do this if I select this one, it says it successfully imported foreign OpenSSH version two, private key, k. And I would like to save the private key. Yes. And ID, RSA, that.ppk is going to be OK. We would like to overwrite this one. Now, if we go to our WinSCP, do what we can do is to go to the CentOS, specify the by user name, go under advanced authentication, private key file. And let's give it an ok and try to login. So we were able to convert this successfully and now we can basically forget entering the password. We can even save this session. So it's just a little convenience to, and that was all I wanted to show you. 6. Amas Windows basic: Hello there and welcome back. In this video, we are going to talk about how you can set up basic Windows authentication with the help of ansible against your manager machines. So there are basically, I think five types of authentication. Yeah, so we have a basic, a certificate based and anti LM Kerberos base out indication and the credit SSB authentication. So we are going to have a video for each of these because I want to give you a full picture as to how you can handle different and structures and different situations. So now let's go and login to our standalone Windows machine. This is not the domain joined machine. This is just as it is. So if I go here to my localhost and ping the 2019, what let's see, what do we have under the sea windows driver systems, 32, drivers at C hosts. So 2019. A great. So now first thing first what we would like to do is to add it to our ansible inventory. So at z and z bar hosts, and let's create a new group which is going to be called when basic and has just the 2019 machine. And I would like to go ahead and we the pseudo edit my ETC host file. And here as well, the machine, so 2019. And now if I being the 2019 machine come on. I it is not going to because it's just number well, let's call it 201980. Because why not? Great. Now we are able to ping. So that's one part of the NCBI setup. So we have name resolution and added it to our human story. Now what I would like to do is to go ahead here and open up the command prompt and issued us at Angie. And I would like to add a new user is going to be called ansible. And Red Hat. Use start exclamation or quantitative three. Start exclamation mark 123. We do not want to change password at next login and password never expires. Depending on the infrastructure or security policies, you may not be able to do this, but you should be able to change your passwords. So now what I would like to do is to add this user to the administrators group and just simply click, okay. So now what's the next step? So if we want to configure basic authentication, we need to create for this group. So this is like group-based. So we I add see as groups. How did we call it one? Yeah, when basic. So as created at C as a group worse when basic, that GMO. And we would like to specified as user, which is going to be ansible, and as password, which is going to be when RM and NCBO connection, sorry, the parser is nothing for them. So it's start exclamation 1-2-3. And the convection is what's winner RAM. And as IBA winner RAM, transport is going to be basic. Now if I show you the NCBI, dash m When underscore ping and 201980. Well, winner MR. request is not installed. Haha Phyton 3.6 dash M pip install when REM, or rather the pie when RM. The shoes. Hm, hm, hm. Now collecting this module, and I hope it works in the user space because to be honest, I am not really tested it or write, it seems to be working. So the next thing that we would like to do is to configure the windows machine. So in order to configure the windows machine, we need a root prompt or administrator prompt, Sorry. Just like line X stuff. So let's increase the font, black 24 grape. Now what should we do? What we would like to do is to allow the basic authentication on a winner RAM and allow the unencrypted transport. So 1RM set when R M Config service. And out at curly braces, basic equals true. In-between quotes. Great. Now. What we need to do is to modify this. So under the service, we would like to add. I said add curly braces are low on an crib. Third, equal to true. Great. Now I should be able to go back to my machine and try to ping this machine. So when you allow unencrypted, so for winner m, You have two ports that you can use. The first one is the 5986, and this is the HTTPS, which is the encrypted communication. And the 5985 is the unencrypted. So now if I try to ping, it says that all that's being than to 19. Home boy, come on. We see super hosts and we should call it 201980. And let's just go back with this. Yeah. So I had the name resolution set in the appropriate way and the ansible host file not the appropriate way. So this was the reason why it was like failing. So now we should get back a response which says that it does succeed is well, it's startling that sopping 2019 a grade. And maybe, yeah, so when I am weak, config arms or this is for this punishment. Yes, we would like to make these changes. It should be working. So let's wait for like the timeout. And what we can do now is to add the VDV arguments. So why is it trying on the 5986, it shouldn't be. So via CNES ever. Group force when basic. So we have the winner M transport configured and it set the basic, have the password, we have the connection. Let's see how it does. It shouldn't be. C'mon. There may be one more command that we need to show in PowerShell, which is the set item or basic true. So now let's see, where is go. Oh boy. When Rahm port 59, a great pipeline wrapper. So we didn't need that setItem command. We had specified port. So even though we said Basic is the authentication that we want to go with by default, it goes to the 5986 and it will be documented in the repository. But this is how you can set up the basic authentication for ansible. See you in the axon. 7. Amas Windows cert: Hello there and welcome back. In this video, we are going to talk about certificate based authentication for Windows machines. And my opinion, it's the hardest to setup because it has many moving parts and if you make one mistake, you will have lots of time to troubleshoot what's wrong. So first what we need to do is to generate our self-signed certificate with OpenSSL on our Linux machine. And basically this is how you create a configuration file. So don't worry, this is all so colored on the GitHub repository. I just wanted to make sure that you can reproduce these examples. Now we need to export the OpenSSL configuration. And after it was exported, We can request a new self-signed certificate. So it uses RSA 2048 length. And after it is done, we have the cert and the third key, BAM files and the OpenSSL config. So if you want, you can remove the OpenSSL configuration and all you are left within your home directory is basically the certificates. Now, it's time for us to copy down this two files. So CentOS and as a bone and the password. Oh, great. And once this is done, we need to go back to our Windows machine, open up a command prompt, open the local user manager. And under the users, we should create ansible user with the start 123, start. Three paths forward. Come on the bus, but never expires. And we need to find this to be the member of the administrators group. Ok. Now that we have gotten this out of the way, PowerShell is needed and we need to create a new self-signed certificate with the DNS name. 2019. A great. And we can open up and MMC and make risk-management Guanzhong Go. And the snap bin. For the computer account. And under the personal certificates, we will see that this is now our self-signed certificate from the Windows side. The next thing that we need to do is to create a win RM listener. So here we go back to the command prompt, insert this one. So this is basically going to create a winner listener and it is going to use HTTPS transport. The hostname is 201980, and the certificate thumbprint is this one that we would like to use. So if you use explicitely, what's some good habits are going to work because that's unique to my actual video when I create this. And it is going to change like in the thumbprint or if you are using different hostname. So you need to modify this. Now that we have this listener setup, we need the towel, the listener, what user that we would like to use. A. So here what we have is the cert mapping for the user and it's Certificate. And here comes the fun part. So basically we need to go ahead and copy the third bam into the virtual machine. And let's say we put it on the desktop and on the MMC console. What we need to do is to go to the trusted people, more actions. So more actions or tasks import. Next. And we will browse on the deck, stop the cert Pam, and select all and trusted people grade. And what we also need to do is to import it to the Trusted Root Certification or authorities. And here what we would like to do is to also import our PEM file. So bronze, thus stop. So finish. And if you spin up a PowerShell console, we can use the get child item. Pass third. Oh, my or rather that trusted people. And here we have one for the ansible user, the thumbprint which is necessary. So I have added the password and I'm going to replace the issuer here. Great. Now we have the third mapped to a specific user. And the next thing that we need to do is to configure when a ram to allow the certificate based authentication. And as you can see here, now it is an iPod. We could also like check the wind, the wind around what kind of listeners are set up. So we not M and new Merritt, we now config listener we in RAM. And you can see that there is now an HTTPS listener configured with a certificate from print with the user mapping and whatnot. And it's fine from the Windows side. And now we need to go back to our ansible machine. So I would like to move the certificates to the at c and suppose cert. So move cert star on the NCBO cert. So, and if everything went well, we can see these two files here. Now what we would like to do is to create under the ETC, NCBO group vars when cert that EMO. And here we need to specify that the group members should use the ansible connection. We now run ansible when RM transport should be. So d phi and the Azekah when cert bam should come from the ETC. And Zippo cert cert that them. And the NCBO 1RM cert bam key, or sorry, cert key. Pam should come from the at c and z bar. So it's so key, BAM. And we would like to say that the NCBO board that we are using is the 5986, which is going to point to the HD EPS listener and the NCBO when RM scheme is going to be HTTPS. And when I am cert server, cert validation. Ignore. This. Needs to be done because we have created a self-signed certificate and it is going to warn us and won't let us connect unless we ignore the fact that this is a self-signed certificate. Alright, now let's check basic connectivity against our machine. We should be able to ping it. And ansible dash m when being 2019 a should also succeed or not. We hold up as a berm hosts and let's change it to when CRT as a group. Now let's see if this is working. Now we try to establish when I'm connection. And who knows. Is it going to answer AS connection time? This is strange. Firewall and security. Inbound rules. Window remote management. We're down at this port. So down that is it installed? Now? Let's install it. 5986. We obviously doing that. Let's just turn it off and see what happens. Now. Come on. When being 2098, when the verbose. Now it's working. So you may need to adjust the firewall as well. So basically you could say that you turn back the firewall and allow a port or an application. So basicaly windows, remote management and other one. Under other ones things inbound rules, rule and port thing. It should be 596, should be TCP allo through everything, whatever. Finish. So basically you could solve it in this case, this way as well. But now it seems to be working. What I also want to show you is that if you open up the event viewer on Windows and go under the windows logs. And just make this a little bit, not doing this, sorry, the application services log Microsoft Windows and scroll down to the Windows. Remote management operational. You will see that. Go on. You will see that here are the logs which are related to Windows remote management. And if you had like an issue to troubleshoot your setup, you could also check here on the Microsoft side. But technically that is all I wanted to show you. See you next time. 8. Amas Windows Ntlm: Hello there and welcome back. In this video we are going to talk about how you can stop and the authentication against your Windows machines. So anti GLMs specialty is that it can be used if you have like domain based infrastructure and I just machines work group. And it's basically the Big Brother, all of the basic authentication, but the younger brother of the Kerberos authentication. So if as a best practice, it is suggested that your use Kerberos authentication if you have a domain based enviroment, not basic authentication or anti LM authentication. And now we are going to create a new user. So let's jump right into it. We use the Active Directory Users and Computers, and go to the user's organizational unit and create a new user, let's call it NCBO, Mr. Red Hat. And the login username is ansible. And start exclamation mark 123. Start exclamation mark 123 and sparse. So it is not going to expire. And I'm going to add it to the domain admins because that is the default policy for letting anyone in on a domain controller when you freshly installed. All right, now what we need to do is to go ahead and configure our CentOS machine. So but first, we should try to see, come on. If the new user is working, as I may or may not have, mistype the password. So ansible start donation 1-2-3, Walla, and it is going to allow us login. Okay. Now, what I would like you to do is to go under that, see ansible hosts and basically create a new group, which is called the Wien NT lm and assign the host to it. And once it is done, let me just check it. Once it is done, we need to add the group, let's say variables. So v i, c as a group force when anti ALM that yellow or YAML. So the ionizable we interim connection is going to be and the they ansible when R M port is going to be 598 D5 by default. And it's about when you are using the winner I'm connection anti LM tries to login to the 5986 port. And if you check the winner, Emily sinner. So hold on. Let me show you the command. Cmd. Get. Oh, I need to run it. Yes. How? As an administrator. So it shows you that based on the configuration, it is going to listen to that board. So now what we need to use to do is to create the winner I'm user variable, the password variable. And technically this should be oh, yeah. Hold on as the bow when around transport. And the NCBO convection is going to be when our app. Alright. Now if issued NCBO dash and when being 2019 a, we should get backup. Ok. So now if we just check the verbose output, you will see that we are going in on the port 5095. We are using Python 3.6.8. And you also need to make sure that the three's output, o pip. So x dash, Pip, freeze. Great. Is going to show you that the winner MSI install the pie when the RAM, because that is the dependency from answer both side. Because actually ansible is written in Python. So that is all I wanted to show you. See you in the next video. 9. Amas Windows Kerberos: Hello there and welcome back. In this video we are going to see how you can set up get better South implication with the hap fans Ebola. So basically Kerberos authentication is the big brother, so to speak, of the anti LM authentication. And when you have active directory domain based infrastructure. And you can create a user with appropriate privileges. You are encouraged to setup your ansible in stance this. So a just a side note, I think it's really nice that NCBI supports all these like different types of authentication which allows you to cover a wide range of Windows systems and setups. And you can simply configured your authentication based on groups and whatnot. We are ansible. So on the Windows side, what we have here, we have the cents per user, which is a domain administrator. And technically you need a domain account with appropriate through religious. Apart from that, we need to configure our NCBO instance. So let's create a group for the wind rose dot demo. And here we need to specify ansible user, which is ansible at Red wooed local, and as a password, which is start exclamation mark 123. And z-bar convexion is going to be, we now ram and the ends Above when our transport is going to be cared about us. Now, what we need to do is to install the appropriate Python packages. So you see what we have here to install that switch to sudo and issue the yum install car key RB five, double Python three. There will be five. Workstation and K, b, five libs. And the GCC. Gcc is necessary in order for you to install because you will need the installer fight or U0, which is called the lac pi when Ram. So python 03:00 AM pip install by when are M cannibals? And once this is done, we need to edit our Kerberos configuration file. So in the Kerberos configuration file, what we need to do is to basically tack ouroboros. What is the domain control lead? How do we reach it and so on and so forth. And trying to do this. Hold on. No, undo close tabs and see how it is. We're almost there. But yeah. So now if we issued and hold on. Go back. When being 2019. Yeah. We need to create the ansible hosts. And when pedals 201980. So mean pedals. What do we have here as MBO group wars? Although at sea and Isabella group grew was to see as APO group bores. So now let's give it a verbose. So this error message tells us that it was unable to find basically the principle where it would be able to fetch us the credit shows. So now what we need to do is to pseudo VI at c k IRB five.com. And here what we would like to do is to create around. So this realm is going to be called Redwood dot local. So red wood comes from a series which I really love and close to my heart, which is called Signs of monarchy. And it's like placed in that town. And yeah, so this was the origin of this name is so now we have the failure for principal, Redwood dot local. So pink, red dot local. What we need to do is to odd under our host. Well, 192165652019921681556. That five red wood to dot local. So ping at local, it's working. Pink 201980, it's working. So now it should be able to find it. So cannot find KDC for round red o NCBI, group force winds, Kerberos. Read would not local o year. And we don't have winner am listener here setup, so I will just simply add. So this is not set up with the HTTPS listener and based on a port 5986, it tries to go there. So when around port 59, a D5. So now it seems to be working. So this is how you can set up Kerberos authentication, which is a more secure way. And that was all I wanted to show you in this video. See you in. 10. Amas Playbooks: Hello there and welcome back. Now the time has come for us to. Let's do something really interesting with NCBI setup that we have. So you have seen how Linux commands get setup, how Windows commands and get set up, and how network clients get set up. And basically I would like to show you the concept of playbooks. So when you have a task that you need to perform on a remote machine, the first thing that you should check is whether you have already an ansible module and official answer per module, which is able to perform the step. And let me show you what I mean by this. So if you go to this page, you are able to check for like Windows related matter created and basically anything related tasks. So the concept is simple. So if you want a file to be present on a remote line of system, what you can do is to use the file module. So file and manage files and property is great. So basically this allows you to create files and directories on remote systems. What you should consider when you are working with Windows systems is that you want when underscore prefix before this. So when five. And basically any module that is going to provide you with such functionality, whether it's Windows or Linux. So it's, if it's Windows, it to start with, with underscore. And there is a term or concept which is called idempotency and NCBO. So it means that you only want to perform a specific task if it needs to be performed. So basically, if you say that in your playbook, you have a task which is going to create a file on a remote system. Then, first ansible is going to check if a file exists on the remote system, and if it's not existent or based on the checksum, it has a different checksum value. It is going to create it. So let's just try to demonstrate it. So on the window system that's created under the sea, like Temp folder and online books we have TMP, so. Let's create the test or playbook, Lin Biao. And what we would like to do is to assign the hosts. So hosts are going to be, you want to. And when you are creating a playbook, you need cons. By default, NCBO is going to use the, the facts module together information from the remote system. So you need to check if you rely on that information. Because if not, you can disable this functionality and you have like a speed gain in your playbooks or roles that you are. The fingers are a different video. So currently I don't really care about the facts. So I can say that gather facts is know. What I can do now is to create tasks. So name is going to be create tests under four versus dump. And how would like to use and basically the phi manure. So hold on for a second. You know, not to read or managed contents of file, but manage files and five properties. So technically I would like to create a file on the remote system, and I would like to just keep it there. And for this, we need to specify some arguments. So the first one is the path, which is going to be thumb, test, file and state touch. So let's see how this playbook runs. So ansible playbook, playbook, Lynn, EMO. And it's not running. Why is it not running? Maybe there is a typo. So hosts oh, hold on. Yeah. We demo. We are going to have a separate video. You need to check the indentation as well. So now if we rerun this playbook, see hosts, oh, hold on. Limb, Ubunto and zoo burn dash amping up. It's working now on the playbook shall be running. So first what you see on this output is that the task has a change status. So it means behind the scenes that something has happened. Now due to the item potency, if I run this once again, it is going to still be changed because. Only specified that this task needs to be, needs to use the phi manure and it needs to touch it. So if you use the attach command line of systems, it means that it updates its timestamps. So from like, I don't know, creation perspective. But if I say that this file should be present, then whole long. So it's not like present, but it should be a file. That does the problem. And okay, so now it means that we already had a file. So the task reports back that it's okay because we had the same file that then what we wanted to create. And same goes for Windows systems. So let's create a playbook. When that demo. And we will give it the hosts. 29 a. And the gather facts is no. And the tasks are the following. So national create file on the C colon backslash, backslash damp. And the when file has the path argument. And the state should be 50 along ansible playbook. Play book when EMO cannot be created is that we have, let's check the official documentation. So basically, when you see such an ad or a message, when fine, you should always try to console the official answer, but Document visual because in my experience, they are like pretty up to date and they allow you to work with them and have success. So we have the path and the state. So the state is file and the C tamp dust file is there. Here we have the c damp. And why is it not working? Let's troubleshoot it. So administrator port failed, we will not be created by. So anyways, basically, the idea of this video was to give you a hint on as to how you can use the ends of those documentation to create files and stuff like that. So let's try and go in a different way. So we have this test, their wishes directory, and try to run this playbook once again. So now it was able to create a directory. And the second time that we have run it, It was able to say, tell us that the directory already exists and we do not want to like execute the same command which creates a directory. And technically that was all I wanted to show you. See you in the next video. 11. Amas Playbook Args: Hello there and welcome back. So now that we know what playbooks are, basically, we would like to know how we can create arguments to display books. So arguments are going to increase your efficiency because they allow you to create flexible playbooks based on like additional information that provides that you provide to answerable playbooks and you can use them on roles as well. So technically, this video is going to show you how you can create a playbook. So VI, playbook, ln, arg, like GMO. And we would like to execute this on the host called y12. And gather facts is no. And the tasks are going to be as follows. So create custom for the damp DMP called. And here comes the argument part. So you need to use double curly braces. And we just seem to, we would like to call it folder. And we use the fine or your. And the path is going to be thump, double curly braces folder. And the state should be directory. So now if we attempt to run this playbook, so playbook Lin argh, We will get an ad or because undefined variable is present. So we can specify the dash e. And we say that the folder is equal to whatever. And this path, the value to that variable, which allows you to create custom folders. If you run it again, it will say that it's okay. And if he SSH under you want to have on the thump, the whatever folder. And basically this is how you can, I simply assign different arguments to your answerable playbooks? And it opens up a wide range of varieties as to what you can do with display books. So you could create a playbook that deploys different application-based and argument, sets up a different folder structure based on arguments. So like the options are limitless and if we want, we can create the playbook for the Windows machine. And we call it args. Gmo. And the hosts, the 98 gather facts is no. And the tasks are going to be named create for the C colon backslash, backslash stamp, called folder. And when file. And we specify the path. We need to make sure that we code this. So C colon backslash, backslash for the state is directory. Now, if we attempt to run with ansible playbook, this playbook, we would get like, hold on. Because a different error. So there are arrows from each Jason on the seventh line. C term folder here. Come on. Now let's rerun. This includes an option with undefined variable, that's what we were looking for. And Lynn Laughlin, but when August GMO, whatever. And we would like to create it. And if it's created, we would not like to create it once again. So if we go back to our Windows machine, well that you can do is check the whatever directory was successfully created. So I hope this gave you a basic idea as to how you can add different arguments. And in later videos we are going to expand on this topic and go and dig deeper as to what the syntax is and how you can use it to your own advantage, T and that axon. 12. Amas Windows CredSSP: Hello and welcome. In this video, we are going to take a look at how you can configure great SSB authentication against your machines. And there's SBA is a newer form of authentication which works both on local and domain account. And it allows credit Asher delegation, which means that the credentials are sent encrypted in an encrypted way whether you are using HTTP or HTTPS setup. So now, just to be sure, Let's see if we have the user, we have it. Create it never expires. Member of the right group. Now, we can open up a PowerShell prompt. And we have only one command that needs to be run, which is the enable VS mom, cred, SSB. The roll is going to be Sarah. And we add the force switch. Okay, now we can jump back to our CentOS machine and go ahead and create. Under the Etsy as Berg group was the wind cred, SSB. Now, here we are going to specify it as user ends. The ends Above buzzword is going to be start exclamation mark 123 and is about connection is going to be when our RAM and NCBO, we're not M, transport is going to be 5985. And as if when RM port is going to be hold on 5985 and the transport is going to be cred, SSB. Alright. What? But I use the command fats as a group force when cred SSB. And let's create it with come on. Group force. When cred, SSP, MO. Now, as just break down this input and the user, sensible. And we need the three dashes and hold up. We also need to, to this. Ok. Now we should be able to edit our ETC host file, sorry, ansible hosts five and just replace this group with when thread SSB. Alright, now let's see if the setup is working. We use the limping module as always. So it's not just like sending a simple, we're not sending a simple ICM peeping, but it is going to try to connect to the when a ramp with a specified credit shows as parser. Okay, last try it once again. Great. Now we are in and the Punk came back successfully. So that was all I wanted to show you in this video and see you in there. 13. Amas Special configs: Hello there and welcome back. In this video, I would like to show you some special configuration that I frequently use because I don't make my life easier or add some functionality which makes it more convenient to use NCBO. So first, what we would like to do is to open up our ansible CFG five. And we have a line here which is telling us, let's search for that. Alto hosts key checking. This might be useful when you have like dev environment where service are frequently read installed and you want to just run playbooks against them as fast as possible. You don't care if the hotkey changed. Of course it can pose a security problem. Now if we check the execution of a playbook or just an utter command. So they're sham command a uptime against the machine. You will see that this is not really, I don't know, pretty output. So the next setting that I would like to show you is the it was below that setting. So the standard output callback is like something that we can and should change if we like, want to make our output more or prettier. And this is the AMA. And when we change the setting to AMO, then it's going to affect only the playbook executions. So if we add the bin and Zippo callbacks equal to true, then this is also going to be applied on auto commands. So let's see the same command. Now. You can see that it has a more like structured and easier to grasp view. And the same goes for if I like create new playbook. So test and zebra config that Yemen. And in this playbook, I say that I would like to use the hosts you're born to, the gather facts. No. And we will have a simple task. Which is name is going to be, I don't know, create the file if present. File path goes under the settings name, state present. And if you execute this sensible playbook with the new settings, we should see, oops, oh sorry. So the state should be fine. We don't have a Temp folder. But why don't we have it. Come on. All right, but while it's loading, we will go to our next setting. And basically it is going to be about callbacks. So callbacks allow you to add also extra functionality to your playbooks and other commands that rolls. And one I like to use is called hold on is the timer. And the second one is the log plays. So let's see the timer here. Then we have, again, yes, we do sudo, so NCBO, make dir them. Well, what do we have here? The file is up sand cannot continue. I want you to create dust ansible config, pass state. Maybe. Or we may also get this at all. The coulombs. No, that's fine. The fire should be there. All right. Now, let's get back to it. So you can see a newline here, which was a bid for our playbook execution, which is just like measuring the duration. And if I say that, let's say, Oh, why is it getting the, we have another task which is just simply going to issue the sleep. For three seconds. Come on. Sleep three. Then 1230 k. So it was like just to prove that this is working. Okay? Now the next thing that is really convenient when you are not the one who is going to use the playbooks that you create or you would like to outsource it. It's a good idea to set up NCBI to log the plays and the commands which are executed. So let's go back to the ETC. Ncbo hosts file, not the host file, the config file. And let's search for the log. So if logging is on, by default on as the past is defined. So we would like to add here the slope path. Now, if we go back and execute this playbook, it we get an error message which says that the ansible log is not writable and cannot be created because the under the war log for older, you only have access to this with the root user. So let's go and sudo touch. And it's about log. And we would like to change the owner of the answer of the log file to ansible dot CBO and the Zippo. Great. Now if we rerun our playbook once again, you will see that no warning message was presented. So if this happens, it will not prevent the playbooks from working or there are all sorts of commands into just not record whatever it has happened. So if the war log and the log, you will see that Walla, Here are the logs for our place. Now, the last thing that I would like to show you is going to be another callback plugin. So go back. Come on. It's here somewhere. Yeah, callback vitalist and it is called the log plays. So it's only going to work if you create, configure this plugin. So in order to know what kind of plugins are available or callbacks, you can use the ansible dot dash t, which is the topic. And it is going to just simply lists whatever callback is available or your system. Now, you need to configure this. And in order to configure the log plays plugin, we need to create a section. We need to create a section for it. So callback, underscore log, underscore place. And we need to specify a log folder. And this is going to be under Etsy NCBO logs. And we need to create it. So at C NCBO logs. And now if we execute the playbook once more, we will see something happening under the logs folder. So under the locks folder, we will have file per host and the results of the playbook execution. So in this case, we should see here a value detailed information about what happened during the execution of the place. So the NCBO log under the war is going to capture your like output. And the slope file is going to give you like what's behind the scenes. So it's like going to allow you to troubleshoot an issue regarding a playbook with more insights. And basically that was all I wanted to show you. So see you in the next tutorial. 14. Amas Facts Gathering: Hello there and welcome back. In this video we are going to talk about facts. So facts are gathered by the NCBO by default. And technically they allow you to implement logic into your playbooks and draws based on gathered facts. So let me just try to rephrase it. So let's say you want to create a playbook which can create phi lambda or a specific folder regardless of the infrastructure. So like for windows, it can handle it. For Linux, you can handle it. And you don't want to use like I have a playbook for Windows and I have another for Linux systems approach. So now what we are going to do is first check the facts, how they look like and what we can see in there. So if we create the test facts, make it underscore, not GMO. And we would like to executing it on all of our host. We should first Disable together facts with the no. Create a task which is called setup. And we call the setup module. And this is going to be new, new argument. We used the register to capture the output. And in the second task, what's the output? We would like to use the debug module to print a message that will show us the output. So ansible playbook test facts. And we thought to dealing with the syntax error or because they should be hosts. So now we are on the setup manure. And the output of the setup module is all together information that we can see. Now what we are looking for is called ends will OS family. So come on. We are almost the same as the default. Hold on. Os underscore family. Right? So this is coming from the Debian. And if you check for the OS family, once again, this is coming from the windows. So let's create another playbook. Come on. Test facts. To that GMO. And here we would like to define the gather facts as yes and all the hosts. And we create to worry Abel's. So when temp is going to be C colon backslash temp and the Lynne temp is going to be forward slash temp. And what we would like to do is to create tasks. And the first task is to create, Lynn them on Linux systems. And we use the fine or you will. And we specify the path which is going to be the temp or not that let's rephrase it. So under the tamp, we will have a test fact folder. Thus fact folder. And the path is going to be coming from the variable and the state is going to be directory. And here comes the fun part. We use the when clause and we say that NCBO or S family to Debian. Now let's run this playbook, ansible playbook. Test facts underscore two. Great, we have gathered effects for both of the systems. And as you can see, we have skipped the 2098 because the went statement when false. So now let's correct it. Let's mother task create when all alone. Let's just figure this on Windows systems. And we use the wind file with path coming from the wind worry IBA. And the state is directory. And when the ansible OS Family is equal to Windows. And if everything goes well, we have created a playbook which can cope both Windows and Linux systems. So on the first task only the Ubunto says, okay, the ADA was skipped. And on the second task, the windows says changed, so the folder was created. And technically that's all I wanted to show you. See you in the next term. 15. Amas Facts Caching: Hello there and welcome back. In this video we are going to talk about fact caching. So fact gushing means that when you have a playbook, you don't necessarily want to go out and gather a fact which will be an argument to a task or a role in your playbook. So technically I would like to show you how you can use two different approaches to fact gushing to like improve the execution speed of your playbooks. And the first one will be the JSON file, the second one will be the radius. And let's jump right into it. So that's danceable horse, our Linux group with the Ubunto. Just as a ratification with Ping module. Let's see if it camping this. Yes, we accepted. Great. Now if we go to the Add cn's as CFG fire, we should search for the memory keyword. Because by default ansible is gushing in memory. And we can modify it to be a JSON file. And let's remove the command from the fact cashing connection. And for now, it is good enough for us to cache this to the TAM folder. So if I issue now the NCBO setup, you want to it is going to reach out gathered effect. And under the Temp folder, we see a You been to 5%. So let's see the content of the file. You see that this is basically a JSON file with all the gathered facts. And let's go ahead and install with the ARM the Redis server. So readies is an in-memory database. So it may not be the most appropriate solution, but this is just a demonstration. So if you want a persistent data store, you would like to install a MongoDB. Or if you check the ansible doc dash T, cash dash l, you will see that it supports the Memcache D, B and the memory, the MongoDB, the pico, the radius, and the ammo. So you have plenty of options to cash your facts. And now we should be able to use the sudo pip install. Read this. So this will install the wrap this module which is necessary by or which is dependency of the reddest plug-in in ansible. And now we need. To get the IP address on which we would like to be listening. And what we would like to do is to sudo privileges at the ends, but that's here. And just search for the JSON file and replace it with Redis. And go ahead and say that the network connection is IP address 6379, column one. So this way we tell that we don't want to connect to the loopback interface. We want to connect to the IP address on the specific port. The red is database, which is called 0. Alright? So now what we need to do is to configure with pseudo VI, see redis.com. And here we search for the bind other us. So the address is important because by default as a security measure, radius is connecting or running the service on the loopback interface. So unauthorised person cannot access this database without authentication. But we're just demonstrating the stuff, so it should work. Now, what we would like to do is to issue with the system CTR. The start, read this and enable read this. And with the pseudo system CTL, we would like to stop the firewall LD and disable the firewalling. Great. Now, I would like to show you a tool which is, I think pretty handy. So it is called Read this inside. You can download it from the official read this page. And if you go to the homepage, hold on. Not the homepage, the localhost, 8,001. You will see that we can add the reddest database. So let's add the database. Let's insert the IP or like CentOS is going to be the name than the IP address. And the 637, D9. And we didn't set up any authentication, so it should be able to connect. If we enter the correct port, 6379. Great. Now on the machine, what we should be able to do is to see an overview as to what happens. So the commands per second num is going to show you how many, like insert commands or update commands happen to this database. And under the browser, we should be able to see after running the NCBO dash m set up, you want to some information. So now let us just refresh this. And we see that we have the cache keys for the machines, which are going to identify the machine inside the database based on the key. And we have the answer, but facts Ubunto. And these are all the facts that are, let's say, cached by the set-up module that can be later like utilized. So for example, if we go and create a playbook or has just added test. Oh, hold on. Let's create it. So VI at sea or test. Read this demo and create this one. And the hosts are going to be Ubunto. And gather facts is no. And the tasks are going to be create folder based on NCBO OS family. And we use the fire module. We used the path which is going to be them. Test this. And it is going to be in a state directory when the NCBO OS family as equal to VM. So now we should be able to run this playbook, so ansible playbook. And as you can see, what happened here is that we didn't get there any facts. But since the cache was alive, it was able to retrieve the ansible OS family for this system, and it matched the Debian and it was able to create the folder itself. So that is all I wanted to show you about. Basically fact gushing to you in the next video. 16. Amas Network Auth: Hello there and welcome back. In this video, I'm going to show you how you can set up your connection to authenticate against cisco network devices. So here we have C 7200 network device, which is like Layer three router. If I'm correct, but don't take my word for granted. So now, first we open up a console, again, this device, and we have the console. Now on ansible part, what we would like to do is to make sure that the ETC, ansible hosts file holds this cisco device. So see 7200. And on the ETC, host five, we need to make sure that we have name resolutions. So in this infrastructure, as you see that we don't really have any DNS servers setup. So I'm using the host files to translate IP addresses or names, or vice versa. Okay, now that we have got this out of the way, what we need to do is to create a group wars, a file which is going to be called the scope. And inside this file will specify an ansible user and an ansible password. So this is going to be like start 123. And as well connection, which is going to be network, CLI and ends will not work. Os is going to be IOS. And the thing that is one more thing. So that's lagged. And z will become methods enable. Yeah, so and let's add another one, which is going to be NCBO, become password, which is going to be start 123. Ok, now we have configured our ends of a management server. Now we can go back to solar potty and configure our router to receive the connections or layer three switch. So comp terminal, we need to specify the hostname, which is C 7200, the IP domain name, which is Reaper pi, local. And we would like to create a user and unstable with the password. Start 1-2-3 and enable password should be start 123. This is not like security best-practice video. It's just shows you how you can set up the connectivity. So I encourage you to follow this. You make you need to make sure that your password are compliant with your company's policy. Alright, now, we need to use the key TOP, generate RSA and a 2048 here. And we need to underline VT ly slash for Hold on. And we need to specify the transport. Input. Local, Hall on input low, sorry, SSH and login local. And now what we need to do is to go for our interface f a 0 slash 0 issued IP address 19216856. That then with the mask to 55 to five, 5.2.5, 5-0 and the nose shot. And if everything goes well, we can issue the IPS sage version. So IP SS. Oh, no, okay. So Ping, see 7200. All right, it's working. Now we should check the answer with damping. C 7200. Oh, well now it seems to be working. So basically this is all I wanted to show you four simple setup. I'm going to have a video when you configured public key authentication for Cisco devices, talk to you in the next one. 17. Amas Static vs Dynamic: Hello there and welcome back. In this video, we are going to create dynamic inventory. So basically you can create a dynamic inventory which will generate your host list, your group structure or whatever with a script which either produces an ansible compliant JSON file or an INI based input to your scripts. So let's create the scripts Dean dot p, y. And here what we would like to tau to the interpreter that it comes from the user bin, Python three. And we would like to tell it that basically we need the ARG parse module. We need the OS module, we need the sys module, we need the JSON, will you? So if you are using as 2.9 or higher, it should work if you are using like 2.6, so lower, it is going to default to the 2.7 python interpreter. And you may need to find a way to work around your ad or so. And that's create Plus, which is a gust enough customer inventory. And here what we would like to do is to create an init function. And inside this init function, we pass one argument, which is the south. And the sapphire argument will create the inventory dictionary for the object itself. And we will create the read CLI 4xh function. And now what we need to do is to check if the South that args dot list exists. And then we will say that our inventory is equal to Safdar, our inventory. Otherwise, we would like to say that the Safdar inventory is equal to Safdar empty inventory. All right, now what we need to do is to specify what defined the MT Mentor function. And it takes the saf as an argument. And what we will do is to return a dictionary with underscore motto, which is like a equal to the host. Wars. And this is going to be an empty dictionary. And now we need to define our inventory, which is taking a self as argument. And now we return. But what do we return? So basically what we would like to do is to create a group. And this group is going to hold the following dictionary value. So we need to specify the host, which is going to be a list. So when you say that this group holds a list, then you assign any host that you want to this group. And we have the Ubuntu machine up and running. And we would like to assign it to this group. And for the wars, we would like to define a dictionary. So this dictionary, we hold an example which will be like whatever. So this volleyball is going to be accessible throughout your host, which belong to this group when you invoke this dynamic human story. And now what we would like to define is the underscore method. So this method is going to hold some host variables or long. Let's keep the structure host wars. And we will have this example, War evil whenever. And technically that's it for this part. And now what we would like to do is to define the read CLI 4xh. And here we are going to utilize the arc pulse module. So the first argument is sad. And we say that the parser is equal to arc parse arguement bars. And we have the parser, that odd argument, dash, dash list, and the action. And this is going to be stored true. Self.age dogs is going to be equal to pause. Paul arcs. And now the last thing that we need to do is to invoke our cost him. And let's change a CH mod plus x custom or dynamic. Py. And let's try to execute it. So Dean, that p Y should produce output. So custom inventory redox return, return k, And we even call it. So now let us try to use the ends but a sham command, dash, a uptime dash. I am Dean Ubunto. And it's not working. So we have the Metta, horse wars, we have the init function. So our Riemann Tory empty inventory. And we have, our inventory is specified as Ubunto example, whatever. Mehta host wars example or whenever. And this should be working. Hold on. We would like to print the JSON data, dump that inventory. And let's call it. So forward, back, forward slash Dean, PY. So we have this matter hosts walls which are empty. It should be working. So store true self. Dogs are bars. That's fine. We have the return statement to our inventory. And group is going to be holding Ubunto. And the matter. We have it here. You also have the matter over here. So why is it not working? Oh, sorry. So basically, this is going to allow us to generate a dynamic inventory, which will generate a list of hosts or list of groups. We end list of host which belong to specific groups. And it will, if you have a decent naming convention in your infrastructure, you could be better off with this solution. So that's what I wanted to show you to you in an axon. 18. Amas Roles: Hello there and welcome back. In this video, we are going to talk about the roles in ansible. So it can be imagined like grouping a set of tasks to achieve like desired, stay it on your target machines. And by default, the roars live under the ETC and zebra Ross folder. And currently we do not have any role is defined. So let's create at all, which ensures that the Nano text editor is deployed on our Linux machines. So in order to do this, we need to create the rules for older. And let's say this is going to be aligned with throb and inside text at the door. And here we need to define the tasks folder. And inside the Tasks folder, we need to create a file called main. So the main that Yammer is going to tell as well what the heck we actually want to do. And it's like, it looks like as if you had created tasks in your playbook. But let's do this. Install Nano text editor. We use the APT module and we will have the package and the state present. So no, hold on. You check something. So Docs dot and z bar. And here we would like to check the APT Majuro. So this is like a go-to place. And in the examples we can see, yeah, so it's not the package but EKG or so we can use it in two different ways. You could say that this is the package that we want to have. So like name is nano, which should be present. Or we can say that we want to add multiple packages which are coming from a list. So install more deeper packages. And we used APT, we use the package and we create a list of packages. So package a, package B, or let's make it something more viable. So let's call it the Apache 2x and x. And now we can pass the state, which should be present. Now, if we want to create a playbook, we can do it the following way. Let's call it tests roles that Yammer. And we would like to execute this on the hosts. You want to. We don't gather facts. And we will have the rows. And the first roll is going to be Linux text detour. And basically that's it. Let me just clarify some things. So TextEdit thought that's okay. And don't forget the no, from here. Ansible playbook R4. So if everything what hosts line knocks Ubunto. Oh, hold on. Pseudo system CTL, start. Radish. And I would like to also enable it. Great, now we can run the test stores. So reddish was set up to allow fact gushing. And that's kind of the reason. So one last thing that we need to do is to either say in the roles that we would like to become. Because without root privileges you cannot install packages. Or we could also say that we had it, our role file, it's f. So here we could say that this task requires the outcome. It achieves the same. Alright, now, let's try to install nano and tried to install multiple packages. And OK. Great. Basically that was the like initial setup that I wanted to show you. By the end of this course, we will check out NCBO galaxy. And we will take a look at how we can create a fully fledged role. And that was all I wanted to show you to you in an axon. 19. Amas Group variables: Hello there and welcome back. In this video, we are going to talk about the roles in ansible. So it can be imagined like grouping a set of tasks to achieve like desired, stay it on your target machines. And by default, the roars live under the ETC and zebra Ross folder. And currently we do not have any role is defined. So let's create at all, which ensures that the Nano text editor is deployed on our Linux machines. So in order to do this, we need to create the rules for older. And let's say this is going to be aligned with throb and inside text at the door. And here we need to define the tasks folder. And inside the Tasks folder, we need to create a file called main. So the main that Yammer is going to tell as well what the heck we actually want to do. And it's like, it looks like as if you had created tasks in your playbook. But let's do this. Install Nano text editor. We use the APT module and we will have the package and the state present. So no, hold on. You check something. So Docs dot and z bar. And here we would like to check the APT Majuro. So this is like a go-to place. And in the examples we can see, yeah, so it's not the package but EKG or so we can use it in two different ways. You could say that this is the package that we want to have. So like name is nano, which should be present. Or we can say that we want to add multiple packages which are coming from a list. So install more deeper packages. And we used APT, we use the package and we create a list of packages. So package a, package B, or let's make it something more viable. So let's call it the Apache 2x and x. And now we can pass the state, which should be present. Now, if we want to create a playbook, we can do it the following way. Let's call it tests roles that Yammer. And we would like to execute this on the hosts. You want to. We don't gather facts. And we will have the rows. And the first roll is going to be Linux text detour. And basically that's it. Let me just clarify some things. So TextEdit thought that's okay. And don't forget the no, from here. Ansible playbook R4. So if everything what hosts line knocks Ubunto. Oh, hold on. Pseudo system CTL, start. Radish. And I would like to also enable it. Great, now we can run the test stores. So reddish was set up to allow fact gushing. And that's kind of the reason. So one last thing that we need to do is to either say in the roles that we would like to become. Because without root privileges you cannot install packages. Or we could also say that we had it, our role file, it's f. So here we could say that this task requires the outcome. It achieves the same. Alright, now, let's try to install nano and tried to install multiple packages. And OK. Great. Basically that was the like initial setup that I wanted to show you. By the end of this course, we will check out NCBO galaxy. And we will take a look at how we can create a fully fledged role. And that was all I wanted to show you to you in an axon. 20. Amas IOS Tshoot pbook: Hello there and welcome back. In this video, since we have now all the foundation that we need, we know the basics of ansible reacting authentication against different clients. We know about flew 48 births, we know about draws, et cetera. I think it's time to take a deeper dive and go ahead and try to create something useful. So currently the scenario or the task at hand is to create a playbook which is going to issue troubleshooting commands on the remote Cisco system, retrieve their results and dumped them into a file. And yeah, that's what we are going to do. So first, we would like to edit the group force of the Cisco group where the C 7200 lives. And we would like to add the become methods enable and the Azi br become password. Start 123. This is necessary because we would like to show you the shore and command which needs enable privileges to it. And that's all for it for now. And let's call it network the shoot that yellow. So first we need hosts, and this is going to be Cisco. We need to become for the command to work and we need to stop gathering facts. So the first task at hand is issue the necessary Commons. We will use the iOS command module. And basically it is going to take a commands argument. And we can say that the first command is the show version. The second command is the show IP. In brief. The third command is the, I don't know. Let's make it the show run, which shows the running config. Now we need to use the register argument and we say that this is simply the output. Okay, now we need to see what's in side. So we use the debug module and show the message output. Alright, are we ready to roar? Oh sorry. I think. But we will see. So ansible playbook. And now we are issuing the necessary commands, capturing the output. And wallah. Here we can see the running config. Of that iOS device. And we see the show version, and we see the show IP in brief. All right, now what we would like to do is to put it into a file. But in order to do that, we may want to check two things. The first one is whether we want to put this into a file from the STD outlines or from the STD up. So the STD out, as you can see, it's not that structure, so that's the role in output. And the STD outlines is EBUS way of trying to represent you the data in a more like tangible way or easier to understand. But for a file, what we need is to grab the S to the out output. So let's modify the spot. So let's just output that std out this. Now we have all this fancy data that doesn't make any sense. It's hard to read. But we can use something called like local action and basically nonetheless collection. But let's, let's try it in a different way. So we I network the shoot. And we say that we would like to have the name save output two, dump. And we would say as the host. And we need to use the copy module. And we see that the content of this is going to come from our output that std out and the destination. Or non, it's not that one. It should be as hostname. And underscore the shoot that P x t. And this is the content that we want to save out. And the path is going to be under this path. So it's just like we were right where we want to dump this one and gate. Two, low-cost. Alright, let's see how this works. So undefined variable as hostname, it may not be right. So I think it would be menthol rehearsed. A high. That's the one. I don't know why, but I'm having a hard time remembering this stuff. So inventory, hostname and 30. Hostname as try to run it once again. Destination or don't. Oh, well, well, well what do we have here? And we have it this way. So the idea behind that is that we would like to pass this to like hand or some other script to process the information. And I think we have like successfully absorbed the first challenge to you in the next term. 21. Amas IOS Tshoot pbook v2: Hello there and welcome back. In this video, we are going to try to improve the troubleshooting playbook that we created in the previous one. So let's see what we have in there. We have hard-coded Horst variable and we have hard-coded commands. And we also have the path for the, well, let's say output hardcoded. So basically, what we would like to do is to detach these from the playbook it sounds so we can have a playbook which is able to troubleshoot dynamically on Horst provided by a list of commands to a specific destination. So let's jump right into it. What we would like to do is to go to the Add CNC bird group force, Cisco, that TMR. And first what we need to do is to create the following, least so to speak. So let's call it t shoot Commons. And this is going to show version and show IP and brief and show run. These should be enough. And this moment, now if we go back to the network T-Shirt, Hold on. Let's go back for them in it and copy the list name. And now we can add it the tissues. So basically. 22. Amas IOS Port Decomission: Hello there and welcome back. Now, we have a task to create a playbook which is going to dynamically disabled. They are using dashed faces on a Cisco network device. So when I was a network administrator, it was like best practice to disable all the IU sports. Because that way, if someone gains unauthorized access towards our datacenter, could go ahead and try to plug in to a port. And it was not administrative, the shut down, there could have been a way in which he gained access to the infrastructure. So by default, when these devices ship from Cisco, they don't have their interfaces shutdown. So we would like to create a playbook to do just that. And in order to do that, we first need to create or edit the ETC, NCBO group worse, Cisco file. And here, what we would like to do is to create something called interfaces. So these interfaces are going to be int GI, one slash 0, int ECI to slash 0. And these are coming from our show IP and brief output. So basically, it tells us that the faster than a 0 slope 0 is used. The rest are unused, but their status is up. So go ahead and 1234567. Oh, and create our port. And the calm that EMO. Alright, so what do we need in this, this playbook? First, we would like to specify targets which come from a variable. The gather facts is no, and the become is yes because we need a neighbor prompt to configure these interfaces. And after it is done, we can specify something called wars files. And this is basically a file where neighbors are looked up from. And what we would like to say that this file is that under the ETC, NCBO group force, cisco that YAML. And now we can specify our tasks. So shut down unused interfaces. And now we can use iOS config, module. And desires configure ensures that the, the configuration which is specified is like enforced on the remote machine. And because of this, it works a little bit differently, but you are about to see it. So the lines, we have only one line which is a shutdown command. And for every IOS config, you need to specify barons. So parents are going to be configuration sections, like if we check here the show around where the appropriate section will be applied. So we have these, these patents and listed under Interfaces in the group was very able or file. And we want to apply the configuration to them. And basically that's all patterns are about. And this is going to come from the item. And we can turn that we want to use with items. And it is called Interfaces and shack Nikoli, That's so on. So if we are lucky with very little syntax errors, we can call this playbook against our targets, which is the C 7200. And whoa, it's not names its name. Sorry. And it should be able to disable every single interface. And as we progress, we should see on the console that it was administrative, they shut down. And by the time it like ends. We should be able to issue that. Do show Ip in brief. And we can see that they are almost all. Oh, I think there is a mistake. Super group force. Cisco. We are missing the SC Two, firstly 0. But apart from that, it seems to be working. So now we should have that one shut down. All right, then our job or task is now concluded. So or at what happens if we all know, that will be the next video. 23. Amas IOS Config Backup: Hello there and welcome back. In this video, we are going to create a playbook which is able to back up your running config. This may be familiar to you. So back-up config that YAML is the playbooks Nim. And we tried to make it as dynamic as possible. So we are going to accept targets. We need to become because the show run config requires an privileges, we do not want to gather facts. And the tasks is as follows. Backup, config from three hostname. So just we know which host is backed up and the moment. And we use iOS config manure and we say backup. Yes. And backup options. We will specify two option. So the first one that we need is a filename. And basically, I would like to have this file names start with the actual inventory hostname, which refers to the machine grandly burden, underscore backup, Nazi F, G. And I would like to have the directory path to B. Yeah, it also should come from an argument. So dear path. And if we save and run this configuration or playbook, we can pass two arguments. So mock-up config dash E targets is going to be our R2P Cisco. And the dash E, D or path is going to be forward slash home slash 0. And now we should see that this is changed. And in the current directory, we will have the C 7200 backup that C, F, G. And if we inspect this content, issue seems to show the running config. So if you want, you could further customize this. But I would like to believe that you have gained the knowledge to get by on yourself. There will be one last video about matter cultivation and the small summary. So stay tuned for more. 24. Amas IOS Config HSRP: Hello there and welcome back. In this video, we are going to configure hot standby routing protocol on our Cisco routers. So basically it allows you to create highly available gateway or floating IP, which is either going to be accessible from one of your routers or the other router. So for this to work, we need to drop in another C 7200. Go back to the switches and we want to delete the connection here. And then odd, what should we add? An atom at relay switch? We connect it from our network adapter to data and then 0. And the eta naught one goes into outer ones facets are non-zero. And the Ethernet two goes into the router tools fast Donald, 0. Now we are going to start our router and open up cones or so. Now, what we would like to do is to basically configured our network devices. And I'm going to use my GitHub Documentation for this to work. So currently we would like to use these commands. So configured the towel in asset, the hostname, crypto key generator as it should happen. But let's modify something. I would like to call this. Not until 200 Bart. A little bit different. So 7000 to, and we would like to enable the secret and generate our crypto key. Yeah, 2048. And we would like to have our line MBTI configured for transport input SSH login local. And we would like to have our first eternal zeros 0 configured with 1011 IP. All right, so finally, we issued the No shut common. And if everything went well, we should be able to add these two are at c host. And we just simply say that this goes to the C 707202. And we would like to come on, save this and that it with sudo. Our Etsy was fine. So the IP that I gave this new network device. Should we 1685611, C 72002. Alright, now if we try to as Burdash damping the Cisco group, both Sz with the appropriate module m should come back fine. So now if we go back, we can see that in this case the readies fact catching didn't have any cached information. So this output is different from this one. Alright, now what should we do? So in order to configure the h's Rp, we need to create a playbook. So we, I add the conf US RP, that GMO. And we would like to use the dadadada hosts. Cisco. The become is yes, the gather facts is no. And we would like to have at least two tasks. So the first task is configured C 70 to 100. And we say that the iOS config is going to be as follows. So we have the lines, and the lines tell the device that the stand by is going to be one. And the IP is 19216856. And let's make it 100. And we would like to say that the stand by R3 P is 100. And we would like to have the stand by, preempt the one. So basically it tells that the C 7200 will be the primary one who will answer for this. Like pings or any traffic that comes against the HSI ERPs way. And there is an automatic preemption. So if this node goes down after a while, the other will try to tell him that, OK, you are back then you should take over the the leash and push the traffic. And we would like to say that in the, sorry parents, there's going to be int FAA 0 slash 0. So we would like to configured it on the interface on which we are able to connect to these devices. And we would like to say, when the inventory host them is equal to C 7200. And this takes care of the, one of the router's config and the other routers configure is going to be very similar. So configure. See 7202. And we say iOS config. And the lines are going to be a little bit shorter. So standby one, IP 19616856, that 100. And then by 01:00 PM. And yeah, so now in this time we also need some parents. And this is going to be int f, a 00 when inventory hostname is equal to C 7202. Alright? Well, I mean, hopefully I didn't make too many typos, but we will see at least one. So facts. I need to change battering my glutes. So here, first time changed and the second one changed. Is it? I mean it should. Whoa, hold on. Let's try to run this again. The host C, So until 200, OK. Than we check for this one. Yes. Are we able to get thin? We are. Ha, alright. So I know the problem. Now. It should work. But basically the problem was that when I reverted back this virtual machine, I didn't set under the ETC and z-bar and super config alto husky. But yeah. So technically, now if we go back to our network devices and show include age, SRP. With the due. Then all that is left to 19216656100. Wow, and we are able to ping it. So I'm on my other node, the 72,002. But if we go here and go to the stamina in phase 0 slash 0, shut. And we're still getting the ping back. And if I shut down the other one into F a and 0 size 0, shut, then we start getting replies. And if I say no sharp, we should be seeing that this comes back. Yeah, reachable. And now we have this back. So basically this is what h SRP is four. So it's not like you only have this IP address which is available. You could associate DNS name resolution or whatever you need, like load-balanced or highly available. This is one way to do it. So that was all. See you in the next one. 25. Amas IOS Ending: Ladies and gentlemen, we have arrived to the last video of the network part. From now on, we are going to continue with either Linux or Windows. I have not yet decided, but basically, I wanted to give you traction with regards to how you can use as a lever to automate IOS based infrastructure. So technically, what you saw was that how you can configure message of the day, login ban, execute commands, configure each SRP backup configuration. So these may seem like very basic steps, but my intention was to give you like, I don't know, advantage so so to speak so that you got the feeling as to how you can utilize and z bar. And in this video, I would like to talk to you about how you can proceed forward. So I have documented everything that we have done under the iOS playbook examples. So this is like a step-by-step guide. If you get stuck, feel free to visit this page or contact me on this course and on Asimo documentation if you search for iOS module. So a list of iOS manures USE that there are two big sections. One is iOS and one is I OSX are. So currently for the latest version of ansible, which is 2.9, these are the supported modules. And for example, if you visit the iOS command, and we will see the nice documentation explaining what are the parameters, the default, and some additional comment that helps you understand how you can use the module itself. So if you are stock or you are having a new requirement to configure this or do that, what you should first, doom needs to visit the official docs because if someone ordered it, created the module that is going to be able to do what you want. You are at an advantage. But on the other hand, if there is no more you are, which serves you in this situation, then you also have the option to figure out your own way as to how you can proceed to resolve that task. And that was all I wanted to show you in this video to you. 26. Amas Lin Docker handlers: Hello there and welcome back. In this video we are going to talk about handlers. So handlers that are pretty useful thing to use because they allow you to perform or the past steps in a specific order. So for example, if we install a package week should quires service to be restarted or if you install Apache and you would like to enable it service and make sure that it automatically starts, then this is the a fright way to approach it. So let's call our playbook line looks darker handler. So YAML. So we go to our Ubunto machine and become the root user without gathering and effects. And we have a few tasks. So first, we need to install. We installed Docker dot IO. This is how the packages called Ubunto and we use the apt. And we say that the name of the package is dakota I O and a state. His latest. After that. Hold on. Why do we have so much space here? So after that, we need to add and subtract to Docker group. So we can do this by using the user module with the name ansible and the groups Docker and append. Yes. So basically there are two things I want to mention. The first one is if you omitted the append, yes, you would have ansi bus only group membership which is darker and it is wrong because it could rack your current memberships and take away privileges from user. So if you want to add new group membership to your user, you should use the app up and yes. And the other thing is the State latest saw the state latest is going to either install existing package or going to upgrade an existing package. So in our case, it would work if I say this is like state present as well. So present, we're not touch your packages at all. And now what we would like to do is specify our handlers. So the name, first name is, should, is or should be enabled occur. And the second name is to start Docker. So how do we enable Docker? We can use the service module and specify the Docker service. Sorry, this is done the service, but the system, the And we say that the state or no enabled. Yes. And it is going to enable the module or the service itself, which means that on the next, next boot it will automatically be started. And what we would like to do after that is to use the service module name, our Docker service and say that the state is restarted. So now if everything goes well, we should be able to execute the playbook. So Linux Docker handlers. And we installed a Docker dot IO. And until it completes, I think it takes lack almost 200 megabytes to download and then a few minutes to install. All right, so now it seems like everything went well. But there are things which were left out. So that's SSH into the Ubunto machine and issue the APT remove Docker dot io. Yes. We would like to remove it and let's login here to our ansible machine. And we also need to apparently remove both from the Docker groups. So group membership, user settings. We have the visible and it is basically administrator. And now let's touch it. So now the Docker is removed and that's log off from the shell itself. And we need to notify the handlers that we would like to call. So it's either a single handler or the list of handlers. So first we would like to enable the darker and then notify the start Docker. Alright. And there must be a commands. So if I go back here to the Ubunto machine, so we also remove the user ID user. And CBO is part of the darker due to the successful script execution. So user month, dash, dash help. And we should have the remove. Let's grab for the remove. Though. That's not it. Alright, anyways, so basically what we would like to do is to execute displayable quants again. And we would like to install it occurred at i o. And we will see hopefully the handlers in action. No gain Docker is already enabled. And now if I go back to my Avon to machine, I should be able to issue the docker ps. And our task is currently over top. 27. Amas Lin handlers 2: And low there and the WACC, I'm OK. In this video we are going to take a look at another. Like Handler obeys the playbook. So what would, we would like to do now is to create something called Linux handlers that GMO. And here we would like to specify the hosts you want to become yes. Hall on gather facts. No. And basically what we would like to do is to install Apache T2 and enable it started and verify that the default port, which CAT is available. So and that's define our tasks. First, we need to install Apache two. So APD. And we would like to use the name apache to state latest. And we would like to specify, basically check Apache two, which is going to use the URI molecule with the specified URL, which will come from the HTTP inventory hostname. And it is going to be delegated to the local host. So we want to check from our NCBO machine whether the Apache is available. So this is one that we have gotten out of the way. The handlers are going to be as follows. So enable Apache and dopa, saw notify, enable Apache and start Apache. So what do we do in the neighbor opportunity? We use the system, the module with the name Apache two. And we say that enabled is yes. And we use the service module to say that the name of the Apache service to service is restarted. So now if everything goes well, we should be able to execute our NCBO playbook. Linux handlers could not find accept expected. When the column here, column here, here, hope bar, state. Alright, now on the aperture is getting installed. And by the time it completes, I would like to go ahead and open up a new browser. And this should HTTP colon slash us less Ubunto. And wallah. We have successfully installed, enabled and started Apache. And it seems to be working. So technically that is all I wanted to show you in this video. See you in the next time. 28. Amas Lin Asserting: Hello there and welcome back. In this video, we are going to use the assert statement, what module or from algebra. And this allows us to verify if configurations in place, whether a Web services available and whatnot. So basically we would like to create a playbook which is called test assert, the ammo. And here we would like to specify the host, which is going to be the, you wouldn't the machine. And the outcome is going to be S and gather facts is going to be no. And the tasks as follows. So the first task is to get the SSH D config. So we use the command module and we showed the caret SSH, SSH D config. And we register the output as SSH D config. And we would like to verify the configuration. And we used the assert manure. And we would like to assert that. What would we like to assert? So let's go to the Ubuntu machine and we check with the NSC, SSH, SSH D, config whether like the default port is 2020. So let's go back. And we would like to assert that the hashtag bought 2020 is in the S, S, S HD config. That S D out, that lines. Ssh D config std out, underscore lines. Alright, now if we run the following commands, so ansible playbook test assert at the AMA. And you can see that all assertions passed. But what we can do is to edit this and we can customize the messages. So basically we say that the success message is all in place. And the fail message is something is of. Now if we run the playbook once again, alarm. So we need to make this go on on the same level as the data statement. But if we rerun this again, success message not working. So we have the success message. Great, all in place. Now if we go to our machine and it's pseudo, we add it, the configuration and remove this section. Come on. Let's just remove the hashtag. So now it is not there. If you run this once again, we should see a failure stating that something is off. So this is one way to use the assert statement and we are going to have another video to give you a different perspective as to how you can use it to your advantage to you in the next one. 29. Amas Lin Assert 2: Hello there and welcome back. In this video, we are going to go with the second case that I have for the assert module of anti-war. So basically in this case, what we would like to do is to check whether an argument passed to the answer per playbook is within the allowed threshold. So test assert V2, YAML. And we would like to use the host. You want to. And the big Km is no. Gather facts is no. And the tasks is going to be check if arg is good. So I assert that. And we would like to assert that basically my ARG is less than or less or equal than 100. And if we run this playbook test, assert with my ARG equals to 99, then instances of string. And okay, we may want to remove this part. Hold on. Hint. Great. All right, so this leads to our next topic. So basically these are filters that you can pass. And when we pass an argument to an ansible playbook or a role, it is going to by default become string. And if you want to verify whether the value is appropriate and so on, you need to make sure that it's in the appropriate states. So you cannot compare apples to bananas, just like you cannot compare strings to integers. And this is what I wanted to demonstrate in this video. And see you in. 30. Amas Lin Jinja2: Hello there and welcome back. In this video we are going to take a look at how you can utilize the ginger two templating engine to create a custom index page for your aperture installations, regardless of whether you are on Debian order that had based distribution. So first what we would like to do is to create the index.js y2. And in the index.js y2, we will have an H1 tag. And this H1 tag is going to tell us that. Welcome to Apache two on inventory hostname. And we will have a paragraph saying that brought to you by Jean Java to templating engine. Let's close this paragraph and let's create another one. This machine belongs to tier. And we would like to have the tier variable substituted. And let's close this paragraph. So now we can create our, well basically playbook and so on, test ginger Apache that GMO. And what we would like to do is to specify the hosts, which will be the Linux group. And we need to become and we do not need to gather facts. And we will have a few tasks. So the first task is installed if Debian, Debian, and we will use a PT, and the name of the package is HTTPD or sorry, Apache two. And state is latest. When the NCBO OS family Z equal to IBM. And now we would like to have the install if Red Hat and we use the m and the name of the package is going to be HTTPD and the state is going to be latest. When then the bot IS family as equal to red hat. All right, now we assume that these packages get installed and what we would like to do is to ensure so lush and a blood service if the IBM. So we will use the system d. And the name is Apache two and enabled? Yes. And we will use the enabled. Service if CentOS or Red Hat. And we will use the system, the name, and it's going to be HTTPD and enabled. Yes. Alright, now we need our wine clause. So all as just copy and paste it. And we need to go the same way with the red hat as well. And now what we would like to do is to use our service module. And the service module needs to make sure that service is running. So on Debian and the service name, Apache 2x, and the state started. And we should just simply copy this IBM part. And name. Service is running on Red Hat and the service module. And the name is HTTPD. And the state started. And when the ansi below us family is read at. All right, now, we assume that our services are enabled and running. And as far as I know on Debian, it automatically configures the firewall rules. So we only need to configure this part on the Red Hat servers. So this saber firewall on Red Hat. And or just simply stop it, not disable for the demonstration sick. So service player or the and hold on. This is the name fire or the state stopped when uncivil OS family is read at. All right, now the next thing is that we would like to apply our template. And for this we need to create one variable. So I think you already figured it out. So tier, and we call it production. And now we need to copy that template. So copy template to war, WW, HTML, index.html. And the template module can be used for this. And the source is going to be indexed i, J2, and the destination is going to be the spot. And here comes the tricky part. The owner needs to be root, and the group also needs to be rude. And this is because by default, the root privileges are assigned for Apache. Of course, it's like a security best practice to change this user which runs the Apache, but we are not going to go in that direction. Alright, now if everything goes well, hold on. Let me check and see ansible hosts aha, CentOS. Now it should be fine. And we use the test Jean-Jacques Apache. Hold on. Sorry. So we need to gather the facts. Or at least First, we should catch defects in radius that we can deceive or like other effects. So gathering fast facts, installing if they're beyond, the CentOS escaped. And now if we go to the Ubunto machine and login, we should be able to PS AUX. Grip APT is a total denim. Cool. So one has failed. Docker cannot download or mirrors or try it. What? Instantly frat hat you want to escape. So system CTL status, HTTPD. Yum. Install, HTTPD. Wow, let me just yeah, repos Docker dot triple. And a bird is 0. Okay, now let's do this with sudo. Enabled is 0. Now let's try and re-run this one. So that's okay. And now the read head should succeed. Wow. So now if we take a look at our war WW index, HTML, index.html, you will see that we have successfully substituted here on the Red Hat machine, the template variables. And here if we take a look at the, the VOR WW HTML index.html, as you can see, it seems to be working. And now if I spin up a web browser, we should be able to hit these landing pages. So HTTP CentOS, Welcome to upper cheats. Do on CentOS production the HTTP Ubunto. Welcome to Apache 2x and you want to, so basically that was all I wanted to show you in this video and see you in the 31. Amas Facts Custom: Hello there and lacking. In this video, we are going to talk about custom facts. So they are useful because you can issue the N Z bar dash M setup CentOS command. And it will collect some built-in information as to how your remote machine looks like. And what we can do with the custom facts is to extend this functionality. So what we need to do here is to issue the ETC and z-bar facts that d. And this will create our folder, which is read by default, by ansible. And here we can create at first the custom, that fact. And we can just simply say that custom stuff, a, cos tan b equals whatever. And say that ansible dash M setup Centaurus a, which we will apply a filter NCBO local. And as you can see, it gives us back the NCBO local facts. And this is not an executable file. So what happens behind the scenes? It just goes out, tries to pause whatever information we have there. And since it's an ionised configuration file, it is able to understand what's in there. So let's create a test custom facts that TMR. And here we would like to say that the host is CentOS. The gather facts is Yes. And the tasks are going to be as follows. We would like to have the setup module filtered. So Setup filter equals two and Zippo local. And then what we can do is to reference whatever we have in the local variables. So what do we have here? And maybe it should be a question mark. So debug message is equal to and Zippo local. And that's, that's a start. So let's see what output we produce. So now we're gathering facts and you can see that we have the custom, the custom stuff, and the a and the B. So the customer is the file name that we created and the custom stuff is the section name. And inside there we have the key value pairs. So how do we reference, Let's say the custom or what we can do here. So it will become the property of the ansible local object. And now we should go one level deeper. So now we have the custom stuff. And if you want to go one level deeper as well, you can say custom stuff going up. Yeah, we can. And here we have the a and the B. So we can reference the a or not. And yeah, we can. So now this was like for the non callable version of custom facts. But if we want, we can go ahead and under the NCBO affects create the color ball. That fact. And here we would like to issue the bin bash and we would like to echo the following. So we have like a JSON format that we need to produce. So let's call it callable. Notice how I create these escape characters and callable value. And let's skip this one as well. So now what we need to do is to CH mod plus X. So it needs to be callable by the user, which is using NCBI to collect facts. So in this case, the ansible user. And if we go back to our custom facts, what we can do is to remove or let's say name, callable. And debug message is equal to and 0 local. And let's see, was the output here ansible playbook and get the effects. We have this here. And we can see that now we have this referenced by the script, which is a column effect. And we had the collar bone with the Colombo value. So we can go deeper. So if we want to say that we are interested in the call Libo, it will give us a different output. Great. So now you get the feeling as to how you can create custom facts and how you can get those facts and reuse them to you in the next one. 32. Amas Lin Jinja: Hello there and welcome back. In this video we are going to talk about the gene G2 templating engine. So the ninja engine is special because it allows you to use a, ansible control loops and variables to dynamically assign those values too, any kind of phi. So what I want to mean about this is that, for example, you could create dynamically a configuration file for an Apache web server or the end Unix based on input variables. So in this video, we are not going to go in that direction. What I would like to show you is that how you can create basically a simple ginger template and then apply it to the remote host. So let's call this Test on fiqh, show that J2. Here we will have a section and we will have a user which will be equal to username. And we will have a pass which is equal to the password. So this is all about J2 template. And what we would like to do now is to apply this template. So we apply template that EMO. And we would like to use the hosts. Ubunto become is no. Gather facts is no. And the tasks to be as follows. So name, apply template. And we would like to use the template. And the source is going to be our test configuration J2. And the destination is going to be under the home ansible config that INI. So this is an in-state configuration that we would like to apply. And we have a username, war. And and this is going to be Danielle and a password, which is whatever. So now, if I was to execute this ansible playbook, we would see the following. So it's not template but template. Now let's try to do this. So it was changed on the second time it should be okay. So let's open up a new prompt and SSH into Ru bone to your wound to machine. Now we can see the conflict that eye an eye on our, Let's say default folder. And if you check the content, what we see is that those variables are substituted. And this is not all that. For example, template can do. Let's say we would like to change it a little bit. So if we go back to our configuration, what we can do is to define something called for loop. So this goes between percentage signs and for i in range five. And we would like to use the item. But a bus substituted I is equal to worry about substitution i. And we would like to close the for loop. So this can be closed by using the end four. And now if we rerun this whole apply template, we should be able to do this unexpected. Well, hold on. We don't need the double braces. All right. Now if he kept the conflict at i and i, you will see that we have used a for loop to populate the key and the values sections. So I hope this gave you an idea as to how and what you can achieve with the ginger template. Of course, this may be the simplest way, but I just want to give you an idea. You could do conditionals and whatever you feel like doing. So, see you in the next term. 33. Amas CMDB: Hello there and welcome back. In this video, what I would like to show you is to how you can create Cmd B out of your, out of the output of the NCBO dash M setup your. So basically the setup is going to gather every single effect it can gather based on the operating system. And we can use the answer bus. See IMDB Python module to generate an HTML page. And this is what we are going to do. So let's install sudo, thus dash M star as c IMDB. Once this is done, we then create the output folder and we can issued and zebra dash M setup or dash, dash tree out. And once this is done, we will have the output folder populated with three files because we have three hosts, 2019 CentOS and the 12x machine. And what we can do now is to shoot ansi C IMDB on the output folder and create an over view that HTML. All right, now, if we check, we have this overview that HTML and you could configure apache engineers to serve this page. You can move it, adjust the privileges. But Python also has a built-in web server. So if he should a Python 3.6 dash M HTTP server, he will see that an HTTP server or started on the port 8 thousand. So let's move the overview to the index that HTML. And let's restart the server. And if we go ahead and open up a new browser, and here to the HTTP CentOS page on the port 8 thousand. And as you can see, we have the host overview. So we have the machine 2019 a CentOS and you want to be or the main ip is the operating systems, the virtualization stack and whatnot. And it also allows us to like filter based on different properties. So like kernel architecture, memory usage, swap usage has just done out of these one. And we could use the groups to which groups member. This is based on that. The physical, the risks, the number of interface is the product, name, the product Syria, and so on. So it's an easy and convenient way to create a CM DB and we'd have ansible and small Python module. So see you in the next one. 34. Amas Ubuntu Docker Setup: Hello there and welcome back. In this course, I would like to show you how you can set up Docker. So we can use Docker to build our own containers and basically manage containers on Docker with the half of ansible. So in the first setup video, I'm going to show you how you can do this with like there'll be MBAs versions and and you won't do. What you need to do in order for this to work is to prepare the M vitamins. So we already have a video about how to like deployed Docker. But there are additional setups which are necessary for the videos that I want to make about how you can manipulate containers. So let's adjust the font. Let's make it 20. Oh yeah, that's the sweet spot. So let's sudo. And if you check the Python version, so I would like to show you how you can build a container which runs a Python web app installed opponents and whatnot. And for this to work, what we need to verify is whether we have the people you'll installed and the Python dash M pip, freeze. We either get an arrow, there is no pig manure or we get the installed packages. So in order to fix this, so we use the APT install Python three, dash PIP. And this is going to go out, download every dependency that Pip has and configure it. And I think it's a pretty convenient. So now what we can and should do is to install with the PIP module, the Docker, Python when your, so if you are using anything before 2.7, you should install the Dukkha dash BY. Otherwise you should install Docker. And if you install both, it is not going to, it's going to give you like an ad on message that both modules are using the same namespace and it might lead to conflict or broken applications. So now that we have this out of the way, what we need to do is to install docker dot IO. And once the installation is complete, we need to make sure that our user, which is going to interact with docker, is added to the Dukkha group. So we are going to achieve this with user mode, Command and user mode, a Docker and Sibyl. And we would like to use the system CTR to start Docker and also to enable. And now we need to login here with the SSH. And basically that's it. So now we should be able to should the docker ps command docker images. So that was all I wanted to show you about the Ubunto setup. See you in the next. 35. Amas Ubuntu Docker App: Hello there and welcome back. In this video, we are going to create a Python web application and you would like to containerize it deployed on our evil machine. And basically just check if it's running appropriately. So let's create a folder called Docker. Last navigate into the darker folder. And what we need to create is an app, a PY and Docker file. So basically the Docker file is going to be our description as to how we would like to have that container built up. So for this to work, we are going to use the base image from Python B9, and we can label it. So labor, mine doin is me, be Pr pi. And what we can do is to run commands. And so we would like to pip install Flask manure. So Flask is a lightweight web framework which allows you to create web applications. And we would like to copy the app.use to the app.js. And after that, we would like to expose the 9999 port and have an entry point which is going to call the come on. The Python executable. We the app that PUI. And that's all. So it's going to be a pretty simple web application. I just want to show you the concept. Alright, now, we should be able to create our web application so that PY. And here what we would like to do is to import from the flax manure, the flask class. We create the application. By instantiating this class. We'd done their score, so double underscore name. And for the app, we can define routes. So this route is going to be our default contexts route, which is called Index. And we will simply return the welcome to Docker and python dot. And let's create another one for a slash hello, def hello. So you may start seeing a pattern here. So basically we can define contexts, route, and associate them with the function. So this is going to act like a decorator. And now we would like to say that I'm just not on text route dot. Alright, so let's make this executable. So if the underscore name is equal to main. And then we would like to call the app.use function with the host equals to 0 that 00 and the port equals to 9999. And the debug is equal to true. Alright? Just to make sure that this is working, we would like to have it tested. So have that PY. All right, it seems to be working. So let me just grab a browser and try to hit this. So HTTP CentOS. And in 99, alright, seems to be working and hello is also working. Great. Now we have a Docker file, we have application. All we need to do is to go out and say that we would like to build this as a container. So in the GitHub you will have the steps documented that basically, we would like to create a Docker image that GMO. And here we would like to specify the host as Ubunto. Do become is yes. The gather facts is no. And we have a couple of tasks to do. So. We need to copy Docker file, and we need to copy app dot p y. And we need to build the web app. So the copy might be familiar to you because in previous videos I have shown you how you can copy to Windows and Linux targets. So we are going to use the copy module. And the source is going to be the Docker file, and the destination is going to be damp Docker file. And the same goes for the app dot p. So our source is going to be ab that PY and the destination is going to be tamp app dot p. So now we have moved our dependencies to that machine. And we can use the Docker image to build this container. So we need to name the container, which will be web app. And we need to specify the build, the path where the Docker file is hidden. So we use the Temp folder. And we would like to have the source as below. Alright, now we should be able to execute our playbook. So Docker, image, MO, Kopi, humble yield, and so on. And we are fine. So now if we go back to our Ubunto machine, we can issue the Docker images. And as you can see, we have a web app which was built as a container. So now if he should docker run there HD web app, dash b 999. And this should docker ps. We should be able to see that this container is up and running. Now what we would like to do is to add another step. So if we go back to our Ubunto machine and this should the docker ps, we can kill the container based on the id. And once it is killed, we have an empty list. So now if he added the Docker file or the playbook itself, is we can add a name, run the app. And the docker container is the module that we are going to use. And basically we would like to use the name. Hold on. Indentation is important. So web app and the image is web app. And we would like to specify the state started and the ports like this. So 999999. Great. Now we can rerun our Docker image. And if everything goes well, we can see that the application is now up and running. So let's go back to our browser and try to hit the Ubunto machine. So now the container is up and running and it is searching the requests on the specific port. So the hello is also working. And technically that is all I wanted to show you and see you in the next one. 36. Amas Ubuntu Docker Info: Hello there and welcome back. So in the previous video, we have deployed our Python web application inside the container and run it and verify that it is working as we expect it to work. Now what we would like to do is to learn about another module. So this is going to be called Docker host in for that Yammer. So basically this module allows you to retrieve specific information from your Docker host. And you could use this knowledge to customize your playbooks as to how you build your containers. Because you may be in a situation when you have a wide range of different versions of Docker. And not necessarily all of them are going to like work as you expect them to work. So let's create our hosts, which is going to be the Ubunto. And we don't want to become. And the gather facts is now. And we will have two tasks. So the first task is to gather host in full, and the second task is to show host info. All right, so what we can do now is to gather this information with the docker host in full module and register the result. And we, the second task, we can use the debug manure and present this hosting for as we have registered it. So as the result, now, what we can do is to execute our playbook. So ansible docker host info. And technically what you see here on the output is the nifty details as to how the Docker looks like from NC bus perspective. So I don't know, we have this API. We have every details about the host's information. So you may have a situation when you are using a 32-bit host. You may have a situation when your current Dockerfile is so new that on older environments to own paran. So we also have this information, how many containers are running, how many or stop or paused, or a total number of containers? What is the operating system of the host? So you may build your containers differently based on the operating system as well, which is a very unlikely situation. So in this video, basically that was all I wanted to show you. And if you want to know how you can use this information, you should refer back to the defect videos when I shown you how you can access the content of the Godard facts and the variables which are in the facts. So see you next time. 37. Amas Ubuntu Docker Net: Hello there and welcome back. This is going to be another Docker video. So in this video, what I would like to show you is to how you can use the darker network info module. And this module is able to give you an insight as to how your Docker network is configured. And basically, this is able to provide you with, this is IV or decision points, which you can use in your playbook as to how you would like to create your docker image or run your Docker container. So let's call this Docker net info, that TMR. And we would like to use the host. You won't do. The become is not necessary. The gather facts is not necessarily either. And as for tasks, we will have two tasks. So get darker network info. And the second one is going to be show Docker network info. All right, so for the show part, you may already have guessed that we are going to use the debug module. And we will use the message and just simply print out whatever the Docker that variable has to offer us. So we can use the Docker network info. And we call it like name or web app. And the register, the results as Docker NAT. All right, now what we can do is to use the ansible playbook darker NAT info that GMO. So currently we do not see any formation about this. Because basically what we need to do is to have like this. I don't know, network specified. So let's go back to our playbook and call this Docker 0. Okay? Now if we shoot the duck and network and we showed the ls command, we should be able to see the name of these networks. So basically the name of our network is going to be bridge in this situation. So if you want information about the bridge network and we should use that specific name. And we could have information about the host. So on that's edited. Let's call it host. So as you can see, it is going to give us information as to when it was created, was the driver, was the ID and whatnot. So basically that was all I wanted to show you in this video. See you next time. 38. Amas Docker Container Info: Hello there and welcome back. In this slide we are going to take a look at how you can retrieve container information from your remote systems. And basically what we would like to do is to go out specified to the playbook which container we are looking for and get as much details as possible. So let's call it the info that GMO. And we create the host, which is going to be able to, they become is not necessary. The gather facts is not necessarily. And let's see what our first task would be. Get the container in full. And we can use the Docker container in full and specify container. So basically, we can Aad an argument here, and let's call it web app. This was the container that we have built and we would like to register the output. And if we execute this playbook, we will not really see too much on the screen as it is just going to save whatever was captured inside that variable. And now what we would like to do is to show the output. And the debug module can be used for the and now our message is going to be output. And let's rerun this playbook once again. And the Zynga and see, it is more like talkative in this case. And we can see that hold on. We have the entry points defined. We have the path variable, Python version, the paid version, and whatnot. So basically we also see the maintain, the host name, the image, and whatnot. And for example, what we could also do is to check whether container exists. So lets, we can leave it here. So what we can do here is to create a check if egg exists. And the debug is going to be a little bit different. So this is like conditional expression. And basically what we would like to say is the container. And here we would like to substitute the web up and we would like to create this condition. So if exists in output Xist, then we would like to, sorry, we would like to print this if it exists. Otherwise, we would like to print the not present. Great. So argument that bubble is not iterable. What there was to be a dipole. Hold on. This way. The container web app exists. So the second thing that I would like to do here is to basically restructure this. So let's go to the end, hit an Enter, and we show the details. If Xist. And let's make this like an argument. So this goes between quotes CONT and get the container info for CON D. And we would like to say that the container CONT exists and COMT goes here. And basically we use the debug menu. And the message is going to be the output, that container. When the output exists. Alright, now, we should be able to run our playbook container info with extra argument count, a web app. And as you can see, we have the details and we have the container web app exists. And one last thing, we need to try, non Xist. Great. The container non Xist is not present and we are skipping the print part. So technically that was all I wanted to show you in the studio. See you. 39. Amas Docker Container Vol: Hello there and welcome back. In this video we are going to talk about how you can manage your Docker volumes. We'd have a fancy bulb. So let's jump right into it. Container volumes that GMO and there's always hosts. You want to become is not necessarily gather, facts, is not necessary. And first task is to create volume. So in order to achieve this, we can use the Docker or lung volume. And we need to name our volume. That's a web app storage. And basically that's it. So docker volumes allow you to provide persistent storage to your containers. And let's say if we run this, we will already see that the volume is there. And if you login with our ansible user account and issued a Docker volume. As you will see, that this is the web app storage. And just as easily we can create the volume, we can uncreate it so deleted and all that we need to do is to provide the state absent. But we are not willing to do that at the moment. What else we could do is to provide like more detailed information as to how our volume should look like. So create be our DFS volume on path. And we use the Docker volume. The name is the BER DFS storage. And we need to specify the driver options. And it expects us to specify the type, which is the BER, d, fs, and the device which is going to be called like dev as a nine. Now, if we run this playbook, we should be hold on device. So now if we go back to our Docker volumes, you will see that we have this BR DFS storage and the dev as the nine. So basically this is how you can create your own volumes and manage them. See you in the next video. 40. Amas Win Local Disk Info: Hello and welcome back. In this video series, we are going to continue our journey with ansible mastery. And we have already seen how you can interact with Linux machines. How you can interact with network devices, how you can interact with Docker containers. And now the time has come for us to take a journey inside RAM of Windows. So basically, I would like to separate this into two distinctive situations. One is when you have a domain joint machine and the other is when your machine is not doing joint, because NCBI has different modules for that. And if you go to the NCBI documentations official page, you should look for the 2.9 version because that's the only one I can guarantee this demonstration or videos will work. But you can search for the Windows manuals. And here you will find all the built-in modules that may be able to have you as to how you can automate the situation or the problem that you have. All right. Now, let's say we would like to gather the disk facts that GMO, and we will use the host 2019 a. And basically this is a host which is a simple domain, not DO enjoy machine. So let me show you. So here you see the advanced systems that things that we are the member of the work group, which means we are not domain members and we just save it. So if you shoot ends but dash m, when being 201980, you will see that we get back a Pong. And basically it means that our authentication is working and it is working because under the ETC, ansible hosts, we have assigned this machine to the Windows group. And if you check the group variables, when you will see that we have this setup which should allow us to a kid with the machine. Great, now let's get back to our playbook. So what we need to do is to not become anything. I will have a separate video explaining why. Like Become yes is not like a smart thing to do. So gather facts should be no. And we will have two tasks. So first, we need to get the disc information. Then we need to present this information. And we have a module just for this. So here you have the disk facts. And if you visit the official guide, you will see that the wind disk fats is just a simple module call. And here we can use the debug module to present the message will reach, we'll be populated by the as facts. Alright. Now if he should ansible playbook when this fact we have a typo as o s. So name, Deeper message. Gather facts. Now become No. Well is the ad or come on when this fact. So so it's like plural because there are multiple effects that we are getting. So now, as you can see, we scroll up. We have like mad, just this information together, but basic information about our basically the machine itself. And here in the Disk section, you will see what kind of volumes we have, what kind of location it has was the model, was the PFI system was size. So imagine a situation when you need to create a playbook to clean up this space. And you could use this information to customize your playbook. And technically that was all I wanted to show you in this video. See you next time. 41. Amas Win Local User: Hello there and welcome back. In this video, we are going to continue our journey on the Windows platform. And imagine that you are in a situation when a new physical or virtual machine is deployed, you need to provision local users, be the service account, administrator account or whatnot. So basically what we would like to do here is to create a playbook that is going to allow us to create new users with the standard default password, which can be changed as they are communicated to our customers. So let's call this when loca user.email. And we would like to use our host 2019. The become is not necessarily the gather facts is not necessary. And what we would like to do is to create a single task which is called provision users. How do we provision users? So basically what you can do is to visit the documentation and you have the when user module. So the wind news or module takes at least two arguments. So the first one is going to be the name, then the password, and by default state is present. And if you want, you can specify which groups member it should be. So now let's say we would like to do like multiple ones. But first we are going to just demonstrate that you can go with it for a single user. So I don't know, as the agent, the password is going to be start exclamation mark 123. And just to be concise, the state is present. And now if we execute our local user that TMR, what we can do is to check the machine, whether the user was created. So if I go to my Windows machine, I can see, if I go open up a command prompt, spin up the local user manager MMC console. There does the agent is present and currently it's not member of anything. So that's kind of fix it. So that's open up our locker user and state that the groups is going to be users. Let's rerun this playbook. And check to see whether the membership is present here. So users as the agent number of users. All right, now, our problem is that when you have not just one request, but multiple like default users that you want to provision. This is that a viable solution because what you will do at first, at least what I have done is to create multiple tasks for each user. And the better solution for this is to go and use the width items. And let's call this group default users. And let's create this group under our old ITM of fire. So VI at sea and support groups, all that demo. And we say that the default users are as the agent, be QA agent. And how do we call it monitoring? De Shu and so on. So now if we go back to our locker users, what we can do is to modify our description for the task. So let's call this item. And here what we would like to do is to specify the item as well. So what it will do now is to iterate over each and every user in that in group or list and provision them separately. So let's see this in action. So as you can see, the users are getting created with appropriate or default group membership. And whatcha whites running so slow. But anyway, if we refresh this view, we can see the additional users. And the advantage of using this approach is that you have like a requirement to add a new default user. You just extend your list. If you want to have like default user removed, then just deleted from the list. And this, this basically gives you like separation from the playbook. It's sad because the playbook is only going to process this list. And that way you can only add it. You only have to edit this list and it will be reflected on the playbook execution. So t u in an axon. 42. Amas Win Local Groups: Hello there and welcome back. In this video we can, we are going to check out how you can manage local groups on your Windows machines. So let's create a wind local groups that GMO, and basically we would like to use the hosts. 201980. The become is not necessary and gather facts is not necessary. And tasks are going to be as follows. So that's provision, group. And now what we would like to do is to use the group module. And here we can specify a name for the group that we would like to provision. So as the Jan. And what we would like to say that it says a description group for service desk members. And that's basically it. So if you have this, you are able to provision a group. And once that group is provisioned, you could the provisioning your users which are a member of the specific group. But the same goes for here as it does for the users. So if you specify the ansible group force or that TMR and default groups. You could say that as the agents and B Q agents and test asians. And what we could do now is to transform our playbook and simply say this. But this has, so we would like to use the width items. And we specify the list or group. And we say that this is the item. And we don't need this description because we didn't specify group. Now if we rerun the local groups that demo, you will see that all the groups which we have in our list are going to be provision. And you could use to logically separate users and give them specific permissions. But technically that was all. I wanted to show you about managing local groups. So from now on, and what we will do is to use answerable to manage domain joined machines. So see you in the next. 43. Amas Win Domain Users: Hello there and welcome back. In this video we are going to talk about how you can use, well, let's say ansible against domain joined machines. So if login to our CentOS machine first, we need to make sure that our variables are all in place. So currently, what I have here is the 2019 machine, and I have promoted it to domain controller. And it's just basically Our next next finish installed. That's why I didn't create like a separate video for it. But if you go ahead to our this PC properties, advanced system settings, compute their name, you will see that we are now in a domain. So what changes from NCBI's perspective? The first thing is the content of the group force when that GMO, because we need to change though in our RAM transport to carriers. And then ansible user needs to have this username at domain approach. So now we have this out of the picture. The NCBI dash m when being should succeed or don't start readies. Okay, now it must succeed. And it succeeded. Okay, so what is specific about NCBO and you are using it against domain joined machines. Well, first you get a chance to use a module is associated with domains. So basically, you could manage computers in the Active Directory, Users, groups, group memberships, domain memberships, and so on. So first, let's create a domain user. So as always, I encourage you to visit this documentation or you could use the ansible doc as I have shown you before to query a specific topic. But now let's try and create new user in our well ansible domain or Windows domain. So for example, if we want to provision, let's call it when domain user that Yammer. Let's say we have a task to provision a new domain user for the companies, which we work for when there isn't new commerce. So we hire someone, they need access to our domain and we have the task to provision and you use that. Of course you could say that. All right, I have the privilege to login into this machine, open up the Active Directory Users and compute this right-click and so on. But you know, the like the world is moving towards automation. And the most things you can automate, the more valuable you are on the job market. This is like an opinion based on my personal experience. So take it as you wish. So become is no, gather facts is no. And the tasks that we have is the following provision. New colleague with default password. Alright, so what does the documentation say? So here you can see like a fully-fledged, I don't know, boron or this module. To be honest, I have not seen a company who like fill in all these details. Maybe that's my, my problem. But basically, what we need is like this minimal setup. So first, we need to use the wind and domain user. And let's call this user newcomer. And it should have a password which they need to change when they login. So start exclamation mark 123, and we can specify the state as present. And last specify the groups. So by default, the domain users should suffice. But if you have like special colleague who needs more access, of course you could adjust these groups. And I have shown you a video in my previous ones when you can use the awed at Yammer to specify a list of users. And my challenge for you is to create a playbook which allows us to take an argument. And that argument will be the group membership or the list of group membership. And based on the target element, the group membership of the newcomer will be assigned dynamically. So you need to either use the order TMR or the wind that TMR to define this list. And you can experiment with this. So now if everything goes well, but as you have experienced, I make a lot of typing errors. We should be able to provision this new colleague. And it should have like a default password. So let's go back to our domain controller, check the new users. And here we have the newcomer to it, the member of the domain users. So unless the policy specifies otherwise, domain user should be able to login to any machine which has member of dough and unless it's a domain controller because that has By default stricter policy. And most companies like restricted, we'd like the Remote Desktop users group. So only members of those of that group are able to login. But technically, and this is what I wanted to show you, tune. 44. Amas Win Domain Groups: Hello there and welcome back. In this video we are going to talk about how you can modify the group membership of basically any object on Windows domain. And technically what we need to do is to create a playbook, specify the object name or user name, and state which groups member each should be. So let's jump right into it. We, I win domain and group that TMR. And we would like to execute it on the hosts 2019. The become is not necessarily know gather facts is no. And let's say we would like to assign a newcomer to the enterprise Admins group. So that's sine newcomer to the nth admin group. So we need to use the windowing group membership module, ship module, and that the name is going to be new comer. And we say that the members or hold on the end prize admins and the members are going to be new. And that is an important switch, which I want to remind you. So basically if you don't specify that you would like to, this is the pot. So basically, if you specify the pure and the present is default. So if you specify pure, then only the enlisted members we will present in the domain group, which can be programmed problematic, but on the other hand, it can enforce specific membership. So it's really up to you which one you would like to use. But the state currently is going to be present. Now, if we run we danceable playbook, these nano, we should be able to go back to our domain controller. And after login, we should be able to see that this is the member of the enterprise Admins group. So basically this is how easy it is to manage and doing group memberships. And that was all I wanted to show you in this video. 45. Amas Win Domain Chrome: Hello there and welcome back. So now you may get the idea that I'm only going to show you the default modules which you can use for trivial problem solution. But let's say that you have a task to install the latest Chrome browser onto your remote machines. You can do that with NCBO. So if here you search for Darwin, get URL. What you can do now is to download something from a remote like destination. And what we would like to do is to create the hour when Chrome install that Yammer. So first, what we need to do is to specify the host. The become is not necessarily, the gather facts is not necessarily either. So what are the tasks? But the first task is to download Chrome installer. So we can use the wind get URL module for this. And we need to specify the wetter and the destination. So let's try to grab some Chrome offline installer. So we are going to go here. Offline installer, alternative, Chrome download. Great. So now we need to like, try and show what we have downloaded. Copy the link address, paste it in our browser. And you see it starts to download. So the URL is good. Now we specify this URL here, grid and the destination is going to be see them. Chrome standalone setup, xy or xy might not be the best solution. Hold on. Msi or right. Copy link address. All right. Copy this link address. No, it's not going to show us. It's a zip come on. Chrome offline, Easter MSI download. So. But this is the setup that XC, okay, let's try to make this work. So we would like to place it in the thumb folder under the Chrome standalone setup that xy. After this is done, or rather before this is done, we need to make sure that we have a folder called dump and it's going to fail. All right, we have the Temp folder. Now, what we need to specify here is the following. So we would like to invoke the installer. So let's call it name in Voc, the installer. And this is the when package. And we specify the path which is going to be this one and less make this double backslash. And that's called is Product ID. And this is the product ID from the URL. So I guess specified this way. And we would like to wait for the process. And now let's try and simply executed so ansible playbook when Chrome installed that YAML. So first we are going to download the Chrome installer, and now we are going to invoke the installer. It's so when you are like using this offline installer, you need to take some time in your playbook. So this is why it's taking like forever. But you can see that the Chrome standalone setup 64 is already there. And we are waiting. So let's see the app with that CPL. Whoa, we seem to be making progress and we just have to wait. Let's just check it on the task manager. So p is DOM performance. We are not really making too much progress. That's just close these. No. Ok. And the installation is now complete. So you can use like as birth for more complex tasks. And this was what I wanted to show you in this video to you in the next one. 46. Amas Windows Domain Wshark: Hello there and welcome back. In this video we are going to take a look at how you can deploy Wireshark, which is like an actor analysis tool on your Windows machines. So basically what we need to do is to grab the Wireshark installed. So if I go here, I have an older version which is not supposed to work at the moment. But if you go to the download page when 64 and just pick the latest, copy, the link address. And let's formulate our playbook. So when they come in via shark, that GMO. So the host, as always going to be 2019, it'll become is not necessary that gather facts is no. And we would like to have a few tasks. So first, the task needs to grab via shark from WEB. And we need to use the win get URL. And the URL is going to be this one. And the destination is going to be C dump Wireshark. That MS. I. Okay, now that we have successfully downloaded the Wireshark, what we also need to do is to grab the n map tool, which is like a dependency for offline install. And here we should be able to grab the latest one, which is lined up so that it XC. Okay, we are going upwards. 5080. Oh boy. Copy this link address. And we would like to name this as Grab and map from web. So when get URL. And the URL that we would like to use is as follows. And the destination is c. Damp. And map that xy. Alright, now if we execute this playbook, so ansible playbook, we should have under the tab after it has executed the Wireshark and basically the unmapped. Downloaded. So let's run into our Windows machine with the password that we have. All right, we are still at the Chrome we deal. So this piece, he see them. Wow, we have the Wireshark and the nmap completed. So how do we install these packages? What we need to do is to go back and edit our domain Wireshark playbook, and basically called the installers. So what we would like to do is to install and map. And we would like to call the wind shell. And I'm going to copy paste this one for you, but you will have it on the GitHub as well. Right? Now we don't need the unease tostring. Come on. We need the install string 12. So start process. And basically this is, the start process is a PowerShell command that, and we would like to involve the m up xy with the silent argument without a new window. And after this has completed, we can install Wireshark. And this is done in the following manner. So via shock has the dependency of M nap. So what we would like to do is start a process. And when Shell column by two. And we have this Wireshark dot MSI. And basically this is all that we want to do. And if we invoke the ansible playbook, we should be able to grab the Via sharp, grabbed the n map, invoke the nmap. And by the end of this process, we should be able to check the application wizard. And so we are installing the n nmap. Great. And the ones this was installed, we should be able to see. Wireshark or the MPI kept pace. There was installed NMAC. So basically we could like have this ignore errors. So when you are installing the M map, it is going to reset your network interfaces so the ignore arrows, the AST is like something that is suggested to be performed. And we are downloading this one. And the n map is currently getting installed. And we are still waiting for it. Now. What process failed? Due to an arrowed A1A2 intuited to application. So we have downloaded the MSCI, bought. What if we download the x C? So let's go back here. Yeah, download page between 64 and the xc itself. So Let's go ahead and 12 u at L. This is the Xc. Xc once again. And Xc. That's rerun this once again. Yeah. So basically the axes should work. So Wireshark has a dependency from and map and you need to have it installed beforehand. But when you install hint, you will have an arrow which you can safely ignore because it will reset the network interface. But after ignoring the CR or we should be able to install Wireshark executable. And this is what we are like waiting for at the moment. Or it didn't the arrow on us. So we are like almost good to go. Let's see. So on the Windows machine. Oh boy, we are seeing the Wireshark getting installed. Great. Now if you start via shock, it should work. So basically that was all I wanted to show you in this video. So there may be situations when you need to ignore add words to make sure that your playbooks succeeds. And this was one of a kind to you in the next one. 47. Amas Ansible Galaxy: Hello there and welcome back. In this video we are going to talk about how you can extend your Ann's about infrastructure with the half of ansible galaxy. So ansible galaxies basically solution which allows you to create new modules, hold on this one, and install new ones. And so for example, if you visit the NCBI galaxy.com, you will find different sections like system development, networking and packaging. And if you go to the system part, you will see the like most rated as a galaxy modules that you can use to install different staff with the half of ansible. And this galaxy has like and installation guide and installed version and so on. And the staff which, which relates to answer the galaxy itself. So for example, if we would like to go back and install the G and S three ends the word galaxy module. What we will do is to control c and control v. And basically it is going to go out to ansible galaxy repository and try to install what we have there. And after it was installed, we could use it natively as you would for any other NCBO module. So as well, it's not just like concrete solution for like a problem that you have, but it allows you to extend that solution with your own custom solutions. It might sound strange, but wow, name or service now, HTPS API. Oh, it seems to be an available. But basically, if you go to the ansible that galaxy.com, you will see the connection collections. You will be able to click on them. And then based on documentation, install any of the provided by your switch or third party. So not native to ansible or that. So this was all I wanted to show you and see you next time. 48. Amas CentOS Docker Setup: Hello there and welcome back. In this video, I would like to show you how you can set up Docker on your CentOS machine. Lets SSH into our CentOS machine. And first what we need to do is to acquire the route pump. Then we need to install with the star dash y yum utils. After that, we will use the EM Configuration Manager. And basically we will add the Docker CE Community Edition repository. After this is done. Then maybe some kind of hiccup in the repository itself. Because if we were to install, yum, install dash y container, the I0. And after that, if we were to install the doc C, we will have like this dependency mismatch. So in the GitHub repository you or find the exact command. So we were manually download from the stable packages a newer version. And after that, we should be able to install the Docker C and the C, c, l. So that's kind of the tricky part of this setup. But once we have the appropriate container, the installed, we are good to go. Come on. And basically if you want to interact with the Docker modules of ansible, you also need to make sure that for the appropriate Python version, you have the Docker module installed. So in my case, let's first just installed a Docker CE CLI, and the darker sea. And after this is done, we are going to continue. So almost there. Let's add with the user month, Daesh, Aedes, G Docker and CBO. And we would like to use the system CTL start Docker. And the system CTL enable Docker. And now we need to use the Python 3.6 dash M B pins star Docker. And now if we log off and login, we should be able to shoot a docker ps. And now we are ready to go and use the Docker. We are answerable. So see you in the next time. 49. Amas Win Docker Install: Hello there and welcome back. In this video we are going to talk about how you can set up Docker on your Windows machines. So basically, what I would like to show you is how you can download Docker install executable. Oh no. And I would like to download the darker executable and install Docker on the local machine. So let's go back and try to login to our Windows machine and issue the domain membership password. And after this is done, what we can do is to open up our Google Chrome, to open up it. And the specific node. So let's go back to Google Chrome and paste our installer. And we can go to the docker stuff. Let's get the stable one. On. Yeah, can send the cookies. Oh, we are already downloading. So this shouldn't and that's wait for this to be lying down with it. Come on. Let's show this in the download for the US. Yes, we want to enable the Hyper-V. And once this is done, we should be to issue the docker ps and Docker images and any kind of Docker command that we feel like issuing. So basically this is like a Jolie Joker installer. And we can go ahead and wait for this to complete. And after this is completed, we can show the Docker related commands. So that was all I wanted to show you in this video. 50. Amas Win Docker Action: Hello there and welcome back. In this video we are going to talk about how you can use as well to manage Docker containers on Windows systems. And the first thing that you will like the start to hate is that when you are running against the Windows systems, you are not able to use the native Docker modules because it's only supported on Linux systems. But there is a workaround for that. So I have my Windows machine started. And about Docker, what you need to make sure is that you appropriately assign resources and you need to make sure that you enable the virtualization of the CPU Features. Otherwise, the Docker service will not be able to start USE. Some error message, cannot start a container or whatnot. And basically you need to make sure that you check these boxes. After you check them. You can go to the Dukkha stuff about Docker that gives you an information. And you can also go to the settings page and make sure that you adjust your settings at the resources. And you need to assign like appropriate amount of memories and CPUs, otherwise this will not start. So I have reduced this to one gigs of memory swap. One gig disk image can be stay or can stay as it is, and the two CPUs are fine. So now if I open the command prompt and issue the docker ps, I see that there are no containers running. Now, how do we I didn't want to bring up the Preferences. So how do we create a playbook? So that's called is Docker when that Yammer. So basically we would like to use the hosts 201980. The become is not necessarily together. Facts is not necessarily. So the tasks are as follows. So name is issue, docker ps. So we use the wind command to run the docker ps command and the register, the output. And then we create another task to show the output. And we use the debug module with the message from the output variable. So output. And now if we go back and run with ansible playbook, we should be able to receive that. There are no containers running. So it's not like you could use a native modules. You need to use either the wing commander, we shall. And just as another example. So let's run the hello world and reuse the win command. Docker. Run that HD has low World and register. The hello. And the name is going to be show the output. So debug message. Hello. Great. Now if we rerun this playbook, we should see the docker ps is output and we should see after a while, something that happens in the Docker containers. So we have pulled down the HelloWorld and we can see in the output there. So this is how you can basically run your Docker containers or managed them on Windows machines to you in the next one. 51. Amas Vault: Hello then and the WACC, I'm back. So in this video we are going to talk about ends Above Walt and the NCBO. Walt is going to allow us to encrypt our playbooks. So let's say that we have like vault C, correct? That GMO playbook. And what we would like to do here is to execute on the 2019 a machine, the become is not necessarily the gather facts is not necessary. But we would like to have secret stuff that we would like to preserve as secret. So Wars and user, which is I don't know, and CBO. And the password, which is start exclamation 123. And the tasks are going to print these credit shows. So user and bus vote. And we use the debug module with the message. And we just simply would like to print the user colon password. And let's try to execute our playbook. So ansible playbook seems to be like and then error. Is it? So we have the host. So this is the type of adder. And we were able to provide this output. So now if we want to hide those variables and their values, what we can do is to use NCBO, walt, and gripped. And we can use the vault secret memo. It will ask for us with the password. So start exclamation mark quanta three. Start exclamation or quanta three. And now if a cat, the vault secret that GMO, we will not get back any sensible output. But if you would like to execute with the ansible playbook, the vault, we can issue the ask volt pass. And we can specify the password for the vault. And it will be able to execute this playbook. So this is all I wanted to show you. So this is how you can hide, like your playbooks from the canines and make sure that what is secretive stays a secret. Cnn axon. 52. Amas The End: Hello there and welcome back. This is the final video of this course. So don't forget that you have a GitHub repository. You can refer back to, to visit what you have MY meals or you have like some questions that you want to ask from me. So basically I have created the GitHub repository to answer most of your questions. But if you have any other questions, you can hit me up on LinkedIn on this name. And if you have like, I don't know, technical questions, so whatever you feel like asking, you should definitely come and ask it from me. And if you have completed this course, you're going to go ahead and try to make a new connection with me and I would be happy to like indoors you for the answer bar mastered that you have become. So. That is all. Thank you for taking my course and see you in my next one. By. 53. Amas Strategies: Hello there and welcome back. In this video, we are going to talk about strategies in ansible. So strategies specify how each task is executed in your playbook. You can execute this playbook against one host or multiple hosts. And strategies come into picture when you have like multiple machines to manage. And the strategies can be configured globally on the NCBI CFG file. And here, if we storage for strategy, you will see that there is a strategy plugin which allows you to install an already existing strategy plugins or create your own strategy plugins. And below that you see that the strategy is currently set to linear. So by default it's linear, but you can specify three. Strategy. And free means that each host can raise through the tasks as fast as possible. And this is what I'm going to demonstrate. Now. Let's create a strategy is GMO. And our hosts are going to be the line x machines. And together facts is no. And the tasks are going to be like a few commands. So first, second, third. And let's issue the command. Who am I? The other command, uptime. And the third command should be the f dash H, So some free-space checking. Okay, now, if we execute, you can see that the first task is executed on both of the host and the second task and a third plus. So this is what the linear means. Now if we check the answers were config and change it to F3, we will see all or let me search for it. Let's change it to free. How does it change? Basically our execution. You will not see any change at the moment because the execution of the tasks, like they take the same time, but it will come in handy when you don't need to synchronize how the tasks are executed. You just let the playbooks run, lead the hosts around through the tasks as fast as possible. And that was all I wanted to show you in this video. See you. 54. Amas Mitogen: Hello there and welcome back. In this video, we are going to talk about how you can speed up the execution of playbooks against unix machines. And here comes into the picture, the login module for ansible. And it's basically like a redesigned Unix connection layer and very easy to set up. And in my experience, the playbook. So at the company where I'm working at least twice as fast as before my integer, which is pretty neat. So we need to grab the tar.gz file with the W get command. And after it was downloaded, we need to extract it x, f, v, z nitrogen. And we can move MV nitrogen and Etsy and Zippo. And after navigating here, what we need to do is to, let's remove the nitrogen version. And inside here we will see like, I don't know, Python module. And basically what we also need to do is to specify in danza configuration file that we would like to use this as a plugin. So what do we need? Is the straw that G plugin. And this is plural and Etsy and zip nitrogen. And by default it is going to use the strategy which is mighty Janet linear. And if we want to use this, we need to make sure that the previous setting for the strategy is commented out so we don't have to strategy specified. And let's call this nitrogen. Alright, now, if we want, we can ping the line looks group invalid. Well, let's just comment this one out. And wallah, it was almost instant. I know it's not like a real demonstration, but you can experiment it, read it in your own environment. So that was all I wanted to show you in this video. See you in the next one. 55. Amas AWX: Hello there and welcome back. This is going to be split video. So first part, I'm going to show you how you can basically install the upstream project version of the NCBO tower. So this is going to give you a rest API based task engine, which is built on top of ansible and it's from the upstream project of the NCBO tower. The as-built tower is like the commercial version, but you have the option to use the free one, which is like the base of the answer but tower. And what I really like about this is that it's fully containerized and it is built with ansible playbook. So if that's not like full ansible and I don't know what it is. So what I did is to adjust my machine settings and give it a bit more juice. So now we have eight gigs of RAM and four V CPUs. So let's jump right into it. First, what we would like to do is to install some dependencies. Since we already have Docker installed, we will skip that part for now, but I'm going to include the steps inside the GitHub readme. So first thing first, we should install these dependencies. These are also going to be unlisted. It these are order the installer that I didn't want to take up too much of your time regarding this. We already have Docker installed and it is running and we need to install the docker compose with pip disordered installed. And now what we need to do is to clone the whole AWS repository, which will kind of take some time depending on your internet connection. But after it was cloned, we have an inventory file that needs to be edited. So we're going to do that. So let's navigate under a wx installer and open up the inventory file. And here first what we would like to do is to look up the PG admin password. And this is the password for the Postgres sequel. And I'm like the worst person. So this is going to be the password I'm giving it because this is a testing item and and you already know that if you are using something in production, you need to make sure that you secure it as much as possible. The second thing that we have rewritten is the admin password. And now we're going to save it and use the OpenSSL with the rent base 6430 characters too. Generate a secret key. So the secret key is going to be required as well. And by default it's not really secure. Alright? Once this is done, what we need to do is to finally verify our inventory. And as you can see, we have this configuration settings about was the hostname, hostname Webb, was the password, admin user admin password possibly use opposed gray passes so you could like customize any how you like it. And we are ready to execute our playbook with the inventory and the in style VMO. And, and one other thing, it will require the HTTP port, which is port 80. So if you have any like apache or engine X installed, you should stop it. You should also stop and the reddish in stars. If you have it running. Otherwise, the installer is going to be going to fail because that is ordered the process using that specific port. But now we are starting the containers. And if we go with another window to the CentOS machine, we will be able to issue the docker PS. Wow. And it seemed to be starting the containers fine. And after the first start, what AWS is going to do is to upgrade itself and update its database and whatnot. So now the playbook has finished and I am able to visit the websites. So basically HTTP, my hostname, port 80. And you see that AWS AX is upgrading. I don't want you to sit over this. So see you in the next one. Oh, and there was one I think that I wanted to show you. So basically, if you navigate to the, that a wx folder with the root, so cd root folder ate up UX, wx compose. Then you can issue the docker, compose logs dash F. And it is going to show you whatever is happening inside the head of a WX. And basically, after everything is completed, you will not see these all these locks flowing. So that was all. 56. Amas AWX Hands on: Hello there and welcome back. In this video, I want to give you a hands-on practice. We dance but tower or a wx. So let's jump right into it. We need to navigate to our CentOS machine and go to the root that AWS, AWS compose. And here the Docker Compose is going to allow us to bring up our, let's say containers. And the containers are which are working in tandem to provide the AW x are defined in the docker compose gamma. So this is a m of phi which well basically defines how each of the containers should look like and act like and behave like. So here we have these tasks defined. Here we have the we have the services defined via this version definition. But if we issue the docker compose up dash d, it is going to start both or all of our containers. And if we check with the docker ps, we can see that it has been up for yeah. It was spin up. So it does pretty fast. And what we would like to do is to bring a browser window and simply go ahead and HTTP CentOS. Wow, and we are in. So basically now what we can do is to well visit our web interface. So under dashboard currently we see that we have on project one inventory and one host. This is the default. If you go under the inventories and demo inventory, we will have the local host machine configured. And under the host we can select the localhost and how long can use it. Yeah, I'm clicking on the wrong commands. Here we can select a module which we would like to run the command width. And basically, let's say who am I? What am I? And we will have this bain which shows us the status of this jobs. And it is currently alike getting scheduled and whatnot until this is done. What I would also like to show you is that you can issue the docker compose logs, dash f, that is going to fill out, follow the logs and show us what's happening behind the scenes. So now if we go back to this command, we will see that this is green and it was done with two seconds. So sometimes this web UI freezes and you just simply go back to the job site and refresh. So if the status is green, it was successful. If it's red or yellow, it has different status. So as a bird tower or AWS, allows us to group our users into teams and assign different permissions. And for the organizations, we can also create this abstraction layer when we define themes for organizations and manage them from their, Alright, we can create new users and so on. We have different credential types. So basically we can specify credential types for Windows machines, DOM enjoyed Windows machines, Linux machines, network devices, and so on. Then we could apply that credential type to a group of machines. And what that. So this is not like fully fledged tutorial of a wx. I'm just speaking what comes to my mind based on my experience. So now, how about we add the new machine so that we don't want to follow the logs anymore and just being the one to machine. So this is the IP address that we would like to use. And we would like to go to the hosts and click on this plus sign name the host Ubunto. And here under the variables we defined ansible host, which is going to be its IP address. Then super user, which is going to be ansible and NCBO password. Start exclamation mark 123. And this is you boon to 2004 Ts machine. Great. Now we can save this host. And once we have saved the host, we have the possibility to run commands. So let's not add on them, but rather run. So we would like to cut the ads, see, OS release and just launch it. Hmm, hmm, well now it seems like it's freezing, but it seems to be executed successfully. And here we have the results. And so as you can see, this is really, you want to add IAS machine and you could add with the same technique, Windows machine and that device and so on. But if you are like designing an inventory for an organization, you should ensure that inventory is like reusing lagged credential damps if they like the same or whatever. And technically, that is all I wanted to show you. And as a last thing, we simply don't just kill the containers because that would have terrible consequences. What we can do is to issue the docker compose stop. And it would take care of that each container is gracefully shutdown. And that was all I wanted to show you. See you in the next.