Red Hat SummitChapter 27. Managing systemd units by using RHEL system roles
By using the systemd RHEL system role, you can automate certain systemd-related tasks and perform them remotely. You can use the role for the following actions:
- Manage services
- Deploy units
- Deploy drop-in files
27.1. Managing services by using the systemd RHEL system role
You can automate and remotely manage systemd units, such as starting or enabling services, by using the systemd RHEL system role.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Create a playbook file, for example
~/playbook.yml, with the following content. Use only the variables depending on what actions you want to perform.Copy to Clipboard Copied! Toggle word wrap Toggle overflow --- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Perform action on systemd units ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_started_units: - <systemd_unit_1>.service systemd_stopped_units: - <systemd_unit_2>.service systemd_restarted_units: - <systemd_unit_3>.service systemd_reloaded_units: - <systemd_unit_4>.service systemd_enabled_units: - <systemd_unit_5>.service systemd_disabled_units: - <systemd_unit_6>.service systemd_masked_units: - <systemd_unit_7>.service systemd_unmasked_units: - <systemd_unit_8>.service--- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Perform action on systemd units ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_started_units: - <systemd_unit_1>.service systemd_stopped_units: - <systemd_unit_2>.service systemd_restarted_units: - <systemd_unit_3>.service systemd_reloaded_units: - <systemd_unit_4>.service systemd_enabled_units: - <systemd_unit_5>.service systemd_disabled_units: - <systemd_unit_6>.service systemd_masked_units: - <systemd_unit_7>.service systemd_unmasked_units: - <systemd_unit_8>.serviceFor details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile on the control node.Validate the playbook syntax:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook --syntax-check ~/playbook.yml
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook ~/playbook.yml
$ ansible-playbook ~/playbook.yml
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile -
/usr/share/doc/rhel-system-roles/systemd/directory
27.2. Deploying systemd drop-in files by using the systemd RHEL system role
Systemd applies drop-in files on top of setting it reads for a unit from other locations. Therefore, you can modify unit settings with drop-in files without changing the original unit file. By using the systemd RHEL system role, you can automate the process of deploying drop-in files.
The role uses the hard-coded file name 99-override.conf to store drop-in files in /etc/systemd/system/<name>._<unit_type>/. Note that it overrides existing files with this name in the destination directory.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Create a Jinja2 template with the systemd drop-in file contents. For example, create the
~/sshd.service.conf.j2file with the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow {{ ansible_managed | comment }} [Unit] After= After=network.target sshd-keygen.target network-online.target{{ ansible_managed | comment }} [Unit] After= After=network.target sshd-keygen.target network-online.targetThis drop-in file specifies the same units in the
Aftersetting as the original/usr/lib/systemd/system/sshd.servicefile and, additionally,network-online.target. With this extra target,sshdstarts after the network interfaces are actived and have IP addresses assigned. This ensures thatsshdcan bind to all IP addresses.Use the
<name>.<unit_type>.conf.j2convention for the file name. For example, to add a drop-in for thesshd.serviceunit, you must name the filesshd.service.conf.j2. Place the file in the same directory as the playbook.Create a playbook file, for example
~/playbook.yml, with the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow --- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Deploy an sshd.service systemd drop-in file ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_dropins: - sshd.service.conf.j2--- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Deploy an sshd.service systemd drop-in file ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_dropins: - sshd.service.conf.j2The settings specified in the example playbook include the following:
systemd_dropins: <list_of_files>- Specifies the names of the drop-in files to deploy in YAML list format.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile on the control node.Validate the playbook syntax:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook --syntax-check ~/playbook.yml
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook ~/playbook.yml
$ ansible-playbook ~/playbook.yml
Verification
Verify that the role placed the drop-in file in the correct location:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible managed-node-01.example.com -m command -a 'ls /etc/systemd/system/sshd.service.d/'
# ansible managed-node-01.example.com -m command -a 'ls /etc/systemd/system/sshd.service.d/' 99-override.conf
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile -
/usr/share/doc/rhel-system-roles/systemd/directory
27.3. Deploying systemd system units by using the systemd RHEL system role
You can create unit files for custom applications, and systemd reads them from the /etc/systemd/system/ directory. By using the systemd RHEL system role, you can automate the deployment of custom unit files.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions on them.
Procedure
Create a Jinja2 template with the custom systemd unit file contents. For example, create the
~/example.service.j2file with the contents for your service:Copy to Clipboard Copied! Toggle word wrap Toggle overflow {{ ansible_managed | comment }} [Unit] Description=Example systemd service unit file [Service] ExecStart=/bin/true{{ ansible_managed | comment }} [Unit] Description=Example systemd service unit file [Service] ExecStart=/bin/trueUse the
<name>.<unit_type>.j2convention for the file name. For example, to create theexample.serviceunit, you must name the fileexample.service.j2. Place the file in the same directory as the playbook.Create a playbook file, for example
~/playbook.yml, with the following content:Copy to Clipboard Copied! Toggle word wrap Toggle overflow --- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Deploy, enable, and start a custom systemd service ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_unit_file_templates: - example.service.j2 systemd_enabled_units: - example.service systemd_started_units: - example.service--- - name: Managing systemd services hosts: managed-node-01.example.com tasks: - name: Deploy, enable, and start a custom systemd service ansible.builtin.include_role: name: redhat.rhel_system_roles.systemd vars: systemd_unit_file_templates: - example.service.j2 systemd_enabled_units: - example.service systemd_started_units: - example.serviceFor details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile on the control node.Validate the playbook syntax:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook --syntax-check ~/playbook.yml
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible-playbook ~/playbook.yml
$ ansible-playbook ~/playbook.yml
Verification
Verify that the service is enabled and started:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow ansible managed-node-01.example.com -m command -a 'systemctl status example.service'
# ansible managed-node-01.example.com -m command -a 'systemctl status example.service' ... ● example.service - A service for demonstrating purposes Loaded: loaded (/etc/systemd/system/example.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2024-07-04 15:59:18 CEST; 10min ago ...
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.systemd/README.mdfile -
/usr/share/doc/rhel-system-roles/systemd/directory
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}