RHCE_294练习
目录
RHCE_294练习
1. 安装和配置 ansible
serverf
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
servere
[webservers:children]
prod
[defaults]
inventory = /home/greg/ansible/inventory
remote_user = greg
ask_pass = false
roles_path = /home/greg/ansible/roles
host_key_checking = false
vault_password_file = /home/greg/ansible/secret.txt
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
2. 创建和运行 Ansible 临时命令
#! /bin/bash
ansible all -m yum_repository -a \
'name=EX294_BASE description="RH294 base software" \
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS \
gpgcheck=yes gpgkey=http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release \
enabled=yes'
ansible all -m yum_repository -a \
'name=EX294_STREAM description="RH294 stream software" \
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream \
gpgcheck=yes gpgkey=http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release \
enabled=yes'
chmod a+x adhoc.sh
./adhoc.sh
3. 安装软件包
---
- hosts: dev,test,prod
tasks:
- name: install php & mariadb
yum:
name:
- php
- mariadb
state: latest
- name: install RPM Development Tools to dev
yum:
name: "@RPM Development Tools"
state: latest
when: ansible_hostname in groups['dev']
- name: updata all package
yum:
name: '*'
state: latest
when: ansible_hostname in groups['dev']
4. 使用 RHEL system roles
sudo yum install -y rhel-system-roles
cp -av /usr/share/ansible/roles/rhel-system-roles.timesync /home/student/ansible/roles
ansible-galaxy list
---
- name: time sync
hosts: all
tasks:
vars:
timesync_ntp_servers:
- hostname: ntp.ntsc.ac.cn
ibrurst: yes
timesync_ntp_provider: chrony
roles:
- rhel-system-roles.timesync
ssh serverf
timedatectl
cat /etc/chrony.conf
5. 使用 Ansible Galaxy 安装角色
6. 创建和使用角色
cd /home/greg/ansible/roles
ansible-galaxy init apache
vim apache/tasks/main.yml
---
- name: ensure httpd install
yum:
name: httpd
state: latest
- name: ensure firewalld enabled & started
service:
naem: firewalld
enabled: yes
state: started
- name: open firewall port
firewalld:
service: http
premanent: yes
state: present
immidiate: yes
- name: copy template to webservers
template:
src: index.html.j2
dest: /var/www/html/index.html
owner: root
group: root
7. 从 Ansible Galaxy 使用角色
cd /home/greg/ansible
vim roles.yml
---
- name: use phpinfo roles
hosts: webservers
roles:
- phpinfo
- name: use haproxy roles
hosts: balancers
roles:
- balancer
tasks:
- name: open firewalld port
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
vim /roles/phpinfo/templates/hello.php.j2
<!DOCTYPE html>
<html>
<body>
<h1>
PHP World form {{ ansible_fqdn }}
</h1>
<?php
phpinfo();
?>
</body>
</html>
vim roles/balancer/tasks/main
- name: open haproxy server
lineinfile:
path: /etc/haproxy/haproxy.cfg
state: present
line: "{{ item }}"
with_items:
- 'server node3.lab.example.com 172.25.250.12:80 check'
- 'server node4.lab.example.com 172.25.250.13:80 check'
8. 创建并使用磁盘分区和逻辑卷
cd ~/ansible
vim lv.yml
---
- hosts: all
tasks:
- name: show lvm message
debug:
msg: 'Volume group done not exist'
when: "'research' not in ansible_lvm.vgs"
- name: create lvm data
block:
- name: create lvm 1500M
lvol:
vg: research
lv: data
size: 1500
state: present
when: "'research' in ansible_lvm.vgs"
rescue:
- name: show error message
debug:
msg: "Could not create logical volume of that size"
- name: create lvm 800M
lvol: # 使用此模块进行逻辑卷划分
vg: research
lv: data
size: 800
state: present
when: "'research' in ansible_lvm.vgs"
always:
- name: change filesystem
filesystem:
fstype: ext4
dev: /dev/research/data
ansible all -m setup -a 'filter=*lvm*'
9. 生成主机文件
cd ~/ansible
vim hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
cd ~/ansible
vim hosts.yml
---
- hosts: all
tasks:
- name: copy template
template:
src: hosts.j2
dest: /etc/myhosts
when: inventory_hostname in groups['dev']
ansible dev -m shell -a 'cat /etc/myhosts'
10. 修改文件内容
cd ~/ansible
vim issue.yml
---
- hosts: all
name: copy line file
tasks:
- name: copy Dev
copy:
content: "Development"
dest: /etc/issue
when: "inventory_hostname in groups['dev']"
- name: copy Test
copy:
content: "Test"
dest: /etc/issue
when: "inventory_hostname in groups['test']"
- name: copy Pro
copy:
content: "Production"
dest: /etc/issue
when: "inventory_hostname in groups['prod']"
ansible all -m shell -a 'cat /etc/issue'
11. 创建 Web 内容目录
cd ~/ansible
vim webcontent.yml
---
- hosts: dev
tasks:
- name: ensure httpd install
yum:
name: httpd
state: latest
- name: ensure httpd & firewall enabled
service:
name: "{{item}}"
state: started
enabled: yes
with_items:
- httpd
- firewalld
- name: open firewall service
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
- name: ensure webdev group exist
user:
name: webdev
state: present
- name: create directory
file:
path: /webdev
group: webdev
state: directory
setype: httpd_sys_content_t
mode: '2775'
- name: create link /var/www/html/webdev
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: copy file
copy:
content: "Development"
dest: /webdev/index.html
group: webdev
mode: 0644
setype: httpd_sys_content_t
- name: modify http.conf file
replace:
path: /etc/httpd/conf/httpd.conf
regexp: 'Options Indexes FollowSymLinks'
replace: 'Options FollowSymLinks'
notify: restart httpd service
handlers:
- name: restart httpd service
service:
name: httpd
state: restarted
curl node1/webdev/
12. 创建密码库
cd ~/ansible
echo whenyouwishuponastar >> /home/greg/ansible/secret.txt
vim locker.yml
---
- pw_developer: Imadev
- pw_manager: Imamgr
ansible-vault --vault-id /home/greg/ansible/secret.txt locker.yml
cat locker.yml
ansible-vault view local.yml
直接在 ansible.cfg 中设置密码文件路径
vault_password_file=/home/greg/ansible/secret.txt
13. 创建用户账户
cd ~/ansible
vim user_list.yml
users:
- name: bob
job: developer
- name: sally
job: manager
- name: fred
job: developer
vim users.yml
---
- name:
hosts: dev,test
vars_files:
- locker.yml
- user_list.yml
tasks:
- name: ensure devops exist
group:
name: devops
state: present
- name: verify user_developer exist
user:
name: "{{ item.name }}"
password: "{{ pw_developer | password_hash('sha512')}}"
groups: devops
loop: "{{ users }}"
when: item.job == 'developer'
- name:
hosts: prod
vars_files:
- locker.yml
- user_list.yml
tasks:
- name: ensure opsmgr exist
group:
name: opsmgr
state: present
- name: verify user_manager exist
user:
name: "{{ item.name }}"
password: "{{ pw_manager | password_hash('sha512')}}"
groups: opsmgr
loop: "{{ users }}"
when: item.job == 'manager'
与上一题相结合,使用
