首页 > 其他分享 >RHCE考试详解

RHCE考试详解

时间:2022-11-16 12:55:08浏览次数:74  
标签:workstation name RHCE ansible 详解 student root yml 考试

考前说明:所有项目运行过程中出现红色字体的报错信息是正常的,运行完成后看 “failed=0” 就代表执行成功,如果在执行任务期间暂停并且报错那么代表项目内部书写格式或者命令输入错误,请认真检查
此文档为考前模拟不代表真实考试环境及内容。

一、安装和配置 ansible

按照下方所述,在控制节点 workstation.lab.example.com 上安装和配置 Ansible:
1.安装所需的软件包
2.创建名为/home/student/ansible/inventory 的静态清单文件, 以满足以下需求:
servera 是 dev 主机组的成员
serverb 是 test 主机组的成员
serverc 和 serverd 是 prod 主机组的成员
bastion 是 balancers 主机组的成员
prod 组是 webservers 主机组的成员
3.创建名为/home/student/ansible/ansible.cfg 的配置文件, 以满足以下要求:
主机清单文件为/home/student/ansible/inventory
playbook 中使用的角色的位置包括/home/student/ansible/roles

准备工作:
[root@foundation0 ~]# ssh root@workstation
Activate the web console with: systemctl enable --now cockpit.socket

[root@workstation ~]# ssh root@bastion "useradd devops; echo redhat |passwd --stdin 
devops"
Warning: Permanently added 'bastion,172.25.250.254' (ECDSA) to the list of known hosts.
Changing password for user devops.
passwd: all authentication tokens updated successfully.

[root@workstation ~]# for i in server{a..d} bastion;do ssh root@$i "echo 'devops 
ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/devops";done
Warning: Permanently added 'servera,172.25.250.10' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverb,172.25.250.11' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverc,172.25.250.12' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverd,172.25.250.13' (ECDSA) to the list of known hosts.

[root@workstation ~]# yum -y install ansible #若考试已经安装好了,则不需要安装了
[root@workstation ~]# su - student #考试要求所有的配置都⽤⼀个普通⽤户进⾏配置
开始:
[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ vim inventory

[dev]
servera

[test]
serverb

[prod]
serverc
serverd

[balancers]
bastion

[webservers:children]
prod

[student@workstation ansible]$ cp /etc/ansible/ansible.cfg .
[student@workstation ansible]$ vim ansible.cfg

inventory      = /home/student/ansible/inventory	//取消注释并更改路径
roles_path    = /home/student/ansible/roles			//取消注释并更改路径
remote_user = devops								//取消注释并更改用户
[privilege_escalation]
become=True											//取消注释即可
become_method=sudo									//取消注释即可
become_user=root									//取消注释即可
become_ask_pass=False								//取消注释即可

[student@workstation ansible]$ mkdir -p /home/student/ansible/roles
[student@workstation ansible]$ ansible all -m ping	//执行后呈现绿色的“ping  pong”即代表成功

二、创建和运行Ansible 临时命令

请按照下方所述, 创建⼀个名为/home/student/ansible/adhoc.sh 的 shell 脚本, 该脚将使用
Ansible 临时命令在各个受管节点上安装 yum 存储库:
存储库 1:
存储库的名称为:rh294_BASE
描述为:rh294 base software
基础 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
GPG 签名检查为启用状态
GPG 密钥 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
存储库 2:
存储库的名称为:rh294_STREAM
描述为:rh294 stream software
基础 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/AppStream
GPG 签名检查为启⽤状态
GPG 密钥 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态

准备工作:
[student@workstation ansible]$ for i in server{a..d} bastion; do ssh root@$i "rm -rf/etc/yum.repos.d/*"; done				//因虚拟机自带 yum 源, 需要先删除, 考试时不需要操作

Warning: Permanently added 'servera,172.25.250.10' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverb,172.25.250.11' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverc,172.25.250.12' (ECDSA) to the list of known hosts.
Warning: Permanently added 'serverd,172.25.250.13' (ECDSA) to the list of known hosts.
Warning: Permanently added 'bastion,172.25.250.254' (ECDSA) to the list of known hosts.

开始:
[student@workstation ansible]$ vim adhoc.sh

#!/bin/bash

ansible all -m yum_repository -a "name=rh294_BASH description='rh294 base software' file=rhed_dvd gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/ enabled=yes"

ansible all -m yum_repository -a "name=rh294_STREAM description='rh294 stream software' file=rhed_dvd gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream/ enabled=yes"

[student@workstation ansible]$ chmod a+x adhoc.sh
[student@workstation ansible]$ ./adhoc.sh

三、安装软件包

创建⼀个名为 /home/student/ansible/packages.yml 的 playbook:
1.将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
2.将 Development Tools 软件包组安装到 dev 主机组中的主机上
3.将 dev 主机组中主机上的所有软件包更新为最新版本

开始:
[student@workstation ansible]$ vim packages.yml

---
- hosts: dev,test,prod
  tasks:
    - name: install mariadb php
      yum:
        name:
          - php
          - mariadb
        state: present
- hosts: dev
  tasks:
    - name: install Development Tools
      yum:
        name: "@Development Tools"
        state: present
    - name: update pkgs
      yum:
        name: '*'
        state: latest
        
[student@workstation ansible]$ ansible-playbook packages.yml

四、使用 RHEL 系统角色

安装 RHEL 系统角色软件包,并创建符合以下条件的 playbook /home/student/ansible/timesync.yml:
1.在所有受管节点上运行
2.使用 timesync 角色
3.配置该角色,以使用当前有效的 NTP 提供
4.配置该角色,以使用时间服务器 classroom.example.com

准备工作:
[root@foundation0 ~]# ssh root@workstation
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Wed Sep 21 07:51:44 2022 from 172.25.250.250

[root@workstation ~]# yum -y install rhel-system-roles
[root@workstation ~]# su - student
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-systemroles.timesync roles/timesync
开始:
[student@workstation ansible]$ vim timesync.yml

---
- hosts: all
  vars:
    timesync_ntp_servers:
      - hostname: classroom.example.com
        iburst: yes
    timesync_ntp_provider: chrony
  roles:
    - timesync
  post_tasks:
    - name: set timezone
      timezone:
        name: Asia/Shanghai
      notify: restart crond
  handlers:
    - name: restart crond
      service:
        name: crond
        state: restarted
        
[student@workstation ansible]$ ansible-playbook timesync.yml

//说明:若考试没有要求设置时区,post_tasks 和 handlers 部分可以不⽤配置;如果重新设置了时区,建议重启⼀下
crond 定时器,确保计划任务运⾏的时间是对的。

五、使用 RHEL 系统角色

安装 RHEL 系统角色软件包,并使用 SeLinux 角色,要求在所有节点运行,将 SELINUX 设置为强制模式。

准备工作:
[student@workstation ansible]$ sudo yum -y install rhel-system-roles
[sudo] password for student: student
[student@workstation ansible]$ ls
adhoc.sh ansible.cfg inventory packages.yml roles timesync.yml

[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux
roles/selinux

[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux
roles/selinux
开始:
[student@workstation ansible]$ vim selinux.yml 		//看题目要求的文件名是什么

---
- hosts: all
  vars:
    selinux_policy: targeted
    selinux_state: enforcing
  roles:
    - role: selinux
      become: true
      
[student@workstation ansible]$ ansible-playbook selinux.yml

六、使用 Ansible Galaxy 安装角色

使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml,从以下 URL
下载角色并安装到 /home/student/ansible/roles:
1.http://classroom.example.com/content/haproxy.tar.gz 此角色的名称应当为 balancer
2.http://classroom.example.com/content/phpinfo.tar.gz 此角色的名称应当为 phpinfo

准备工作:
将 haproxy.tar.gz 和 phpinfo.tar.gz 下载下来放入 foundation0 下面的/content 目录下。
起一个新的终端:
[root@foundation0 ~]# cd /content/
[root@foundation0 content]# wget
http://classroom.example.com/content/ansible2.8/haproxy.tar.gz

[root@foundation0 content]# wget
http://classroom.example.com/content/ansible2.8/phpinfo.tar.gz
开始:
[root@foundation0 content]# ssh workstation
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ ls
adhoc.sh ansible.cfg inventory packages.yml roles selinux.yml timesync.yml

[student@workstation ansible]$ vim roles/requirements.yml

- name: balancer
  src: http://content.example.com/haproxy.tar.gz
- name: phpinfo
  src: http://content.example.com/phpinfo.tar.gz
  
[student@workstation ansible]$ ansible-galaxy install -r roles/requirements.yml -p
roles/

七、创建和使用角色

根据下列要求,在 /home/student/ansible/roles 中创建名为 apache 的角色:
1.httpd 软件包已安装,设为在系统启动时启用
2.防⽕墙已启用并正在运行,并使用允许访问 Web 服务器的规则
3.模板文件 index.html.j2 已存在,用于创建具有以下输出的文件 /var/www/html/index.html:
Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME 是受管节点的完全限定域名,IPADDRESS 则是受管节点的 IP 地址。
4.按照下方所述,创建⼀个使用此角色的 playbook /home/student/ansible/newrole.yml:
该 playbook 在 webservers 主机组中的主机上运行

开始:
[student@workstation ansible]$ ls
adhoc.sh ansible.cfg inventory packages.yml roles selinux.yml timesync.yml

[student@workstation ansible]$ cd roles/
[student@workstation roles]$ ansible-galaxy init apache
- apache was created successfully

[student@workstation roles]$ vim apache/tasks/main.yml

---
# tasks file for apache
- name: install http
  yum:
    name: httpd
    state: present
- name: system service
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - httpd
    - firewalld
- name: firewalld service
  firewalld:
    service: http
    zone: public
    permanent: yes
    immediate: yes
    state: enabled
- name: user templates
  template:
    src: index.html.j2
    dest: /var/www/html/index.html

[student@workstation roles]$ vim apache/templates/index.html.j2

Welcome to {{ ansible_facts['fqdn'] }} on {{ ansible_facts['default_ipv4']['address'] }}

[student@workstation roles]$ cd ..
[student@workstation ansible]$ vim newrole.yml

---
- hosts: webservers
  roles:
    - apache
    
[student@workstation ansible]$ ansible-playbook newrole.yml

[student@workstation ansible]$ curl serverc			//验证
Welcome to serverc.lab.example.com on 172.25.250.12

[student@workstation ansible]$ curl serverd			//验证
Welcome to serverd.lab.example.com on 172.25.250.13

八、从 Ansible Galaxy 使用角色

根据下列要求,创建⼀个名为 /home/student/ansible/roles.yml 的 playbook:
1.playbook 中包含⼀个 play,该 play 在 balancers 主机组中的主机上运⾏并将使用 balancer
角色。
此角色配置⼀项服务,以在 webservers 主机组中的主机之间平衡 Web 服务器请求的负载。
浏览到 balancers 主机组中的主机(例如 http:/bastion.lab.example.com/ )将生成以下输
出:
Welcome to serverc.example.com on 172.25.250.12
重新加载浏览器将从另⼀ Web 服务器生成输出:
Welcome to serverd.example.com on 172.25.250.13
2.playbook 中包含⼀个 play,该 play 在 webservers 主机组中的主机上运⾏并将使用 phpinfo
角色。
通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出:
Hello PHP World from FQDN
其中,FQDN 是主机的完全限定名称。
例如,浏览到 http://serverc.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverc.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。
同样,浏览到 http://serverd.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverd.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。

准备工作:
[student@workstation ansible]$ ssh root@bastion 'systemctl stop httpd && systemctl
disable httpd'			//关闭 bastion 主机上的 httpd 服务,以免冲突,考试不需要做
Removed /etc/systemd/system/multi-user.target.wants/httpd.service.
开始:
[student@workstation ansible]$ vim roles.yml

---
- hosts: webservers
  gather_facts: false
  tasks:
    - name: test facts
      setup:

- hosts: balancers
  roles:
    - balancer
- hosts: webservers
  roles:
    - phpinfo

[student@workstation ansible]$ ansible-playbook roles.yml

[student@workstation ansible]$ curl http://bastion.lab.example.com/		//验证
Welcome to serverc.lab.example.com on 172.25.250.12

[student@workstation ansible]$ curl http://bastion.lab.example.com/		//验证
Welcome to serverd.lab.example.com on 172.25.250.13

[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php	//验证
Hello PHP World form serverc.lab.example.com

[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php	//验证
Hello PHP World form serverd.lab.example.com

九、 创建和使用逻辑卷

将创建一个名为/home/student/ansible/lv.yml 的 playbook,它将在所有受管节点上运行以执行下
列任务
1.创建符合以下要求的逻辑卷:
逻辑卷创建在 research 卷组中
逻辑卷名称为 data
逻辑卷大小为 1500MiB
2.使用 ext4 文件系统格式化逻辑卷
3.如果无法创建请求的逻辑卷大小,应显示错误消息
Could not create logical volume of that size,并且应改为使用大小 800MiB。
4.如果卷组 research 不存在 ,应显示错误消息
Volume group does not exist。
5.不要以任何方式挂载逻辑卷。

准备工作:
[student@workstation ansible]$ vim lvm_pre.yml

---
- hosts: dev,test
  tasks:
    - name: crteam 2G
      parted:
        device: /dev/vdb
        number: 1
        flags: [ lvm ]
        state: present
        part_start: 1MiB
        part_end: 2GiB
    - name: create vg
      lvg:
       vg: research
       pvs: /dev/vdb1

- hosts: prod
  tasks:
    - name: crteam 1G
      parted:
        device: /dev/vdb
        number: 1
        flags: [ lvm ]
        state: present
        part_start: 1MiB
        part_end: 1GiB
    - name: create vg
      lvg:
       vg: research
       pvs: /dev/vdb1

[student@workstation ansible]$ ansible-playbook lvm_pre.yml

[student@workstation ansible]$ for i in server{a..d};do ssh root@$i 'vgs';done	//验证
 
 VG #PV #LV #SN Attr VSize VFree
 research 1 0 0 wz--n- <2.00g <2.00g
 VG #PV #LV #SN Attr VSize VFree
 research 1 0 0 wz--n- <2.00g <2.00g
 VG #PV #LV #SN Attr VSize VFree 
 research 1 0 0 wz--n- 1020.00m 1020.00m
 VG #PV #LV #SN Attr VSize VFree 
 research 1 0 0 wz--n- 1020.00m 1020.00m
开始:
[student@workstation ansible]$ vim lv.yml

---
- hosts: all
  tasks:
    - name: create logical volume
      block:
        - name: create lvm 1500m
          lvol:
            vg: research
            lv: data
            size: 1500m
      rescue:
        - debug:
            msg: Could not create logical volume of that size
        - name: create lvm 800m
          lvol:
            vg: research
            lv: data
            size: 800m
      always:
        - name: format lvm
          filesystem:
            fstype: ext4
            dev: /dev/research/data
          when: "'research' in ansible_facts['lvm']['vgs']"
        - name: serche not
          debug:
            msg: Volume group does not exist
          when: "'research' not in ansible_facts['lvm']['vgs']"

[student@workstation ansible]$ ansible-playbook lv.yml

[student@workstation ansible]$ for i in server{a..d}; do ssh root@$i 'lvs'; done	//验证

 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 data research -wi-a----- 1.46g 
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 data research -wi-a----- 1.46g 
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 data research -wi-a----- 800.00m 
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 data research -wi-a----- 800.00m

十、创建分区

说明:由于只有一块可用磁盘,与上一道题冲突,需要重置磁盘后再做
创建一个名为/home/student/ansible/parted.yml 的 playbook,它将在 dev 主机组上运行下列任务
1.如果磁盘/dev/vdd 存在,则创建 1500m 分区
2.如果无法创建请求的分区大小,应显示错误消息
Could not create partition of that size,并且应改为使用大小 800m。
3.如果磁盘/dev/vdd 不存在 ,应显示错误消息
disk /dev/vdd does not exist。
4.如果磁盘/dev/vdb 存在,则创建 1500m 分区
5.如果无法创建请求的分区大小,应显示错误消息
Could not create partition of that size,并且应改为使用大小 800m。
6.最后分区都要格式化为 ext4 文件系统,并挂载在/mnt/fs01 上

准备工作:

//先将 dev 环境主机 servera 的/dev/vdb 硬盘分区删除,即题目所说重置磁盘。

[student@workstation ansible]$ ssh root@servera
[root@servera ~]# lvremove /dev/research/data
[root@servera ~]# vgremove research
[root@servera ~]# pvremove /dev/vdb1
[root@servera ~]# pvs
[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
└─vda1 252:1 0 10G 0 part /
vdb 252:16 0 5G 0 disk
└─vdb1 252:17 0 2G 0 part
 └─research-data 253:0 0 1.5G 0 lvm 
 
[root@servera ~]# fdisk /dev/vdb
输入: d
输入: w

The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

如果以上命令执行后提示需要重启则先执行 reboot 命令,然后再次进行删除分区动作,待 servera 主机重启完成
后执行以下命令

[root@servera ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 10G 0 disk
└─vda1 252:1 0 10G 0 part /
vdb 252:16 0 5G 0 disk

[root@servera ~]# exit
开始:
[student@workstation ansible]$ vim parted.yml

---
- hosts: dev
  tasks:
    - name: create partition
      block:
        - name: create 1500m vdd
          parted:
            device: /dev/vdd
            number: 1
            state: present
            part_end: 1501MiB
      rescue:
        - debug:
            msg: Could not create partition of that size
        - name: create 800m vdd
          parted:
            device: /dev/vdd
            number: 1
            state: present
            part_end: 801MiB
      always:
        - name: format partition
          filesystem:
            fstype: ext4
            dev: /dev/vdd1
        - name: mount device
          mount:
            path: /mnt/fs01
            src: /dev/vdd1
            fstype: ext4
            opts: defaults
            state: mounted
      when: "'vdd' in ansible_facts['devices']"

    - debug:
        msg: disk /dev/vdd does not exist
      when: "'vdd' not in ansible_facts['devices']"

    - name: create partition
      block:
        - name: create 1500m vdb
          parted:
            device: /dev/vdb
            number: 1
            state: present
            part_end: 1501MiB
      rescue:
        - debug:
            msg: Could not create partition of that size
        - name: create 800m vdb
          parted:
            device: /dev/vdb
            number: 1
            state: present
            part_end: 801MiB
      always: 
        - name: format partition
          filesystem:
            fstype: ext4
            dev: /dev/vdb1
        - name: mount device
          mount:
            path: /mnt/fs01
            src: /dev/vdb1
            fstype: ext4
            opts: defaults
            state: mounted
      when:
        - "'vdb' in ansible_facts['devices']"
        - "'vdd' not in ansible_facts['devices']"

    - debug:
        msg: disk /dev/vdb does not exist
      when: "'vdb' not in ansible_facts['devices']"

[student@workstation ansible]$ ansible-playbook parted.yml

十一、生成主机文件

将⼀个初始模板文件从 http://172.25.254.254/content/hosts.j2 下载到/home/student/ansible
1.完成该模板,以便用它生成以下文件:针对每个清单主机包含⼀⾏内容,其格式与 /etc/hosts
相同。
2.创建名为 /home/student/ansible/hosts.yml 的 playbook,它将使用此模板在 dev 主机组中的
主机上生成文件 /etc/myhosts。
3.该 playbook 运行后,dev 主机组中主机上的文件/etc/myhosts 应针对每个受管主机包含一行内
容。

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.10 servera.lab.example.com servera
172.25.254.11 serverb.lab.example.com serverb
172.25.254.12 serverc.lab.example.com serverc
172.25.254.13 serverd.lab.example.com serverd
172.25.250.254 bastion.lab.example.com bastion

注意:清单主机名称的显示顺序不重要。

准备工作:
[student@workstation ~]$ exit
[root@foundation0 ~]# cd /content/
[root@foundation0 content]# vim hosts.j2

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{{ hostvars[host].ansible_enp1s0.ipv4.address }} {{ hostvars[host].ansible_fqdn }}
{{ hostvars[host].ansible_hostname }}
{% endfor %}

[root@foundation0 ~]# ssh workstation
[student@workstation ~]$ cd ansible/
开始:
[student@workstation ansible]$ wget http://172.25.254.254/content/hosts.j2

[student@workstation ansible]$ vim hosts.yml

---
- hosts: all

- hosts: dev
  tasks:
    - name: copy hosts.j2 to dev
      template:
        src: hosts.j2
        dest: /etc/myhosts

[student@workstation ansible]$ ansible-playbook hosts.yml

[student@workstation ansible]$ ssh root@servera 'cat /etc/myhosts'		//验证

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.10 servera.lab.example.com servera
172.25.250.11 serverb.lab.example.com serverb
172.25.250.254 bastion.lab.example.com bastion
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd

//注意:清单主机名称的显示顺序不重要。

十二、修改文件内容

按照下方所述,创建一个名为 /home/student/ansible/issue.yml 的 playbook:
1.该 playbook 将在所有清单主机上运行
2.该 playbook 会将 /etc/issue 的内容替换为下方所示的一行文本:
在 dev 主机组中的主机上,这行文本显示为:Development
在 test 主机组中的主机上,这行文本显示为:Test
在 prod 主机组中的主机上,这行文本显示为:Production

开始:
[student@workstation ansible]$ vim issue.yml

---
- hosts: all
  tasks:
    - name: write something to /etc/issue
      copy:
        content: |
          {% if 'dev' in group_names %}
          Development
          {% elif 'test' in group_names %}
          Test
          {% elif 'prod' in group_names %}
          Production
          {% endif %}
        dest: /etc/issue

[student@workstation ansible]$ ansible-playbook issue.yml
[student@workstation ansible]$ for i in server{a..d} bastion ; do ssh root@$i "cat
/etc/issue" ; done			//验证

Development
Test
Production
Production

十三、创建 web 内容目录

按照下方所述,创建一个名为 /home/student/ansible/webcontent.yml 的 playbook:
1.该 playbook 在 dev 主机组中的受管节点上运行
2.创建符合下列要求的目录 /webdev:
拥有组为 devops 组
具有常规权限:owner=read+write+execute,group=read+write+execute,other=read+execute
具有特殊权限: set group ID
3.用符号链接将 /var/www/html/webdev 链接到 /webdev
4.创建文件 /webdev/index.html,其中包含如下所示的单行文本:Development
5.在 dev 主机组中主机上浏览此目录(例如 http://servera.lab.example.com/webdev/ )将生成
以 下输出:
Development

开始:
[student@workstation ansible]$ vim webcontent.yml

---
- hosts: dev
  tasks:
    - name: install httpd
      yum:
        name: httpd
        state: present
    - name: enabled httpd
      service:
        name: httpd
        enabled: yes
        state: started
    - name: enabled 80/tcp
      firewalld:
        service: http
        zone: public
        permanent: yes
        immediate: yes
        state: enabled
    - name: create /webdev
      file:
        path: /webdev
        state: directory
        owner: root
        group: devops
        mode: 2775
    - name: create file
      copy:
        content: "Devlopment\n"
        dest: /webdev/index.html
    - name: create soft link
      file:
        src: /webdev
        dest: /var/www/html/webdev
        state: link
    - name: modify sefcontext
      sefcontext:
        target: '/webdev(/.*)?'
        setype: httpd_sys_content_t
        state: present

    - name: Apply new SELinux file context to filesystem
      command: restorecon -irv /webdev

[student@workstation ansible]$ ansible-playbook webcontent.yml
[student@workstation ansible]$ curl http://servera.lab.example.com/webdev/		//验证

Devlopment

十四、生成硬件报告

创建一个名为 /home/student/ansible/hwreport.yml 的 playbook,它将在所有受管节点上生成含
有以 下信息的输出文件 /root/hwreport.txt:
清单主机名称
以 MB 表示的总内存大小
BIOS 版本
磁盘设备 vda 的大小
磁盘设备 vdb 的大小
输出文件中的每一行含有一个 key=value 对。
您的 playbook 应当:
1.从 http://172.25.254.254/content/hwreport.empty 下载文件,并将它保存为
/root/hwreport.txt
2.使用正确的值修改 /root/hwreport.txt
3.如果硬件项不存在,相关的值应设为 NONE

准备工作:
[student@workstation ansible]$ exit
[root@foundation0 ~]# cd /content/
[root@foundation0 content]# vim hwreport.empty

hostname = inventoryhostname
memory = memory_in_MB
bios_version = BIOS_version
vda_size = disk_vda_size
vdb_size = disk_vdb_size
开始:
[root@foundation0 ~]# ssh workstation
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ vim hwreport.yml

---
- hosts: all
  tasks:
    - name: create report file
      get_url:
        url: http://content.example.com/hwreport.empty
        dest: /root/hwreport.txt
    - name: get inventory
      replace:
        path: /root/hwreport.txt
        regexp: 'inventoryhostname'
        replace: '{{ inventory_hostname }}'
    - name: get memory
      replace:
        path: /root/hwreport.txt
        regexp: 'memory_in_MB'
        replace: '{{ ansible_facts["memtotal_mb"] | string }}'
    - name: get bios
      replace:
        path: /root/hwreport.txt
        regexp: 'BIOS_version'
        replace: '{{ ansible_facts["bios_version"] }}'

    - name: get vda
      replace:
        path: /root/hwreport.txt
        regexp: 'disk_vda_size'
        replace: '{{ ansible_facts["devices"]["vda"]["size"] | default("NONE") }}'
    - name: get vdb
      replace:
        path: /root/hwreport.txt
        regexp: 'disk_vdb_size'
        replace: '{{ ansible_facts["devices"]["vdb"]["size"] | default("NONE") }}'

[student@workstation ansible]$ ansible-playbook hwreport.yml

[student@workstation ansible]$ for i in server{a..d} bastion;do ssh root@$i 'cat
/root/hwreport.txt';done		//验证

hostname = servera
memory = 821
bios_version = 1.11.1-4.module+el8.1.0+4066+0f1aadab
vda_size = 10.00 GB
vdb_size = 5.00 GB
hostname = serverb
memory = 821
bios_version = 1.11.1-4.module+el8.1.0+4066+0f1aadab
vda_size = 10.00 GB
vdb_size = 5.00 GB
hostname = serverc
memory = 821
bios_version = 1.11.1-4.module+el8.1.0+4066+0f1aadab
vda_size = 10.00 GB
vdb_size = 5.00 GB
hostname = serverd
memory = 821
bios_version = 1.11.1-4.module+el8.1.0+4066+0f1aadab
vda_size = 10.00 GB
vdb_size = 5.00 GB
hostname = bastion
memory = 821
bios_version = 1.11.1-4.module+el8.1.0+4066+0f1aadab
vda_size = 10.00 GB
vdb_size = NONE

十五、创建密码库

按照下方所述,创建一个 Ansible 库来存储用户密码:
1.库名称为 /home/student/ansible/locker.yml
2.库中含有两个变量,名称如下:
pw_developer,值为 Imadev
pw_manager,值为 Imamgr
3.用于加密和解密该库的密码为 whenyouwishuponastar
4.密码存储在文件 /home/student/ansible/secret.txt 中

开始:
[student@workstation ansible]$ vim locker.yml

pw_developer: Imadev
pw_manager: Imamgr

[student@workstation ansible]$ echo whenyouwishuponastar > secret.txt
[student@workstation ansible]$ ansible-vault --vault-password-file=secret.txt encrypt
locker.yml

[student@workstation ansible]$ ansible-vault view locker.yml
Vault password: # 输入密码
pw_developer: Imadev
pw_manager: Imamgr

十六、创建用户帐户

1.从 http://172.25.254.254/content/user_list.yml 下载要创建的用户的列表,并将它保存到
/home/student/ansible,用户密码来自于/home/student/ansible/locker.yml 文件。
2.创建名为/home/student/ansible/users.yml 的 playbook,从而按以下所述创建用户帐户:
职位描述为 developer 的用户应当:
在 dev 和 test 主机组中的受管节点上创建
从 pw_developer 变量分配密码
是附加组 student 的成员
职位描述为 manager 的用户应当:
在 prod 主机组中的受管节点上创建
从 pw_manager 变量分配密码
是附加组 opsmgr 的成员
3.密码应采用 SHA512 哈希格式。
4.您的 playbook 应能够在本次考试中使用在其他位置创建的库密码文件
/home/student/ansible/secret.txt 正常运行。

准备工作:
[student@workstation ansible]$ exit
[root@foundation0 ~]# cd /content/
[root@foundation0 content]# vim user_list.yml

users:
 - name: bob
 job: developer
 - name: sally
 job: manager
 - name: fred 
job: developer

[root@foundation0 content]# ssh workstation
[student@workstation ~]$ cd ansible/
开始:
[student@workstation ansible]$ wget http://172.25.254.254/content/user_list.yml
[student@workstation ansible]$ vim users.yml

---
- hosts: dev,test
  vars_files:
    - locker.yml
    - user_list.yml
  tasks:
    - name: student group
      group:
        name: student
        state: present
    - name: create user in developer
      user:
        name: "{{ item.name }}"
        groups: student
        password: "{{ pw_developer | password_hash('sha512') }}"
      loop: "{{ users }}"
      when: item.job == "developer"
- hosts: prod
  vars_files:
    - locker.yml
    - user_list.yml
  tasks:
    - name: group
      group:
        name: opsmgr
        state: present
    - name: create user
      user:
        name: "{{ item.name }}"
        groups: opsmgr
        password: "{{ pw_manager | password_hash('sha512') }}"
      loop: "{{ users }}"
      when: item.job == "manager"

[student@workstation ansible]$ ansible-playbook --vault-password-file=secret.txt
users.yml

十七、更新 ansible 库的密钥

按照下方所述,更新现有 Ansible 库的密钥:
1.从 http://172.25.254.254/content/salaries.yml 下载 Ansible 库到 /home/student/ansible
2.当前的库密码为 insecure4sure
3.新的库密码为 bbe2de98389b
4.库使用新密码保持加密状态

准备工作:
[student@workstation ansible]$ ansible-vault create salaries.yml

New Vault password: # 输入密码 insecure4sure

Confirm New Vault password: # 输入密码 insecure4sure

this is a test file # 内容任意

[student@workstation ansible]$ exit
[root@foundation0 ~]# cd /content/
[root@foundation0 content]# scp workstation:/home/student/ansible/salaries.yml .
salaries.yml

[root@foundation0 content]# chmod 644 salaries.yml
[root@foundation0 content]# ssh workstation
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ rm -f salaries.yml
开始:
[student@workstation ansible]$ wget http://172.25.254.254/content/salaries.yml

[student@workstation ansible]$ ansible-vault rekey salaries.yml

Vault password: # 输入旧密码 insecure4sure

New Vault password: # 输入新密码 bbe2de98389b

Confirm New Vault password: # 输入新密码 bbe2de98389b
Rekey successful

十八、创建计划任务

为 natasha 创建一个计划任务,要求每隔 2 分钟执行一次 echo hello,playbook 文件名为
cron.yml,该 playbook 在 dev 主机组上运行。

开始:
[student@workstation ansible]$ vim cron.yml

---
- hosts: dev
  tasks:
    - name: create user
      user:
        name: natasha
        state: present
    - name: create cron
      cron:
        minute: "*/2"
        user: natasha
        job: "echo hello"		//复制题目给的任务即可
        
[student@workstation ansible]$ ansible-playbook cron.yml

[student@workstation ansible]$ ssh root@servera		//验证
[root@servera ~]# crontab -l -u natasha
#Ansible: exec tasks every 2 minute
*/2 * * * * echo hello

标签:workstation,name,RHCE,ansible,详解,student,root,yml,考试
From: https://www.cnblogs.com/soap-bubble/p/16895515.html

相关文章

  • 动态规划详解
    <spanstyle="font-family:Tahoma;background-color:rgb(255,255,255);">其实根本就谈不上详解,应该说只是随便谈谈,真正能详解动态规划的又有几个人,所以,这个标题......
  • 详解主成分分析PCA与奇异值分解SVD-高维数据可视化以及参数n_components【菜菜的sklea
    视频作者:菜菜TsaiTsai链接:【技术干货】菜菜的机器学习sklearn【全85集】Python进阶_哔哩哔哩_bilibili高维数据的可视化和n_componentsPCA(['n_components=None',......
  • 算法基础:离散化及模板详解
    ⭐写在前面的话:本系列文章旨在复习算法刷题中常用的基础算法与数据结构,配以详细的图例解释,总结相应的代码模板,同时结合例题以达到最佳的学习效果。本专栏面向算法零基础但有......
  • MYSQL详解 及 习题
    常用操作创建表CREATETABLE`xxl_job_group`(`id`int(11)NOTNULLAUTO_INCREMENT,`app_name`varchar(64)NOTNULLCOMMENT'执行器AppName',`title`varchar(1......
  • Pod详解之Pod调度(亲和性调度)
    亲和性调度两种定向调度的方式,使用起来非常方便,但是也有一定的问题,那就是如果没有满足条件的Node,那么Pod将不会被运行,即使在集群中还有可用Node列表也不行,这就限制了它的......
  • MYSQL performance schema详解
    0、performance_schema的介绍​ MySQL的performanceschema用于监控MySQLserver在一个较低级别的运行过程中的资源消耗、资源等待等情况。​ 特点如下:​ 1、提供了......
  • MongoDB配置文件详解
    一配置文件说明MongoDB有两种配置文件格式,分别是:3.2版官方yaml配置文件选项参考用=号的常规格式类似my.conf等常规配置的文件yaml语法的新格式mongodb3.x版本后就......
  • Python locust工具使用详解
    今年负责部门的人员培养工作,最近在部门内部分享和讲解了locust这个工具,今天再博客园记录下培训细节。相信你看完博客,一定可以上手locust这个性能测试框架了。一、简介1......
  • 计算机等级考试二级C语言程序设计专项训练题——程序修改题(二)
    11、给定程序MODI1.C中规定输入的字符串全部为字母,fun函数的功能是:统计a所指字符串中每个字母在字符串中出现的次数(统计时不区分大小写),并将出现次数最高的字母输出(如果有多......
  • 计算机等级考试二级C语言程序设计专项训练题——程序修改题(一)
    1、下列给定程序中函数proc的功能是:取出长整型变量s中偶数位上的数,依次构成一个新数放在t中。例如,当s中的数为123456789时,t中的数为2468。请修改程序中的错误,使它能得出正......