ansible练习九

1、使用RHEL系统角色 安装 RHEL 系统角色软件包，并创建符合以下条件的playbook /home/student/ansible/timesync.yml：

在所有受管节点上运行 使用 timesync 角色

配置该角色，以使用当前有效的 NTP 提供商

配置该角色，以使用时间服务器 classroom.example.com

配置该角色，以启用 iburst 参数

[greg@control ansible]$ sudo yum install rhel-system-roles -y
[greg@control roles]cp /usr/share/ansible/roles/linux-system-roles.timesync/ . -
rp
[greg@control roles]$ mv linux-system-roles.timesync/ timesync
[greg@control ansible]$ vim timesync.yml
- hosts: all
  vars:
    timesync_ntp_servers:
	- hostname: 172.25.254.254
	  iburst: yes
  roles:
	- timesync
[greg@control ansible]$ ansible-playbook --syntax-check timesync.yml
playbook: timesync.yml
[greg@control ansible]$ ansible-playbook timesync.yml
[greg@control ansible]$ chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 9 377 298 +39us[ +74us] +/- 500us
[greg@control ansible]$ ansible all -m shell -a "chronyc sources "
node5 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 37 19 +899ns[+5297us] +/- 357us
node3 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 37 18 -7263ns[-1383us] +/- 530us
node2 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 37 19 +342ns[ +657us] +/- 272us
node4 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 37 20 +1216ns[+3235us] +/- 563us
node1 | CHANGED | rc=0 >>
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 37 18 -3522ns[ -82us] +/- 665us

2、使用selinux角色 配置该角色，编写selinux.yml的playbook开启所有受控节点的selinux

[greg@control roles]$ cp /usr/share/ansible/roles/linux-system-roles.selinux/ .
-rp
[greg@control roles]$ mv linux-system-roles.selinux/ selinux
[greg@control ansible]$ vim selinux.yml
set selinux
	hosts: all
	  vars:
	  selinux_policy: targeted
	  selinux_state: enforcing
	  roles:
		- role: selinux
		  become: ture
[greg@control ansible]$ ansible-playbook selinux.yml

3、使用Ansible Galaxy安装角色 使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml，从以下 URL 下载 角色并安装到 /home/student/ansible/roles： http://content.example.com/haproxy.tar.gz 此角色的名称应当为 balancer http://content.example.com/phpinfo.tar.gz 此角色的名称应当为 phpinfo

[greg@control ansible]$ cd roles/
[greg@control roles]$ touch requirements.yml
[greg@control roles]$ vim requirements.yml
---
- src: http://materials/haproxy.tar
name: balancer
- src: http://materials/phpinfo.tar
name: phpinfo
[greg@control roles]$ ansible-galaxy install -r requirements.yml -p .
- downloading role from http://materials/haproxy.tar
- extracting balancer to /home/greg/ansible/roles/balancer
- balancer was installed successfully
- downloading role from http://materials/phpinfo.tar
- extracting phpinfo to /home/greg/ansible/roles/phpinfo
- phpinfo was installed successfully
[greg@control roles]$ ls
balancer phpinfo requirements.yml selinux timesync

4、创建和使用角色 根据下列要求，在/home/student/ansible/roles中创建名为apache的角色：

httpd软件包已安装，设为在系统启动时启用并启动

防火墙已启用并正在运行，并使用允许访问Web服务器的规则

模板文件 index.html.j2 已存在，用于创建具有以下输出的文件/var/www/html/index.html：

​ Welcome to HOSTNAME on IPADDRESS 其中，HOSTNAME是受管节点的完全限定域名，IPADDRESS则是受管节点的IP地址。

按照下方所述，创建一个使用此角色的playbook /home/student/ansible/newrole.yml：

该playbook在webservers主机组中的主机上运行

[greg@control roles]$ ansible-galaxy init apache
- apache was created successfully
[greg@control roles]$ ls
apache balancer phpinfo requirements.yml selinux timesync
[greg@control roles]$ cd ..
[greg@control ansible]$ touch apache.yml
[greg@control ansible]$ vim roles/apache/templates/index.html.j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
[greg@control ansible]$ vim roles/apache/tasks/main.yml
---
# tasks file for apache
- name: install httpd
  yum:
   name: httpd
   state: present
- name: enable and start httpd
  service:
  name: httpd
	state: started
	enabled: yes
- name: create index.html
  template:
	src: index.html.j2
	dest: /var/www/html/index.html
	owner: apache
	group: apache
	setype: httpd_sys_content_t
- name: enable and start firewalld
  service:
	name: firewalld
	state: started
	enabled: yes
- name: firewalld and httpd
  firewalld:
	service: http
	permanent: yes
	state: enabled
	immediate: yes
[greg@control ansible]$ vim apache.yml
---
- name: apache
hosts: webservers
roles:
- apache
[greg@control ansible]$ ansible-playbook --syntax-check apache.yml
playbook: apache.yml
[greg@control ansible]$ ansible-playbook apache.yml
[greg@control ansible]$ curl -l http://node3
welcom to node3.example.com on 172.25.250.11
[greg@control ansible]$ curl -l http://node4
welcom to node3.example.com on 172.25.250.12

5、从Ansible Galaxy使用角色 根据下列要求，创建一个名为 /home/student/ansible/roles.yml的playbook：

playbook中包含一个play，该play在balancers主机组中的主机上运行并将使用balancer角色。

此角色配置一项服务，以在webservers主机组中的主机之间平衡Web服务器请求的负载。

浏览到balancers主机组中的主机（例如http://bastion.lab.example.com/ ）将生成以下输出： Welcome to serverc.example.com on 172.25.1.12

重新加载浏览器将从另一Web服务器生成输出：

​ Welcome to serverd.example.com on 172.25.1.13 playbook 中包含一个 play，该 play 在 webservers主机组中的主机上运行并将使用 phpinfo 角色。

通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出：

​ Hello PHP World from FQDN 其中，FQDN是主机的完全限定名称。

例如，浏览到 http://serverc.lab.example.com/hello.php 会生成以下输出：

​ Hello PHP World from serverc.lab.example.com 另外还有 PHP 配置的各种详细信息，如安装的PHP 版本等。

同样，浏览到 http://serverd.lab.example.com/hello.php 会生成以下输出：

​ Hello PHP World from serverd.lab.example.com 另外还有 PHP 配置的各种详细信息，如安装的PHP 版本等。

[greg@control ansible]$ vimt roles.yml
---
- name: one
  hosts: webservers
  roles:
	- apache
- name: two
  hosts: balancers
  roles:
	- balancer
- name: three
  hosts: webservers
  roles:
	- phpinfo
eg@control ansible]$ ansible-playbook roles.yml