HP-SPP - firmware patch..

 HP-SPP
Go to software location
# cd /repo/HP/SPP

Mount the image
# mount -o loop PL6....gen10spp...iso /tmp/a
# mkdir /hpspp
# rsync -av /tmp/a/ /hpspp/
# cd /hpspp; ./launch_sum.sh
SUM uses /var as log dir. does not have write/exec permission

# more launch_sun.sh
# vi ./packages/smartupdate

look for noexec and put double quote on "$MOUNT_TEMPDIR " - These are 2 places

result=`mount | grep -i "$MOUNT_TEMPDIR "

# nohup ./launch_sum.sh &
# cat nohup.out
get the url

# xhost +
# firefox
past the URL and follow the step

select
- localhost guided
- interactive
- next next
- deploy

once done, reboot

If it prompts for password
# ps -ef | grep sum
# kill <PID>
# rm -rf /var/tmp/sum

Or using cdrom

burn burn iso to cdrom and get external cdrom

plug in to your server.

login to ILO console

reboot the machine .

press F10 or F11 to boot from cd .. pick the best option

select external cd or something

and just follow the steps

How to export as a root user on RHEL7

 [sam@master ~]$ xhost +

[sam@master ~]$ xauth list

[sam@master ~]$ echo $DISPLAY

[sam@master ~]$ sudo su -

[root@master ~]# xauth list

[root@master ~]# xauth list server:  MIT ..cookie.. dd2....

[root@master ~]# xauth list

[root@master ~]# firefox http://mywebsite.com

Ansible Questions

This is not mine!!!

finded in net

may be have errors!

putted AS IS

source: https://cloud.tencent.com/developer/article/1573527

translated from google

 

RHCA DO407

1. Install and configure Ansible
Install and configure ansible and ansible control node control.labx.example. com is as follows:
Create a named/home/student/ansible/inventory, static inventory file as shown below:
2.1 servera is the dev host group members

2.2 serverb is the test host group members

2.3 serverc and serverd, and then is the prod host group members

2.4 serverb is balancers the hosts of the group a member

2.5 prod group is webservers host-group members

3. Create a named /home/student/ansible/ansible.cfg configuration file,as shown below:

3.1 host inventory file /home/student/ansible/inventory
3.2 the script in the role of the position is defined as /home/student/ansible/roles
Practice environment in the workstation, log in the student user,the exam environment in remote_user = matthew,here is devops

Answer
1. Switch to the student user, creating the ansible and the role catalog

su - student
mkdir-p /home/student/ansible/roles
cd /home/student/ansible
2. Edit the inventory file

[student@workstation ansible]$ cat inventory 
[dev]
servera
[test]
serverb
[prod]
serverc
serverd, and then
[balancers]
serverb
[webservers:children]
prod
3. Edit the ansible configuration file

[student@workstation ansible]$ cat ansible. cfg 
[defaults]
remote_user = devops
inventory = /home/student/ansible/inventory
roles_path = /home/student/ansible/roles
ask_pass = Flase

[privilege_escalation]
quiet=True
become_method=sudo
become_user=root
become_ask_pass=False
4. ping test

[student@workstation ansible]$ ansible all -m ping
serverd, and then | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}

servera | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}

serverb | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}

serverc | SUCCESS => {
 "changed": false, 
 "ping": "pong"
}
2. As a system administrator, you need to in a managed node is installed on the software
Create a named /home/student/ansible/adhoc.sh shell script that runs an ansible ad-hoc command on each managed node to create a yum repository, as shown below:

The name of the repository is: exam_rhel
Description is: EX407 software
The basic URL is: http://rhgls.labx.example.com/rhel
Enable GPG signature checking
GPG key URL is: http://rhgls.lab.example.com/rhel/RPM-GPG-KEY-redhat-release
6. Enable the repository
Answer
1. Create a repository script,note the url where the url is the practice environment of the url,not the above topic test url,your own environment is rhel7. 5

[student@workstation ansible]$ cat adhoc.sh 
#!/ bin/bash
ansible all -m yum_repository-a 'name=Exam_RHEL description="EX407 software" baseurl=http://content.example.com/rhel7.5/x86_64/dvd gpgcheck=yes gpgkey=http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
2. Change the script permission and execute the script

sudo chmod 755 adhoc.sh && /adhoc.sh
3. Check the yum source is configured

ansible all-m shell-a 'cat /etc/yum. repos. d/Exam_RHEL. repo'

[student@workstation ansible]$ ansible all-m shell-a 'cat /etc/yum. repos. d/Exam_RHEL. repo'
serverc | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software

serverb | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software

servera | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software

serverd, and then | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software
3. Install the package
The installation package create a file called/home/student/ansible/packages. yml script

In dev, test and prod host group on a host to install php and mariadb packages
The development tools package Group is mounted to the dev host group on a host
In the dev host group on a host to update all packages to the latest version
Answer
1. Edit package. yml file

[student@workstation ansible]$ cat package. yml 
---
- hosts: dev,test,prod
tasks:
 - name: install php and mariadb
yum:
 name: "{{ item }}"
 state: present
with_items:
 - php
 - mariadb

 - name: install group Dev
yum:
 name: "@Development Tools"
 state: present
 when: ansible_hostname in groups["dev"]

 - name: update
yum:
 name: "*"
 state: latest
 when: ansible_hostname in groups["dev"]
2. Check the syntax

ansible-playbook-2.7 --syntax-check package. yml
3. Verify that the installation no

[student@workstation ansible]$ ansible dev,test,prod -m shell -a "rpm -qa |egrep 'php|mariadb'"
serverb | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64

serverd, and then | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64

serverc | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64

servera | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64

4. Using a RHEL system roles
Install timesync, the role of the package,the download address http://materials/timesync-1.0.1.tar.gz

And create a file called/home/student/ansible/timesync. yml script:

On all managed hosts running on the
Use timesync role.
Configure the role to use the time server 172. 24. 1. 254(in our lab is 172. 25. 254. 254)
The role configuration for the iburst parameter is set to enabled
Answer
1. To install this role,here with the yum install not,can only use the ansible-galaxy way to install

sudo yum install-y rhel-system-roles
2. Writing software source address

cat get_timesync. yml 
- src: http://materials/timesync-1.0.1.tar.gz name: linux-system-timesync 
3. Install timesync into the roles/directory

ansible-galaxy install-r get_timesync. yml-p roles/
4. Write the script file

cat timesync. yml
- hosts: all
vars:
timesync_ntp_servers:
 - hostname: 172.25.254.254
 iburst: yes

roles:
 - role: linux-system-timesync
5. Detection of syntax, the real implementation, see the effect

ansible-playbook --syntax-check timesync. yml
ansible-playbook timesync. yml
ansible all-m shell-a 'chronyc sources'

servera | SUCCESS | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 77 46 -14ms[ -16ms] +/- 18ms
5. Install and use the role
Use Ansible Galaxy to create the name for the/home/student/ansible/roles/requirememts. yml

Download later and install in the/home/student/ansible/roles under

1. Downloadhttp://materials/haproxy.tar.gz, the role name should be the balancer

2. Downloadhttp://materials/phpinfo.tar.gz, the role name should be phpinfo

Answer
1. Write requirements. yml script

cat requirements. yml 
- src: http://materials/haproxy.tar.gz
 name: balancer

- src: http://materials/phpinfo.tar.gz
 name: phpinfo
2. Install roles to files

ansible-galaxy install-r /home/stuednt/ansible/roles/requirements. yml-p /home/student/ansible/roles
6. Create and use a character
According to the following requirements in the/home/student/ansible/role create a named apache role

Copy the default template directory to the/tmp/custom/,and add the templates directory,create a role, specify the template directory to/tmp/custom
Install the httpd package, start when Enable, then start
Firewall is enabled and use the Allow access to web server rule to run
A template file index. html. j2 exists, used to create files /var/www/html/index.html the output is as follows:
Welcome to {{ FQDN }} on {{ IPADDRESS }}

Create a named/home/student/ansible/newrole. yml

The script on the webservers host-group host to run on
Answer
1. Initialize the apache roles directory

ansible-galaxy init apache --init-path /home/student/ansible/roles
2. Go to this directory,and create a templates directory(not only created)

cd /home/student/ansible/roles/apache && mkdir templates
3. Edit the task script file

[student@workstation apache]$ cat tasks/main. yml 
---
# tasks file for apache
- name: Install httpd
yum:
 name: httpd
 state: present

- name: Start httpd
service:
 name: httpd
 state: started
 enabled: yes

- name: start firewalld
service:
 name: firewalld
 state: started
 enabled: yes

- name: firewalld permits http service
firewalld:
 service: http
 state: enabled
 permanent: true
 immediate: yes

- name: create /var/www/html/index.html
template:
 src: index. html. j2
 dest: /var/www/html/index.html
 setype: httpd_sys_content_t
4. Edit the page template file

[student@workstation apache]$ cat templates/index. html. j2 
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4. address }}
5. Edit start role script

[student@workstation ansible]$cat /home/student/ansible/newrole. yml
---
- hosts: webservers
roles:
 - apache
6. Check the syntax,execute the script,see the effect

ansible-playbook --syntax-check newrole. yml 
ansible-playbook newrole. yml 

curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12

curl http://serverd
Welcome to serverd.lab.example.com on 172.25.250.13
7. Make Ansible Galaxy created role
Create a roles. yml script file

In the balancers host to deploy the balancer role

The webservers host-deploy phpinfo role

Answer
1. Edit the script file

cat roles. yml
- hosts: balancers,webservers
roles:
 - { role: balancer,when: "ansible_hostname in groups['balancers']" }

- hosts: webservers
roles:
 - phpinfo
2. Test, the real execution of the script

ansible-playbook-C roles. yml
ansible-playbook roles. yml
3. Detection operating results

[student@workstation ansible]$ curl http://serverb
Welcome to serverc.lab.example.com on 172.25.250.12

[student@workstation ansible]$ curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12

[student@workstation ansible]$ curl http://serverb/hello.php
Hello PHP World form serverd.lab.example.com

[student@workstation ansible]$ curl http://serverc/hello.php
Hello PHP World form serverc.lab.example.com
8. Create a partition
Write a script location in the/home/student/ansible/partition. yml,on all hosts on the run,requirements are as follows:

In the vdb,and create a primary partition,numbered 1,size 1500MiB
Formatted into ext4 file system,hanging on to /newpart
If you are unable to create the requested partition size, you should use the error message “Unable to create the size of partition”, should be displayed, but should be using the size of 800Mib the
If the device vdb does not exist, the error message "disk is not present" it should be displayed
The pseudo-code logic

if vdb is exist 
try:
 fdisk vdb size=1500Mbib && mkfs.ext4 mount /dev/vdb1 /newpart
rescue:
 fdisk vdb size=800Mbib && mkfs. ext4 mount /dev/vdb1 /newpart
else
 echo does exist partion vdb
Answer
1. Write the partition script

[student@workstation ansible]$ cat partition. yml 
- hosts: all
tasks:
 - name: "1. test vdb is exist"
 shell: ls /dev/vdb
 register: msg
 ignore_errors: yes

 - name: "2. if vdb not exist output error msg"
debug:
 msg: "the vdb is not exist"
 when: msg is failed
 failed_when: msg is failed

 - name: "3. create partition size of the 1500MiB"
block:
 - name: "3-1. create a vdb1"
parted:
 number: 1
 device: /dev/vdb
 part_start: 1MiB
 part_end: 1500MiB
 state: present

rescue:
 - name: "3-2. show error msg"
debug:
 msg: "clound not create partition of that size"

 - name: "3-3. create a 800MiB" 
parted:
 number: 1
 device: /dev/vdb
 part_start: 1MiB
 part_end: 800MiB
 state: present

 - name: "4. create filesystem" 
filesystem:
 dev: /dev/vdb1
 fstype: ext4

 - name: "5. create directory"
file:
 path: /newpart
 state: directory
 mode: '0755'

 - name: "6. mount device"
mount:
 src: /dev/vdb1
 path: /newpart
 fstype: ext4
 state: mounted
3. To see the effect

[student@workstation ansible]$ ansible all-m shell-a "lsblk"
serverb | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk 
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk 
└─vdb1 253:17 0 799M 0 part 

serverd, and then | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk 
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk 
└─vdb1 253:17 0 799M 0 part 

serverc | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk 
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk 
└─vdb1 253:17 0 799M 0 part 

servera | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 40G 0 disk 
└─vda1 252:1 0 40G 0 part /
vdb 252:16 0 1G 0 disk 
└─vdb1 252:17 0 799M 0 part 
8.1 create and apply a logical volume
In the/home/student/ansible/create a lv. yml file,let it in all the hosts on the run,requirements are as follows:

Create a logical volume size 1500MiB,from the research in the volume group to
Use ext4 to format this logical volume
Achieve boot automatically mount to the/data directory,only the host is qa only can
If the logical volume size cannot be created,the output error information
Could not create logical volume of that size

And use 800MiB size to create a logical volume

If you research this volume group does not exist,then output an error message:does not exist
Answer
1. Create a research of the volume group,the default does not exist,to create the

A A to all hosts on the go to create

2. Write the script file

[student@workstation ansible]$ cat lv. yml
- hosts: all
tasks:
 - name: 1. check research is exist
 shell: vgdisplay research
 register: res
 ignore_errors: yes

 - name: 2. output error msg if research Center VGROUP not exist
debug:
 msg: "The research volume is not exist"
 when: res is failed
 failed_when: res is failed

 - name: 3. create 1500MiB logical volume
 block: 
 - name: 3.1 create lvx
lvol:
 vg: research 
 lv: lvx
 size: 1500m

rescue:
 - debug:
 msg: "3.2 Could not create logical volume of that size"

 - name: 4. create 800MiB size logical volume
lvol:
 lv: lvx
 vg: research
 sieze: 800m

 - name: 5. format logical volume
filesystem:
 dev: /dev/research/lvx
 fstype: ext4

 - name: 6. create directory
file:
 path: /data
 state: directory
 ignore_errors: yes

 - name: 7. mount to /data
mount:
 path: /data
 src: /dev/research/lvx
 fstype: ext4
 state: mounted
 when: ansible_hostname in groups['qa']
9. Generate a host file
Download http://rhgls.labx.example.com/materials/hosts.j2 to /home/student/ansible (the exam environment without can download a template file,needs its own to write)
Completion of the template, so you can use it for each stock generated by the host and /etc/hosts format the same row of the file.
Create a named/home/student/ansible/host. yml script,use this template in the dev host group on a host to generate the file/etc/myhosts. yml
After completion, the dev host group on a host/etc/myhosts file should be as shown below
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4

::1 localhost localhost. localdomain localhost6 localhost6. localdomain6

172.25.250.11 serverb.lab.example.com serverb

172.25.250.10 servera.lab.example.com servera

172.25.250.12 serverc.lab.example.com serverc

172.25.250.13 serverd.lab.example.com serverd, and then

Answer
1. First, copy hosts to hosts.j2

[student@workstation ansible]$ sed '3,$d' /etc/hosts > /home/student/ansible/hosts. j2
2. At the bottom add the following code,note the bottom loop inside the code is one line finished.

[student@workstation ansible]$ cat /home/student/ansible/hosts. j2 
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4
::1 localhost localhost. localdomain localhost6 localhost6. localdomain6

{% for host in groups['all'] %}
{{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }}
{% endfor %}
3. Write the script file

[student@workstation ansible]$ cat /home/student/ansible/hosts. yml
---
- hosts: all
tasks:
 - name: copy j2
template:
 src: hosts. j2
 dest: /etc/myhosts
 when: ansible_hostname in groups["dev"]
4. Detection of the syntax,the analog test is performed,the real implementation of

ansible-playbook --syntax hosts. yml
ansible-playbook-C hosts. yml
ansible-playbook hosts. yml
5. To verify the results

[student@workstation ansible]$ ansible dev-m shell-a 'cat /etc/myhosts'
servera | SUCCESS | rc=0 >>
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4
::1 localhost localhost. localdomain localhost6 localhost6. localdomain6

172.25.250.11 serverb.lab.example.com serverb
172.25.250.10 servera.lab.example.com servera
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd, and then
10. Modify the file content
Create a named/home/student/ansible/issure. yml script as follows:

The script runs on all hosts
the playbook will be/etc/issue contents replaced with a single line of text, as shown below:
2.1 in the dev host group on a host, content:Development

2.2 in the test host group on a host, the content:test

2.3 A in the prod host group on a host, the content:Production

Answer
1. Write a screenplay

[student@workstation ansible]$ cat /home/student/ansible/issue. yml 
---
- hosts: all
tasks:
 - name: replace content1
copy:
 content: "Development"
 dest: /etc/issue
 when: ansible_hostname in groups["dev"]

 - name: replace content2
copy:
 content: "Test"
 dest: /etc/issue
 when: ansible_hostname in groups["test"]

 - name: replace content3
copy:
 content: "Production"
 dest: /etc/issue
 when: ansible_hostname in groups["prod"]
2. Detect grammatical,simulation execution,real execution

ansible-playbook --syntax-check issue. yml 
ansible-playbook-C issue. yml
ansible-playbook issue. yml
3. To view the run results

[student@workstation ansible]$ ansible all-m shell-a 'cat /etc/issue'
serverd, and then | SUCCESS | rc=0 >>
Production

servera | SUCCESS | rc=0 >>
Development

serverc | SUCCESS | rc=0 >>
Production

serverb | SUCCESS | rc=0 >>
Test
11. Create a web content directory
Create a named/home/student/ansible/webcontent. yml playbook. yml as follows:

playbook in dev host group of Managed nodes running on the
Create the directory/webdev with the following requirements:
2.1 the webdev group members

2.2 permissions:owner=read+write+excute, group=read+write+excute,other=read+excute

2.3 special permissions:set Group ID

创建文件/webdev/index.html it's content is:Development,will/webdev link to/var/www/html/webdev
Answer
1. Edit the script file

[student@workstation ansible]$ cat /home/student/ansible/webcontent. yml 
- hosts: dev
 the heart: true
tasks:
 - name: 1. Install httpd
 yum: 
 name: "{{ item }}"
 state: present
 with_items:[ httpd,firewalld ]

 - name: 2. Start httpd
service:
 name: httpd
 state: started
 enabled: yes

 - name: 3. start firewalld
service:
 name: firewalld
 state: started
 enabled: yes

 - name: 4. firewall permits http service
firewalld:
 service: http
 state: enabled
 permanent: true
 immediate: yes

 - name: 5. create a group
group:
 name: webdev
 state: present

 - name: 6. create a directory
file:
 path: /webdev
 state: directory
 group: webdev
 mode: '2775'
 setype: httpd_sys_content_t

 - name: 7. create a link
file:
 src: /webdev
 dest: /var/www/html/webdev
 state: link

 - name: 8. copy content
copy:
 content: "Development"
 dest: /webdev/index.html
 setype: httpd_sys_content_t
2. Check the syntax,the real implementation of

ansible-playbook --syntax-check the webcontent. yml
ansible-playbook webcontent. yml
3. To access the test

curl http://servera/webdev/index.html
Development
12. Generate a hardware report
Create a named/home/student/ansible/hwreport. yml playbook.

In all of the managed node generates a named/root/hwreport. txt output file, and provide the following information:

inventory host name
total memory (MB)
BIOS version
device vda size
device vdb size
Output each line of the file contains one key-value pairs your script should be:
1). Download file hwreport it. In the url http://rhgls.labx.example.com/materialsis empty, 并将其保存为/root/hwreport.txt

2). Modify with correct value /root/hwreport.txt

3). If the hardware key does not exist, then the relevant value is set to NONE

Answer
1. Write hwreport script

[student@workstation ansible]$ cat hwreport. yml
- hosts: all
tasks:
 - lineinfile:
 path: /root/hwreport.txt
 line: "{{ item }}"
 create: yes
with_items:
 - "host_name = {{ ansible_hostname | default(none) }}"
 - "mem_total = {{ ansible_memtotal_mb | default(none) }}m"
 - "bios_ver = {{ ansible_bios_version | default(none) }}"
 - "vda_size = {{ ansible_devices. vda. size | default(none) }}"
 - "vdb_size = {{ ansible_devices. vdb. size | default(none) }}"
2. Detection of syntax, the real implementation of

ansible-playbook --syntax-check hwreport. yml
ansible-playbook hwreport. yml
3. Test execution results

[student@workstation ansible]$ ansible all-m shell-a "cat /root/hwreport.txt"
serverb | SUCCESS | rc=0 >>
inventory_name = 
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB

serverc | SUCCESS | rc=0 >>
inventory_name = 
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB

serverd, and then | SUCCESS | rc=0 >>
inventory_name = 
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB

servera | SUCCESS | rc=0 >>
inventory_name = 
total_mem = 487
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB
13. Create a password database
Create an Ansible repository user password as follows

Insurance library name is /home/student/ansible/locker.yml
The vault contains the following two variables:
2.1 pw_developer value is Imadev
2.2 pw_manager value is Imamgr

Encryption and decryption of the password is: whenyouwishuponastar
The password is stored in the /home/student/ansible/secret.txt file
Answer
1. Create a password file

[student@workstation ansible]$ cat /home/student/ansible/secret.txt 
whenyouwishuponastar
2. According to the password file create an encrypted yml script file

ansible-vault --vault-password-file=secret.txt create /home/student/ansible/locker.yml
#Enter edit mode enter the following content
pw_developer: Imadev
pw_manager: Imamgr
3. Use password,check the encrypted locker.yml file

ansible-vault view locker. yml --vault-password-file=/home/student/ansible/secret.txt
Expand:use the ansible-vault encrypt/decrypt a file that already exists

ansible-vault --vault-password-file=secret.txt encrypt issue.yml
ansible-vault --vault-password-file=secret.txt the decrypt issue.yml

14. Create a user account
Download http://rhgls.labx.example.com/materials/user_list.yml file and save it to /home/student/ansible/user_list. yml
Using /home/student/ansible/locker.yml in the password (on the above topic has been created before), create a file /home/student/ansible/users.yml to save these accounts:
2.1 having developer job description the user should:

2.1.1 in the dev and test host group is created on the managed node

2.1. 2 from pw_developer variable assign a password

2.1.3 is part of the devops group members

2.2 has the management functions described in the user as:

2.2.1 in the prod host group of Managed nodes are created on the

2.2. 2 from pw_manager variable assign a password

2.2.3 belong to the opsmgr team members

The password should be using a SHA512 hash format
Your script should use the vault password file in other place to create this exam.
Answer
1. Prepare a user list file(the file in environment download less)

[student@workstation ansible]$ cat user_list. yml 
---
users:
  - name: node1
    job: developers
  - name: node2
    job: developers
  - name: node3
    job: manager

2. Write a CREATE USER script
[student@workstation ansible]$ cat users.yml
- hosts: all
  vars_files:
    - locker. yml
    - user_list.yml
  tasks:
   - name: create developer ops mgr
     block:
     #1. Create two groups
      - group:
          name: devops
          state: present
      - group:
          name: opsmgr
          state: present
     #2. Create a developer user group 
      - user:
          name: "{{ item. name }}"
          password: "{{ pw_developer | password_hash('sha512') }}"
          state: present
          groups: devops
        with_items: "{{ users }}"
     when: ( ansible_hostname in groups['dev'] or ansible_hostname in groups['test'] ) and item. job == "developers"
     #3. Create an opsmgr group of users
      - user:
          name: "{{ item. name }}"
          password: "{{ pw_manager | password_hash('sha512') }}"
          state: present
          groups: opsmgr
        with_items: "{{ users }}"
        when: ansible_hostname in groups['prod'] and item. job == "manager"

4. Detect grammatical, simulation execution, test results

ansible-playbook --vault-password-file=secret.txt users.yml --syntax-check
ansible-playbook --vault-password-file=secret.txt users.yml --check
ansible-playbook --vault-password-file=secret.txt users.yml
5. Test results

ansible all -m shell- a 'id nodeX'
X=1~3
15. Ansible vault with Rekey
Rekey an existing Ansible vault is as follows:

Download http://rhgls.labx.example.com/materials/salaries.yml and save as/home/student/ansible/salaries. yml;
The current vault password for insecure4sure;
The new wallet password for bbe2de98389b;
The vault is still in use the new password encryption state;
Answer
1. salaries.yml download no,need to create yourself

[student@workstation ansible]$ ansible-vault create salaries. yml
#Prompt to enter a password and confirm
New Vault password: insecure4sure
Confirm New Vault password: insecure4sure

#Editing interface,and add the following content
RED HAT ANSIBLE 2.7 EXAM
GOOD LUCK
2. Set a new password

[student@workstation ansible]$ ansible-vault rekey salaries. yml 
Vault password: insecure4sure
New Vault password: bbe2de98389b
Confirm New Vault password: bbe2de98389b
Rekey successful
3. Use the new password to view encrypted files

[student@workstation ansible]$ ansible-vault view salaries.yml 
Vault password: bbe2de98389b
RED HAT ANSIBLE 2.7 EXAM
GOOD LUCK

16. Update the kernel
Write update_kernel. yml

1. Install the latest version of the kernel

2. All the hosts kernel after the update is completed,restart

3. Wait for the restart after a good,put the kernel version information is written to /root/update. txt

Answer
1. Write the script file

[student@workstation ansible]$ cat update_kernel. yml 
- hosts: all
tasks:
 - name: 1. update kernel
yum:
 name: "kernel"
 state: latest
 register: msg
 ignore_errors: true

 - name: 2. if the kernel is update over
debug:
 msg: "kernel is update over"
 when: msg is failed
 failed_when: msg is failed

 - name: 3. reboot the host
#Directly restart will not be able to perform the following task, so here is the first sleep a bit, then perform
 shell: "sleep 1 && shutdown-r now"
 async: 1
 poll: 0
 ignore_errors: true

 - name: 4. wait for host start
wait_for:
 host: "{{ inventory_hostname }}"
 state: started
 delay: 30
 timeout: 300
 port: 22
 #Because the remote host has been shutdown, so this task can only be in the present machine to perform
 delegate_to: localhost

 - name: 5. write udpate info to file
 shell: "uname-r > /root/update.txt" 
 delegate_to: "{{ inventory_hostname }}"
2. Execute the script

[student@workstation ansible]$ ansible-playbook update_kernel. yml 
3. View the updated file

[student@workstation ansible]$ ansible all-m shell-a 'cat /root/update.txt'
servera | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64

serverc | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64

serverd, and then | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64

serverb | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64
The original statement, this article is the author authorized cloud+community published, without permission, may not be reproduced.

ANsible install and set up - updated

 Server information


Setting up LAB Environment - High level tasks
Control machine  ---ssh---->  Target machine

A. System build
1. Build one Control and at least 2 target machines
2. make sure ssh is running on both machines
3. Create user for ansible use.

B. ssh set up
4. Generate ssh-key-pair using ssh-keygen
5. Add public key to authorized_keys ssh-copy-id
6. Test passwordless connectivity with ssh

C. Set up ansible
7. Install ansible on control node
8. Define Target hosts in ansible inventory file
9. Test connectivity with ansible
   $ ansible target -i inventory -m ping


I have three CentOS servers. These servers are also going to be used for kubernetes.

master    192.168.56.5
worker1    192.168.56.6
worker2 192.168.56.7

Add this entry to your /etc/hosts file since we won't have DNS server.
You should be able to make a connection between master and the worker nodes.
Add user sam to wheel group. or
add sam to sudoers file to run commnads without prompting for password.
# cat > /etc/sudoers.d/sam
sam ALL=(ALL) NOPASSWD:ALL

or
$ echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)


Installing ansible on Centos 8.x
On master server perform the following tasks.

1. Update the DNF package repository cache
# dnf makecache

2. Download and Install epel-release package
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum localinstall epel-release-latest-8.noarch.rpm

3. update the DNF package repository cache again
# dnf makecache

4. Now, Install ansible
# dnf install ansible

5. Verify ansible is installed.
# ansible --version
# ip a s | more


6. Set up passwordless authentication.
Generate ssh-key and copy to worker node
[sam@master ~]$ ssh-keygen -b 2048
[sam@master ~]$ ssh-copy-id master
[sam@master ~]$ ssh-copy-id worker1
[sam@master ~]$ ssh-copy-id worker2
[sam@master ~]$ ssh worker1
[sam@master ~]$ ssh worker2

7. Now, lets create an inverntory file which contains all your systems.
Inventory file contains all managed hosts.
By default it reads from ansible.cfg file.
To list all inventory files
$ ansible all --list-hosts

To see your config file, run

[sam@master ~]$ ansible --version
ansible 2.9.11
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/sam/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
[sam@master ~]$ pwd
/home/sam
[sam@master ~]$ mkdir ansible; cd ansible
[sam@master ~]$ cat myhosts
master
worker1
worker2

List all your hosts from hostfile 'myhosts' and test the connection
[sam@master ~]$ ansible -i myhosts-m ping worker1
[sam@master ~]$ ansible -i myhosts all

You will see SUCCESS result.

Note: The host file is not on config file, that we why we are specifying hosts with -i flag.

Now, edit the config file and go under [defaults] and specify the hosts record location.
$ sudo vi /etc/ansible/ansible.cfg
inventory      = /home/sam/ansible/myhosts

[sam@master ansible]$ ansible all --list-hosts
  hosts (3):
    master
    worker1
    worker2


Lets modify the inventory file.
[sam@master ansible]$ cat myhosts
[masterserver]
master ansible_user=sam

[WebServer]
worker1 ansible_user=sam
worker2 ansible_user=sam

Now, lets ping the webserves.

[sam@master ansible]$ ansible -m ping WebServer
worker1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
worker2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
[sam@master ansible]$



Note: Ansible works on push mechanism which chef, puttet work on pull mechanism.

Now, lets go ahead and check if httpd hpackage is installed on worker node 1 and 2

[root@worker1 ~]# rpm -qa | grep httpd

No result is returned. Now, go back to control node and start a task to install package on target node: worker1

[sam@master ansible]$ ansible -b --become-method=sudo -m shell -a 'yum install -y httpd' WebServer
[WARNING]: Consider using the yum module rather than running 'yum'.

Go to node 1 and check, you will get result this time.
[root@worker1 ~]# rpm -qa | grep httpd
httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
httpd-filesystem-2.4.37-21.module_el8.2.0+382+15b0afa8.noarch
httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64
centos-logos-httpd-80.5-2.el8.noarch


Now, goahead and remove it. There is a better way to install software.

[sam@master ansible]$ ansible -b --become-method=sudo -m shell -a 'yum erase -y httpd' WebServer

check on worker nodes, its gone now.

Now, lets use package module to install.
[sam@master ansible]$ ansible -b --become-method=sudo -m package -a 'name=httpd state=present' WebServer

Go to the target nodes and verify that packages are installed.

Now, remove those packages
[sam@master ansible]$ ansible -b --become-method=sudo -m package -a 'name=httpd state=absent' WebServer

You have to look for status
"changed": true,

=====================================

[sam@master ansible]$ more myserv.yml
---
- hosts: WebServer
  tasks:
    - package: "name=httpd state=present"
    - copy: "src=web.html" dest=/var/www/html"
    - service: "name=httpd state=started"


change it to below
#---
- hosts: WebServer
  tasks:
    - package:
        name: "httpd"
        state: "present"
    - copy:
        src: "web.html"
        dest="/var/www/html"
    - service:
        name="httpd"
        state="started"


[sam@master ansible]$ cat web.html
This is a page created for ansible
[sam@master ansible]$ cat myhosts
[masterserver]
master ansible_user=sam

[WebServer]
worker1 ansible_user=sam
worker2 ansible_user=sam
[sam@master ansible]$

Git Intro

git - the simple guide



1. Download and Installation
- GO to the link below and download the software. Follow the installation guide.

  https://git-scm.com/download

2. Create a local repository

# mkdir /mygit; cd /mygit
# git init

Create a working copy of local repository
$ git clone /path-to_repo

or if you are suing remote server
$ git clone user@host:/path/to/repository



How it works (Workflow)

Local repository consosts of three tree maintained by git.

1. Your working directory
  - This directory holds the actual files.
2. The index
- This acts as a staging area
3. The HEAD
- it points to the last commit you have made.


Working dir ---Add --> Index (stage) --Commit--> HEAD


Add and Commit

You can propose changes (Add it to the index) using
$ git add <filename> or
$ git add *

This is a first step in basic fit workflow. To actually commit these changes use
$ git commit -m "Commit messages"

Now, the file is committed to the HEAD but not in your remote repository yet


Pushing changes
Your changes are now in the HEAD of your local working copy. TO send these changes to your remote repository, run the following command

$ git push origin master
master is the name of branch. Change it to whatever branch you want to push to.


If you haven't cloned an existing repository and wnat to connect your repository to a remote server, you need to add it with

$ git remote add origin <server>

Now, you are able to push your changes to the selected remote server.


Branching
Branches are used to develop features isolated from each other. The master branch is the "default" branch which you create a repository. Use other branches for development and merge them back to the master branch upon completion.

          feature_x
         ---------------------
branch         /       master        \  merge
-----------/-----------------------\------->

Create a new branch named "feature_x" and switch to it using
$ git checkout -b feature_x

Switch back to master
$ git checkout master

Delete the branch you created
$ git branch -d feature_x

a branch is not available to others unless you push the branch to your remote repository.
$ git push origin <branch>



Update and merge
To update your local repository to a  newest commit, run
$ git pull

In your working directory to fetch and merge remote changes

To merge another branch into your active branch (say master), use
$ git merge <branch>

In both cases git tries to auto-merge changes. Unfortunately, this is not always possible and results in conflicts. You are responsible to merge those conflicts manually by editing the files shown by git. After changing you need to mark them as merged with
$ git add <filename>


Before merging changes, you can also preview them by using
$ git diff <source_branch> <target_branch>










http://rogerdudler.github.io/git-guide/

Ansible Intro

What is an ansible?
It is an IT automation, configuration management and provisioning tool.
It uses 'playbook' to deploy, manage, built, test and configure anything from full server environments to websites to custom compiled source code for applications.

Ansible operates only with ssh. It uses the push method, requiring no client installation or configuration on client side. (Need to install python on client machine).
- Ansible uses pure in order execution, which can be easy to read as well as convert from other language or scripts.
- Ansible is built upon python and the huge standard of inclusive functionality that comes with it.
- It is based on YAML standard.



It brings together aspect of environment management that has been traditionally separate and managed independently.

So, ansible is
a. Change Management
b. Automation
c. Provisioning
d. Orchestration


a. Change Management
- Define a system state
  - Enforce the system State

System State
- Apache web server Installed
- Apache Web at version x.x.xx
- Web server started

Idempotence
- A function is idempotent if repeated applications has the same affect as a single application

b. Automation
- Define tasks to be executed automatically
  - Ordered tasks
  - Make decisions
  - Ad-hoc tasks

- Set it and forget
  - Run the task
  - Get a cup of coffee
  - Walk back to desk seeing tasks finished
  - Sip your coffee and feel productive

c. Provisioning
- Prepare a system to make it ready
  - Trasition from one state to a different state
for eg,
 - Make an ftp server
 - Make an email server
 - Make a DB server

Basic OS --------------------> Web Server

1. install web software
2. Copy configurations
3. Copy web files
4. Install security updates
5. Start web service

d. Orchestration
- Coordinates automation between systems
Task1 - System1
Task2 - System2
Task3 - System3
Task4 - System1

What ansible makes it so different?
- Its clean ..
- No agents
- No database
- No residual software
- No Complex upgrades


YAML
Ansible execution
- No programming required
- Not a markup language
- Structured
- Easy to read and write

Built-in Security
- Uses ssh
- Root/sudo usage
- Encripted vault
- No PKI needed.


What are ofther similar tools
There are so many great tools available with different use case. Some of them are:

- Puppet
- Chef
- Salt
- Jenkins
- Fabric

Ansible works at a high level that it can also be used in conjuction with one or more of these tools. It is often called an 'orchestration' tool since it can function independently as weel as 'control' one or more of the tools above.









Core component of Ansible
1. Inventories
2. Modules
3. Variables
4. Facts
5. plays and Playbook
6. Configuration files
7. Templates
8. Roles
9. Ansible Vault

1. Inventories
Inventories can be of
1. Static
2. Dynamic

Static
- Local host databse is at /etc/ansible/hosts
- Can be called using -i option from different file location

Dynamic
- can be feed via a program
- or using facts

2. Modules
- Module makes ansible intellegent
- These are tools in the workshop
- Modules can be run directly or through the playbook against hosts.
- You can write your own module
- Example of module can be ping, yum, ..

3. Variables
- Variables are very handly when dealing with different systems and their functions.
- It allow you to customize the behavior for each systems.
- Variable names should be letters, numbers, and underscores
- Variables should always start with letter.
- It can be defined in in the inventory file and also on playbook.
- We can use jinja2 template system to reference the variable. For eg,
  player={{ player_list }}


4. Ansible Facts
- ANsible facts is a way of getting data from your system.
- These facts can be used in playbook variables.
- You can disable facts gathering in a playbook.
- The reason is:
  - Its not always required.
  - It can speed up the executing
     - hosts: mainhosts
       gather_facts: no


5. Play and playbooks
- Like modules in puppet and cookbooks in chef, playbook in ansible
- A play is a task that used to perform in a host machine.
- A playbook is a task
- Playbooks are your instruction manuals, the hosts are the raw materials.
- Playbook is written YAML format.

Playbooks are devided into 3 sections
1.Target section
– Define on which host machines the playbook would run.
  Its like nodes.pp in puppet and run-list in chef.

2. variable section
– defines variables which can be used in playbooks

3.Tasks
- List all modules intend to run in order.



6. Configuration Files
- The default config file is /etc/ansible/ansible.cfg
- You can enable or disable options in config file.
- You can use config files if you want to use different options
The order is as follows:
a. ANSIBLE_CONFIG is an environment variable
b. ansible.cfg in the current directory
c. .ansible.cfg in the home directory
d. finally the default /etc/ansible/ansible.cfg


Templates
- What is templates?
- There is an ansible module called template.
- A template is a definition and set of parameters for running an ansible job.
- Job templates are useful to execute the same job again and again.
- Variables can be used in templates to populate the content.

Handlers
- A task in a playbook can be trigger a handler.
- Used to handle error conditions.
- Called at the end of each play.
- You can have multiple tasks trigger another actions.

Roles
- A playbook is a standalone file ansible runs to set up your servers.
- Roles can be through of as a playbook thats split into multiple files.
  for eg, one file for tasks, one for variables, and one for handlers
- They are a method you use to package up tasks, handlers and everything else you need into reusable components you put together and include in a playbook.
- Ansible Galaxy is a repository for roles people have created for tasks.

Ansible Vault
- Ansible vault is a secure store.
- It allows ansible to keep sensitive data such as passwords, encripted files
- A commandline tool ansible-vault is used to edit the files.
- Command line flag is used --ask-vault-pass or --vault-password-file

Installing Ansible on CentOS 8

Server information

I have three CentOS servers. These servers are also going to be used for kubernetes.

master    192.168.56.5
worker1    192.168.56.6
worker2 192.168.56.7

Add this entry to your /etc/hosts file since we won't have DNS server.
You should be able to make a connection between master and the worker nodes.
Add user sam to wheel group. or
add sam to sudoers file to run commnads without prompting for password.
# cat > /etc/sudoers.d/sam
sam ALL=(ALL) NOPASSWD:ALL

or
$ echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$(whoami)


Installing ansible on Centos 8.x
On master server perform the following tasks.

1. Update the DNF package repository cache
# dnf makecache

2. Download and Install epel-release package
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# yum localinstall epel-release-latest-8.noarch.rpm

3. update the DNF package repository cache again
# dnf makecache

4. Now, Install ansible
# dnf install ansible

5. Verify ansible is installed.
# ansible --version
# ip a s | more


6. Set up passwordless authentication.
Generate ssh-key and copy to worker node
[sam@master ~]$ ssh-keygen -b 2048
[sam@master ~]$ ssh-copy-id master
[sam@master ~]$ ssh-copy-id worker1
[sam@master ~]$ ssh-copy-id worker2
[sam@master ~]$ ssh worker1
[sam@master ~]$ ssh worker2

7. Now, lets create an inverntory file which contains all your systems.
[sam@master ~]$ mkdir ansible
[sam@master ~]$ cat myhosts
master
worker1
worker2

List all your hosts from hostfile 'myhosts' and test the connection
[sam@master ~]$ ansible -i myhosts-m ping worker1
[sam@master ~]$ ansible -i myhosts all

You will see SUCCESS result.