This is not mine!!!
finded in net
may be have errors!
putted AS IS
source: https://cloud.tencent.com/developer/article/1573527
translated from google
RHCA DO407
1. Install and configure Ansible
Install and configure ansible and ansible control node control.labx.example. com is as follows:
Create a named/home/student/ansible/inventory, static inventory file as shown below:
2.1 servera is the dev host group members
2.2 serverb is the test host group members
2.3 serverc and serverd, and then is the prod host group members
2.4 serverb is balancers the hosts of the group a member
2.5 prod group is webservers host-group members
3. Create a named /home/student/ansible/ansible.cfg configuration file,as shown below:
3.1 host inventory file /home/student/ansible/inventory
3.2 the script in the role of the position is defined as /home/student/ansible/roles
Practice environment in the workstation, log in the student user,the exam environment in remote_user = matthew,here is devops
Answer
1. Switch to the student user, creating the ansible and the role catalog
su - student
mkdir-p /home/student/ansible/roles
cd /home/student/ansible
2. Edit the inventory file
[student@workstation ansible]$ cat inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd, and then
[balancers]
serverb
[webservers:children]
prod
3. Edit the ansible configuration file
[student@workstation ansible]$ cat ansible. cfg
[defaults]
remote_user = devops
inventory = /home/student/ansible/inventory
roles_path = /home/student/ansible/roles
ask_pass = Flase
[privilege_escalation]
quiet=True
become_method=sudo
become_user=root
become_ask_pass=False
4. ping test
[student@workstation ansible]$ ansible all -m ping
serverd, and then | SUCCESS => {
"changed": false,
"ping": "pong"
}
servera | SUCCESS => {
"changed": false,
"ping": "pong"
}
serverb | SUCCESS => {
"changed": false,
"ping": "pong"
}
serverc | SUCCESS => {
"changed": false,
"ping": "pong"
}
2. As a system administrator, you need to in a managed node is installed on the software
Create
a named /home/student/ansible/adhoc.sh shell script that runs an
ansible ad-hoc command on each managed node to create a yum repository,
as shown below:
The name of the repository is: exam_rhel
Description is: EX407 software
The basic URL is: http://rhgls.labx.example.com/rhel
Enable GPG signature checking
GPG key URL is: http://rhgls.lab.example.com/rhel/RPM-GPG-KEY-redhat-release
6. Enable the repository
Answer
1.
Create a repository script,note the url where the url is the practice
environment of the url,not the above topic test url,your own environment
is rhel7. 5
[student@workstation ansible]$ cat adhoc.sh
#!/ bin/bash
ansible all -m yum_repository-a 'name=Exam_RHEL description="EX407 software" baseurl=http://content.example.com/rhel7.5/x86_64/dvd gpgcheck=yes gpgkey=http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
2. Change the script permission and execute the script
sudo chmod 755 adhoc.sh && /adhoc.sh
3. Check the yum source is configured
ansible all-m shell-a 'cat /etc/yum. repos. d/Exam_RHEL. repo'
[student@workstation ansible]$ ansible all-m shell-a 'cat /etc/yum. repos. d/Exam_RHEL. repo'
serverc | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software
serverb | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software
servera | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software
serverd, and then | SUCCESS | rc=0 >>
[Exam_RHEL]
baseurl = http://content.example.com/rhel7.5/x86_64/dvd
enabled = 1
gpgcheck = 1
gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release
name = EX407 software
3. Install the package
The installation package create a file called/home/student/ansible/packages. yml script
In dev, test and prod host group on a host to install php and mariadb packages
The development tools package Group is mounted to the dev host group on a host
In the dev host group on a host to update all packages to the latest version
Answer
1. Edit package. yml file
[student@workstation ansible]$ cat package. yml
---
- hosts: dev,test,prod
tasks:
- name: install php and mariadb
yum:
name: "{{ item }}"
state: present
with_items:
- php
- mariadb
- name: install group Dev
yum:
name: "@Development Tools"
state: present
when: ansible_hostname in groups["dev"]
- name: update
yum:
name: "*"
state: latest
when: ansible_hostname in groups["dev"]
2. Check the syntax
ansible-playbook-2.7 --syntax-check package. yml
3. Verify that the installation no
[student@workstation ansible]$ ansible dev,test,prod -m shell -a "rpm -qa |egrep 'php|mariadb'"
serverb | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64
serverd, and then | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64
serverc | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64
servera | SUCCESS | rc=0 >>
mariadb-libs-5.5.56-2. el7. x86_64
php-cli-5.4.16-45. el7. x86_64
php-common-5.4.16-45. el7. x86_64
php-5.4.16-45. el7. x86_64
mariadb-5.5.56-2. el7. x86_64
4. Using a RHEL system roles
Install timesync, the role of the package,the download address http://materials/timesync-1.0.1.tar.gz
And create a file called/home/student/ansible/timesync. yml script:
On all managed hosts running on the
Use timesync role.
Configure the role to use the time server 172. 24. 1. 254(in our lab is 172. 25. 254. 254)
The role configuration for the iburst parameter is set to enabled
Answer
1. To install this role,here with the yum install not,can only use the ansible-galaxy way to install
sudo yum install-y rhel-system-roles
2. Writing software source address
cat get_timesync. yml
- src: http://materials/timesync-1.0.1.tar.gz name: linux-system-timesync
3. Install timesync into the roles/directory
ansible-galaxy install-r get_timesync. yml-p roles/
4. Write the script file
cat timesync. yml
- hosts: all
vars:
timesync_ntp_servers:
- hostname: 172.25.254.254
iburst: yes
roles:
- role: linux-system-timesync
5. Detection of syntax, the real implementation, see the effect
ansible-playbook --syntax-check timesync. yml
ansible-playbook timesync. yml
ansible all-m shell-a 'chronyc sources'
servera | SUCCESS | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 77 46 -14ms[ -16ms] +/- 18ms
5. Install and use the role
Use Ansible Galaxy to create the name for the/home/student/ansible/roles/requirememts. yml
Download later and install in the/home/student/ansible/roles under
1. Downloadhttp://materials/haproxy.tar.gz, the role name should be the balancer
2. Downloadhttp://materials/phpinfo.tar.gz, the role name should be phpinfo
Answer
1. Write requirements. yml script
cat requirements. yml
- src: http://materials/haproxy.tar.gz
name: balancer
- src: http://materials/phpinfo.tar.gz
name: phpinfo
2. Install roles to files
ansible-galaxy install-r /home/stuednt/ansible/roles/requirements. yml-p /home/student/ansible/roles
6. Create and use a character
According to the following requirements in the/home/student/ansible/role create a named apache role
Copy
the default template directory to the/tmp/custom/,and add the templates
directory,create a role, specify the template directory to/tmp/custom
Install the httpd package, start when Enable, then start
Firewall is enabled and use the Allow access to web server rule to run
A template file index. html. j2 exists, used to create files /var/www/html/index.html the output is as follows:
Welcome to {{ FQDN }} on {{ IPADDRESS }}
Create a named/home/student/ansible/newrole. yml
The script on the webservers host-group host to run on
Answer
1. Initialize the apache roles directory
ansible-galaxy init apache --init-path /home/student/ansible/roles
2. Go to this directory,and create a templates directory(not only created)
cd /home/student/ansible/roles/apache && mkdir templates
3. Edit the task script file
[student@workstation apache]$ cat tasks/main. yml
---
# tasks file for apache
- name: Install httpd
yum:
name: httpd
state: present
- name: Start httpd
service:
name: httpd
state: started
enabled: yes
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: firewalld permits http service
firewalld:
service: http
state: enabled
permanent: true
immediate: yes
- name: create /var/www/html/index.html
template:
src: index. html. j2
dest: /var/www/html/index.html
setype: httpd_sys_content_t
4. Edit the page template file
[student@workstation apache]$ cat templates/index. html. j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4. address }}
5. Edit start role script
[student@workstation ansible]$cat /home/student/ansible/newrole. yml
---
- hosts: webservers
roles:
- apache
6. Check the syntax,execute the script,see the effect
ansible-playbook --syntax-check newrole. yml
ansible-playbook newrole. yml
curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12
curl http://serverd
Welcome to serverd.lab.example.com on 172.25.250.13
7. Make Ansible Galaxy created role
Create a roles. yml script file
In the balancers host to deploy the balancer role
The webservers host-deploy phpinfo role
Answer
1. Edit the script file
cat roles. yml
- hosts: balancers,webservers
roles:
- { role: balancer,when: "ansible_hostname in groups['balancers']" }
- hosts: webservers
roles:
- phpinfo
2. Test, the real execution of the script
ansible-playbook-C roles. yml
ansible-playbook roles. yml
3. Detection operating results
[student@workstation ansible]$ curl http://serverb
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://serverb/hello.php
Hello PHP World form serverd.lab.example.com
[student@workstation ansible]$ curl http://serverc/hello.php
Hello PHP World form serverc.lab.example.com
8. Create a partition
Write a script location in the/home/student/ansible/partition. yml,on all hosts on the run,requirements are as follows:
In the vdb,and create a primary partition,numbered 1,size 1500MiB
Formatted into ext4 file system,hanging on to /newpart
If
you are unable to create the requested partition size, you should use
the error message “Unable to create the size of partition”, should be
displayed, but should be using the size of 800Mib the
If the device vdb does not exist, the error message "disk is not present" it should be displayed
The pseudo-code logic
if vdb is exist
try:
fdisk vdb size=1500Mbib && mkfs.ext4 mount /dev/vdb1 /newpart
rescue:
fdisk vdb size=800Mbib && mkfs. ext4 mount /dev/vdb1 /newpart
else
echo does exist partion vdb
Answer
1. Write the partition script
[student@workstation ansible]$ cat partition. yml
- hosts: all
tasks:
- name: "1. test vdb is exist"
shell: ls /dev/vdb
register: msg
ignore_errors: yes
- name: "2. if vdb not exist output error msg"
debug:
msg: "the vdb is not exist"
when: msg is failed
failed_when: msg is failed
- name: "3. create partition size of the 1500MiB"
block:
- name: "3-1. create a vdb1"
parted:
number: 1
device: /dev/vdb
part_start: 1MiB
part_end: 1500MiB
state: present
rescue:
- name: "3-2. show error msg"
debug:
msg: "clound not create partition of that size"
- name: "3-3. create a 800MiB"
parted:
number: 1
device: /dev/vdb
part_start: 1MiB
part_end: 800MiB
state: present
- name: "4. create filesystem"
filesystem:
dev: /dev/vdb1
fstype: ext4
- name: "5. create directory"
file:
path: /newpart
state: directory
mode: '0755'
- name: "6. mount device"
mount:
src: /dev/vdb1
path: /newpart
fstype: ext4
state: mounted
3. To see the effect
[student@workstation ansible]$ ansible all-m shell-a "lsblk"
serverb | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
serverd, and then | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
serverc | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
servera | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 40G 0 disk
└─vda1 252:1 0 40G 0 part /
vdb 252:16 0 1G 0 disk
└─vdb1 252:17 0 799M 0 part
8.1 create and apply a logical volume
In the/home/student/ansible/create a lv. yml file,let it in all the hosts on the run,requirements are as follows:
Create a logical volume size 1500MiB,from the research in the volume group to
Use ext4 to format this logical volume
Achieve boot automatically mount to the/data directory,only the host is qa only can
If the logical volume size cannot be created,the output error information
Could not create logical volume of that size
And use 800MiB size to create a logical volume
If you research this volume group does not exist,then output an error message:does not exist
Answer
1. Create a research of the volume group,the default does not exist,to create the
A A to all hosts on the go to create
2. Write the script file
[student@workstation ansible]$ cat lv. yml
- hosts: all
tasks:
- name: 1. check research is exist
shell: vgdisplay research
register: res
ignore_errors: yes
- name: 2. output error msg if research Center VGROUP not exist
debug:
msg: "The research volume is not exist"
when: res is failed
failed_when: res is failed
- name: 3. create 1500MiB logical volume
block:
- name: 3.1 create lvx
lvol:
vg: research
lv: lvx
size: 1500m
rescue:
- debug:
msg: "3.2 Could not create logical volume of that size"
- name: 4. create 800MiB size logical volume
lvol:
lv: lvx
vg: research
sieze: 800m
- name: 5. format logical volume
filesystem:
dev: /dev/research/lvx
fstype: ext4
- name: 6. create directory
file:
path: /data
state: directory
ignore_errors: yes
- name: 7. mount to /data
mount:
path: /data
src: /dev/research/lvx
fstype: ext4
state: mounted
when: ansible_hostname in groups['qa']
9. Generate a host file
Download http://rhgls.labx.example.com/materials/hosts.j2 to /home/student/ansible (the exam environment without can download a template file,needs its own to write)
Completion
of the template, so you can use it for each stock generated by the host
and /etc/hosts format the same row of the file.
Create a named/home/student/ansible/host. yml script,use this template in the dev host group on a host to generate the file/etc/myhosts. yml
After completion, the dev host group on a host/etc/myhosts file should be as shown below
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4
::1 localhost localhost. localdomain localhost6 localhost6. localdomain6
172.25.250.11 serverb.lab.example.com serverb
172.25.250.10 servera.lab.example.com servera
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd, and then
Answer
1. First, copy hosts to hosts.j2
[student@workstation ansible]$ sed '3,$d' /etc/hosts > /home/student/ansible/hosts. j2
2. At the bottom add the following code,note the bottom loop inside the code is one line finished.
[student@workstation ansible]$ cat /home/student/ansible/hosts. j2
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4
::1 localhost localhost. localdomain localhost6 localhost6. localdomain6
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }}
{% endfor %}
3. Write the script file
[student@workstation ansible]$ cat /home/student/ansible/hosts. yml
---
- hosts: all
tasks:
- name: copy j2
template:
src: hosts. j2
dest: /etc/myhosts
when: ansible_hostname in groups["dev"]
4. Detection of the syntax,the analog test is performed,the real implementation of
ansible-playbook --syntax hosts. yml
ansible-playbook-C hosts. yml
ansible-playbook hosts. yml
5. To verify the results
[student@workstation ansible]$ ansible dev-m shell-a 'cat /etc/myhosts'
servera | SUCCESS | rc=0 >>
127.0.0.1 localhost localhost. localdomain localhost4 localhost4. localdomain4
::1 localhost localhost. localdomain localhost6 localhost6. localdomain6
172.25.250.11 serverb.lab.example.com serverb
172.25.250.10 servera.lab.example.com servera
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd, and then
10. Modify the file content
Create a named/home/student/ansible/issure. yml script as follows:
The script runs on all hosts
the playbook will be/etc/issue contents replaced with a single line of text, as shown below:
2.1 in the dev host group on a host, content:Development
2.2 in the test host group on a host, the content:test
2.3 A in the prod host group on a host, the content:Production
Answer
1. Write a screenplay
[student@workstation ansible]$ cat /home/student/ansible/issue. yml
---
- hosts: all
tasks:
- name: replace content1
copy:
content: "Development"
dest: /etc/issue
when: ansible_hostname in groups["dev"]
- name: replace content2
copy:
content: "Test"
dest: /etc/issue
when: ansible_hostname in groups["test"]
- name: replace content3
copy:
content: "Production"
dest: /etc/issue
when: ansible_hostname in groups["prod"]
2. Detect grammatical,simulation execution,real execution
ansible-playbook --syntax-check issue. yml
ansible-playbook-C issue. yml
ansible-playbook issue. yml
3. To view the run results
[student@workstation ansible]$ ansible all-m shell-a 'cat /etc/issue'
serverd, and then | SUCCESS | rc=0 >>
Production
servera | SUCCESS | rc=0 >>
Development
serverc | SUCCESS | rc=0 >>
Production
serverb | SUCCESS | rc=0 >>
Test
11. Create a web content directory
Create a named/home/student/ansible/webcontent. yml playbook. yml as follows:
playbook in dev host group of Managed nodes running on the
Create the directory/webdev with the following requirements:
2.1 the webdev group members
2.2 permissions:owner=read+write+excute, group=read+write+excute,other=read+excute
2.3 special permissions:set Group ID
创建文件/webdev/index.html it's content is:Development,will/webdev link to/var/www/html/webdev
Answer
1. Edit the script file
[student@workstation ansible]$ cat /home/student/ansible/webcontent. yml
- hosts: dev
the heart: true
tasks:
- name: 1. Install httpd
yum:
name: "{{ item }}"
state: present
with_items:[ httpd,firewalld ]
- name: 2. Start httpd
service:
name: httpd
state: started
enabled: yes
- name: 3. start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: 4. firewall permits http service
firewalld:
service: http
state: enabled
permanent: true
immediate: yes
- name: 5. create a group
group:
name: webdev
state: present
- name: 6. create a directory
file:
path: /webdev
state: directory
group: webdev
mode: '2775'
setype: httpd_sys_content_t
- name: 7. create a link
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: 8. copy content
copy:
content: "Development"
dest: /webdev/index.html
setype: httpd_sys_content_t
2. Check the syntax,the real implementation of
ansible-playbook --syntax-check the webcontent. yml
ansible-playbook webcontent. yml
3. To access the test
curl http://servera/webdev/index.html
Development
12. Generate a hardware report
Create a named/home/student/ansible/hwreport. yml playbook.
In all of the managed node generates a named/root/hwreport. txt output file, and provide the following information:
inventory host name
total memory (MB)
BIOS version
device vda size
device vdb size
Output each line of the file contains one key-value pairs your script should be:
1). Download file hwreport it. In the url http://rhgls.labx.example.com/materialsis empty, 并将其保存为/root/hwreport.txt
2). Modify with correct value /root/hwreport.txt
3). If the hardware key does not exist, then the relevant value is set to NONE
Answer
1. Write hwreport script
[student@workstation ansible]$ cat hwreport. yml
- hosts: all
tasks:
- lineinfile:
path: /root/hwreport.txt
line: "{{ item }}"
create: yes
with_items:
- "host_name = {{ ansible_hostname | default(none) }}"
- "mem_total = {{ ansible_memtotal_mb | default(none) }}m"
- "bios_ver = {{ ansible_bios_version | default(none) }}"
- "vda_size = {{ ansible_devices. vda. size | default(none) }}"
- "vdb_size = {{ ansible_devices. vdb. size | default(none) }}"
2. Detection of syntax, the real implementation of
ansible-playbook --syntax-check hwreport. yml
ansible-playbook hwreport. yml
3. Test execution results
[student@workstation ansible]$ ansible all-m shell-a "cat /root/hwreport.txt"
serverb | SUCCESS | rc=0 >>
inventory_name =
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB
serverc | SUCCESS | rc=0 >>
inventory_name =
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB
serverd, and then | SUCCESS | rc=0 >>
inventory_name =
total_mem = 488
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB
servera | SUCCESS | rc=0 >>
inventory_name =
total_mem = 487
bios_version = 0.5.1
vda_size = 40.00 GB
vdb_size = 1.00 GB
13. Create a password database
Create an Ansible repository user password as follows
Insurance library name is /home/student/ansible/locker.yml
The vault contains the following two variables:
2.1 pw_developer value is Imadev
2.2 pw_manager value is Imamgr
Encryption and decryption of the password is: whenyouwishuponastar
The password is stored in the /home/student/ansible/secret.txt file
Answer
1. Create a password file
[student@workstation ansible]$ cat /home/student/ansible/secret.txt
whenyouwishuponastar
2. According to the password file create an encrypted yml script file
ansible-vault --vault-password-file=secret.txt create /home/student/ansible/locker.yml
#Enter edit mode enter the following content
pw_developer: Imadev
pw_manager: Imamgr
3. Use password,check the encrypted locker.yml file
ansible-vault view locker. yml --vault-password-file=/home/student/ansible/secret.txt
Expand:use the ansible-vault encrypt/decrypt a file that already exists
ansible-vault --vault-password-file=secret.txt encrypt issue.yml
ansible-vault --vault-password-file=secret.txt the decrypt issue.yml
14. Create a user account
Download http://rhgls.labx.example.com/materials/user_list.yml file and save it to /home/student/ansible/user_list. yml
Using /home/student/ansible/locker.yml in the password (on the above topic has been created before), create a file /home/student/ansible/users.yml to save these accounts:
2.1 having developer job description the user should:
2.1.1 in the dev and test host group is created on the managed node
2.1. 2 from pw_developer variable assign a password
2.1.3 is part of the devops group members
2.2 has the management functions described in the user as:
2.2.1 in the prod host group of Managed nodes are created on the
2.2. 2 from pw_manager variable assign a password
2.2.3 belong to the opsmgr team members
The password should be using a SHA512 hash format
Your script should use the vault password file in other place to create this exam.
Answer
1. Prepare a user list file(the file in environment download less)
[student@workstation ansible]$ cat user_list. yml
---
users:
- name: node1
job: developers
- name: node2
job: developers
- name: node3
job: manager
2. Write a CREATE USER script
[student@workstation ansible]$ cat users.yml
- hosts: all
vars_files:
- locker. yml
- user_list.yml
tasks:
- name: create developer ops mgr
block:
#1. Create two groups
- group:
name: devops
state: present
- group:
name: opsmgr
state: present
#2. Create a developer user group
- user:
name: "{{ item. name }}"
password: "{{ pw_developer | password_hash('sha512') }}"
state: present
groups: devops
with_items: "{{ users }}"
when: ( ansible_hostname in groups['dev'] or ansible_hostname in groups['test'] ) and item. job == "developers"
#3. Create an opsmgr group of users
- user:
name: "{{ item. name }}"
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
groups: opsmgr
with_items: "{{ users }}"
when: ansible_hostname in groups['prod'] and item. job == "manager"
4. Detect grammatical, simulation execution, test results
ansible-playbook --vault-password-file=secret.txt users.yml --syntax-check
ansible-playbook --vault-password-file=secret.txt users.yml --check
ansible-playbook --vault-password-file=secret.txt users.yml
5. Test results
ansible all -m shell- a 'id nodeX'
X=1~3
15. Ansible vault with Rekey
Rekey an existing Ansible vault is as follows:
Download http://rhgls.labx.example.com/materials/salaries.yml and save as/home/student/ansible/salaries. yml;
The current vault password for insecure4sure;
The new wallet password for bbe2de98389b;
The vault is still in use the new password encryption state;
Answer
1. salaries.yml download no,need to create yourself
[student@workstation ansible]$ ansible-vault create salaries. yml
#Prompt to enter a password and confirm
New Vault password: insecure4sure
Confirm New Vault password: insecure4sure
#Editing interface,and add the following content
RED HAT ANSIBLE 2.7 EXAM
GOOD LUCK
2. Set a new password
[student@workstation ansible]$ ansible-vault rekey salaries. yml
Vault password: insecure4sure
New Vault password: bbe2de98389b
Confirm New Vault password: bbe2de98389b
Rekey successful
3. Use the new password to view encrypted files
[student@workstation ansible]$ ansible-vault view salaries.yml
Vault password: bbe2de98389b
RED HAT ANSIBLE 2.7 EXAM
GOOD LUCK
16. Update the kernel
Write update_kernel. yml
1. Install the latest version of the kernel
2. All the hosts kernel after the update is completed,restart
3. Wait for the restart after a good,put the kernel version information is written to /root/update. txt
Answer
1. Write the script file
[student@workstation ansible]$ cat update_kernel. yml
- hosts: all
tasks:
- name: 1. update kernel
yum:
name: "kernel"
state: latest
register: msg
ignore_errors: true
- name: 2. if the kernel is update over
debug:
msg: "kernel is update over"
when: msg is failed
failed_when: msg is failed
- name: 3. reboot the host
#Directly restart will not be able to perform the following task, so here is the first sleep a bit, then perform
shell: "sleep 1 && shutdown-r now"
async: 1
poll: 0
ignore_errors: true
- name: 4. wait for host start
wait_for:
host: "{{ inventory_hostname }}"
state: started
delay: 30
timeout: 300
port: 22
#Because the remote host has been shutdown, so this task can only be in the present machine to perform
delegate_to: localhost
- name: 5. write udpate info to file
shell: "uname-r > /root/update.txt"
delegate_to: "{{ inventory_hostname }}"
2. Execute the script
[student@workstation ansible]$ ansible-playbook update_kernel. yml
3. View the updated file
[student@workstation ansible]$ ansible all-m shell-a 'cat /root/update.txt'
servera | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64
serverc | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64
serverd, and then | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64
serverb | SUCCESS | rc=0 >>
3.10.0-862. el7. x86_64
The
original statement, this article is the author authorized
cloud+community published, without permission, may not be reproduced.