Red Hat SummitChapter 3. Example: Automate Red Hat Enterprise Linux firewall configuration
This example demonstrates how the Ansible plug-ins can help Ansible users of all skill levels create quality Ansible content.
As an infrastructure engineer new to Ansible, you have been tasked to create a playbook to configure a Red Hat Enterprise Linux (RHEL) host firewall.
The following procedures show you how to use the Ansible plug-ins and Dev Spaces to develop a playbook.
3.1. Learning more about playbooks
The first step is to learn more about Ansible playbooks using the available learning paths.
-
Click the Ansible
Aicon in the Red Hat Developer Hub navigation panel. - Click Learn and select the Getting Started with Ansible Playbooks learning path. This redirects you to the Red Hat Developer website.
- If you are prompted to log in, create a Red Hat Developer account, or enter your details.
- Complete the learning path.
3.2. Discovering existing Ansible content for RHEL system roles
Red Hat recommends that you use trusted automation content that has been tested and approved by Red Hat or your organization.
Automation hub is a central repository for discovering, downloading, and managing trusted content collections from Red Hat and its partners. Private automation hub provides an on-premise solution for managing content collections.
-
Click on the Ansible
Aicon in the Red Hat Developer Hub navigation panel. - Click Discover existing collections.
Click Go to Automation Hub.
- If private automation hub has been configured in the Ansible plug-ins, you are redirected to your PrivateHubName instance.
- If private automation hub has not been configured in the Ansible plug-ins installation configuration, you will be redirected to the Red Hat Hybrid Console (RHCC) automation hub.
In this example, you are redirected to the RHCC automation hub.
- If you are prompted to log in, provide your Red Hat Customer Portal credentials.
Filter the collections with the
rhel firewallkeywords.The search returns the
rhel_system_rolescollection.
The RHEL System Roles collection contains certified Ansible content that you can reuse to configure your firewall.
3.3. Create a new playbook project to configure a firewall
Use the Ansible plug-ins to create a new Ansible Playbook project.
-
Click the Ansible
Aicon in the Red Hat Developer Hub navigation panel. - From the Create dropdown menu on the landing page, select Create Ansible Git Project.
- Click Choose in the Create Ansible Playbook Project software template.
- Fill in the following information in the Create Ansible Playbook Project page:
| Field | Required | Description | Example value |
|---|---|---|---|
| Source code repository organization name or username | Yes | The name of your source code repository username or organization name. |
|
| Playbook repository name | Yes | The name of your new Git repository. |
|
| Playbook description | No | A description of the new playbook project. |
|
| Playbook project’s collection namespace | Yes | The new playbook Git project creates an example collection folder for you. Enter a value for the collection namespace. |
|
| Playbook project’s collection name | Yes | This is the name of the example collection. |
|
| Catalog Owner Name | Yes | The name of the Developer Hub catalog item owner. It is a Red Hat Developer Hub field. |
|
| System | No | This is a Red Hat Developer Hub field. |
|
- Click Review.
- Click Create to provision your new playbook project.
- Click Open in catalog to view your project.
3.4. Creating a new playbook to automate the firewall configuration
Create a new playbook and use the RHEL System Role collection to automate your Red Hat Enterprise Linux firewall configuration.
-
In your Dev Spaces instance, click
. -
Enter
firewall.ymlfor the filename and click OK to save it in the root directory. Add the following lines to your
firewall.ymlfile:--- - name: Open HTTPS and SSH on firewall hosts: rhel become: true tasks: - name: Use rhel system roles to allow https and ssh traffic vars: firewall: - service: https state: enabled permanent: true immediate: true zone: public - service: ssh state: enabled permanent: true immediate: true zone: public ansible.builtin.include_role: name: redhat.rhel_system_roles.firewall
You can use Ansible Lightspeed with IBM watsonx Code Assistant from the Ansible VS Code extension to help you generate playbooks. For more information, refer to the Ansible Lightspeed with IBM watsonx Code Assistant User Guide.
3.5. Editing your firewall playbook project
The Ansible plug-ins integrate OpenShift Dev Spaces to edit your Ansible projects. OpenShift Dev Spaces provides on-demand, web-based Integrated Development Environments (IDEs).
Ansible Git projects provisioned using the Ansible plug-ins include best practice configurations for OpenShift Dev Spaces. These configurations include installing the Ansible VS Code extension and providing access from the IDE terminal to Ansible development tools, such as Ansible Navigator and Ansible Lint.
OpenShift Dev Spaces is optional and it is not required to run the Ansible plug-ins. It is a separate Red Hat product and it is not included in the Ansible Automation Platform or Red Hat Developer Hub subscription.
This example assumes that OpenShift Dev Spaces has been configured in the Ansible plug-ins installation.
Procedure
In the catalog item view of your playbook project, click Open Ansible project in OpenShift Dev Spaces.
A VS Code instance of OpenShift Dev Spaces opens in a new browser tab. It automatically loads your new Ansible Playbook Git project.
