Skip to main content

Using Ansible Modules to Manage Scheduled Tasks in Your Environment

Hands-On Lab

 

Photo of Rob Marti

Rob Marti

Linux Training Architect I in Content

Length

00:15:00

Difficulty

Intermediate

Cron jobs are a tool that help admins automate things. The downside is that configuring them across hundreds of systems is a daunting task. Ansible has a module to help here as well. This lab will help you understand how that module is configured.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using Ansible Modules to Manage Scheduled Tasks in Your Environment

Introduction

Cron jobs are tools that help administrators automate things. The downside is that configuring them across hundreds of systems is a daunting task. Ansible has a module to help here as well. This lab will help you understand how that module is configured.

The Scenario

Recently the security was breached on the webservers in our environment. One of the postmortem findings was that the breached servers were not up to date with current security patches. Because of this, we've been tasked with writing a playbook that sets up three Cron jobs, and then running the playbook on every server in our environment. These are the three Cron jobs:

  1. Running yum update weekly
  2. Executes /usr/bin/status upon reboot:
    • This command will check in with your monitoring system and give a current status of critical services and their package versions.
  3. Running /usr/bin/faillock_report at 7:30AM on Mondays, Wednesdays, and Fridays (to report excessive login attempts)

Logging In

Use the credentials provided on the hands-on lab page to get into Server1 to begin with. Since we need root privileges, let's just run sudo -i right off and become root.

Write a Playbook to Create a Weekly YUM Update Job in Cron

Let's create our playbook (with vim cron.yml) and put in some initial playbook text:

- name: Cron jobs
  hosts: all
  become: yes

  tasks:

Now, that play calling for a YUM update every week will look like this:


  - cron:
     name: "Weekly YUM Update"
     special_time: weekly
     job: "/usr/bin/yum update -y"

Write a Playbook to Execute /usr/bin/status on Reboot

This section of your playbook should look like this:

  - cron:
     name: "Reboot Status"
     special_time: reboot
     job: "/usr/bin/status"

Write a Playbook to Execute /usr/bin/faillock_report at the Required Time

This section of the playbook should look like this:

  - cron:
     name: "Faillock Report"
     job: /usr/bin/faillock_report
     weekday: "1,3,5"
     minute: "30"
     hour: "7"

This is the last section, so we can run the playbook now:

ansible-playbook cron.yml

Conclusion

In the output of that command, we'll see various plays doing their thing. And if we log into webserver1 (with ssh absible@webserver1) we can check to see what's gone on. Become the root user (sudo -i) and have a look at the cron jobs with crontab -e. This will show that all three jobs we needed set up are in fact set up. Congratulations!