RHCE作业练习
1、生成主机文件
将一个初始模板文件从http://content.example.com/hosts.j2下载到/home/student/ansible
完成该模板,以便用它生成以下文件:针对每个清单主机包含一行内容,其格式与 /etc/hosts 相同
创建名为 /home/student/ansible/hosts.yml 的playbook,它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts。
该 playbook 运行后,dev 主机组中主机上的文件/etc/myhosts 应针对每个受管主机包含一行内容:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.24.1.6 servera.lab1.example.com servera
172.24.1.7 serverb.lab1.example.com serverb
172.24.1.8 serverc.lab1.example.com serverc
172.24.1.9 serverd.lab1.example.com serverd
172.24.1.10 bastion.lab1.example.com bastion
[student@ansible ansible]$ cat hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{{ hostvars[host].ansible_enp1s0.ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }}
{% endfor %}
[student@ansible ansible]$ cat hosts.yml
---
- name: get all facts
hosts: node1
- name: cp to myhosts
hosts: dev
tasks:
- name: cp file
template:
src: /home/student/ansible/hosts.j2
dest: /etc/myhosts
2、创建密码库
按照下方所述,创建一个 Ansible 库来存储用户密码:
库名称为 /home/student/ansible/locker.yml
库中含有两个变量,名称如下:
pw_developer,值为 Imadev
pw_manager,值为 Imamgr
用于加密和解密该库的密码为whenyouwishuponastar
密码存储在文件 /home/student/ansible/secret.txt中
[student@workstation ansible]$ vim locker.yml
---
pw_developer: lmadev
pw_manager: lmamgr
[student@workstation ansible]$ echo whenyouwishuponastar > secret.txt
[student@workstation ansible]$ chmod 600 secret.txt
[student@workstation ansible]$ ansible-vault encrypt locker.yml --vault-id=/home/student/ansible/secret.txt
Encryption successful
3、创建用户账户
从 http://content.example.com/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/student/ansible
在本次考试中使用在其他位置创建的密码库 /home/student/ansible/locker.yml,创建名为/home/student/ansible/users.yml 的playbook,从而按以下所述创建用户帐户:
职位描述为 developer 的用户应当:
在 dev 和 test 主机组中的受管节点上创建
从 pw_developer 变量分配密码,密码有效期为30天
是附加组 student 的成员
职位描述为 manager 的用户应当:
在 prod 主机组中的受管节点上创建
从 pw_manager 变量分配密码,密码有效期为30天
是附加组 opsmgr 的成员
密码应采用 SHA512 哈希格式。
您的 playbook 应能够在本次考试中使用在其他位置创建的库密码文件/home/student/ansible/secret.txt 正常运行
[student@ansible ansible]$ cat user_list.yml
users:
- name: bob
job: developer
- name: sally
job: manager
- name: fred
job: developer
[student@ansible ansible]$ cat users.yml
---
- name: create developer user
hosts: dev,test
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group student
group:
name: student
state: present
- name: create user in developer
user:
name: "{{ item.name }}"
groups: student
password: "{{ pw_developer | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job = = "developer"
- name: chage
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job = = "developer"
- name: create manager user
hosts: prod
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group opsmgr
group:
name: opsmgr
state: present
- name: create user in manager
user:
name: "{{ item.name }}"
groups: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job = = "manager"
- name: chage1
shell:
cmd: chage -M 30 "{{ item.name }}"
loop: "{{ users }}"
when: item.job = = "manager"
