纪念一下突击通过的红帽考试。
T1-安装与配置ansible
# vim .vimrc
# autocmd filetype yaml setlocal ai sw=2 ts=2 et cuc
#ls /home/catherine -a,参考.ansible-navigator.yml
---
ansible-navigator:
execution-environment:
image: localhost:5000/ee-supported-rhel8
#image: registry.redhat.io/ee-supported-rhel8
pull:
policy: missing
playbook-artifact:
enable: false[dev]
node1
[test]
node2
[prod]
node3
node4
[balancers]
node5
[webservers:children]
prod# ansible-config init > exmaple.cfg 生产参考
[defaults]
inventory = /home/catherine/ansible/inventory
remote_user = catherine
collections_path = /home/catherine/ansible/mycollections
roles_path = /home/catherine/ansible/roles
[privilege_escalation]
become = True
become_user = root
become_method = sudo
become_ask_pass = falseT2-创建yum存储库
---
- name: create yum store
hosts: all
tasks:
- name: sotore1
ansible.builtin.yum_repository:
name: EX294_BASE
description: 'EX294 base software'
baseurl: T3-安装集合
---
collections:
- name: https.xx.com/a
- name: https.xx.com/b
- name: https.xx.com/c
# 安装命令
# ansible-galaxy collection install -r mycollections/a.yml -p mycollections/T4-安装软件与软件包
# vim /home/catherine/ansible/packages.yml
---
- name: t4-1 install php and mar
hosts: dev,test,prod
tasks:
- name: install php and mar
ansible.builtin.yum:
name:
- php*
- mariadb*
state: present
- name: T4-2 install dev_group
hosts: dev
tasks:
- name: install dev_group
ansible.builtin.yum:
name: "@RPM Development Tools"
state: present
- name: T4-3 update all
hosts: all
tasks:
- name: update all
ansible.builtin.yum:
name: "*"
state: latest
T5a-使用系统角色-时间同步
# 安装系统角色
sudo dnf install -y rhel-system-roles
# 查看路径
rpm -ql rhel-system-roles | grep timesync
# 复制角色目录
cp -a /usr/share/ansible/roles/rhel-system-roles.timesync roles/timesync
# 复制角色剧本文件
cp -a /usr/share/doc/rhel-system-roles/timesync/example-multiple-ntp-servers-playbook.yml timesync.yml
# 编辑角色剧本文件
vim timesync.yml
# vim timesync.yml
- hosts: "all"
vars:
timesync_ntp_servers:
- hostname: 172.24.1.254
iburst: yes
roles:
- timesync
# 执行 ansible-navigator run timesync.yml -m stdout
# 验证 ansible all -m shell -a "chronyc sources"T6-安装角色
# vim roles/requirements.yml
---
- src: http://master.content1.example.com/materials/haproxy.tar
name: balancer
- src: http://master.content1.example.com/materials/phpinfo.tar
name: phoinfo
# 安装角色命令
ansible-galaxy role install -r roles/requirements.yml -p roles/T7-安装和使用角色
ansible-galaxy init roles/apache# vim roles/apache/roles/apache/tasks/main.yml
# ansbile-doc yum 查看案例
---
- name: install httpd
ansible.builtin.yum:
name: httpd
state: present
# ansbile-doc service 查看案例
- name: start and onboot httpd
ansible.builtin.service:
name: httpd
state: started
enabled: yes
# ansbile-doc firewalld 查看案例
- name: start and onboot firewalld
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: config firewalld
ansible.posix.firewalld:
service:http
permanent: yes
immediate: yes
state: enabled
# ansbile-doc template 查看案例
- name: copy j2
ansible.builtin.template:
src: index.html.j2
dest: /var/www/html/index.html
# 其实在一行
# ansible_fqdn 与 ansible_default_ipv4
# ansible all -m setup > setup.txt 查询
# vim roles/apache/templates/index.html.j2
Welcome to {{ ansible_fqdn }} on
{{ ansible_default_ipv4.address }}# vim /home/catherine/ansible/newrole.yml
---
- name: use apache role
hosts: webservers
roles:
- apacheT8-从 Ansible Galaxy 使用角色
# 该题前置条件,需正确完成T6-使用Ansible-Galaxy安装角色
vim /home/catherine/ansible/roles.yml
---
- name: t8 use roles1
hosts: webservers
roles:
- phpinfo
- name: t8 use roles2
hosts: balancers
roles:
- balancer
tasks:
- name: start and enabled firewall
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: permit http
ansible.posix.firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
T9a-创建和使用逻辑卷
vim /home/catherine/ansible/lv.yml
---
- name: create lv
hosts: all
tasks:
- name: research not exist
ansible.builtin.debug:
msg: 'Volume group does not exist'
when: ansible_lvm.vgs.research is undefined
- name: use block
block:
- name: create lv 1500m
community.general.lvol:
vg: research
lv: date
size: 1500m
rescue:
- name: create lv 1500m failed
ansible.builtin.debug:
msg: 'Could not create logical volume of that size'
- name: create lv 800m
community.general.lvol:
vg: research
lv: date
size: 800m
when: ansible_lvm.vgs.research is defined
always:
- name: init ext4
community.general.filesystem:
fstype: ext4
dev: /dev/research/date
# 验证结果
ansible all -m shell -a "lvs"T9b-创建和使用分区
---
- name: t9 play
hosts: balancers
tasks:
- name: vdd is undefined
ansible.builtin.debug:
msg: 'Disk does not exist'
when: ansible_devices.vdd is undefined
- name: use block
block:
- name: create 1500m part
community.general.parted:
device: /dev/vdc
number: 1
state: present
part_end: 1500MiB
rescue:
- name: create 1500m part failed
community.general.parted:
device: /dev/vdc
number: 1
state: present
part_end: 800MiB
always:
- name: init ext4
community.general.filesystem:
fstype: ext4
dev: /dev/vdc1
- name: mount newpart
ansible.posix.mount:
path: /newpart
src: /dev/vdc1
state: mounted
fstype: ext4
when: ansible_devices.vdc is defined
T10-生成主机文件
cd ansible
wget http://master.content1.example.com/materials/hosts.j2
# 下载host2.j2文件-需编辑
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for i in groups.all %}
{{ hostvars[i].ansible_default_ipv4.address }} {{ hostvars[i].ansible_fqdn }} {{ hostvars[i].ansible_hostname }}
{% endfor %}
#直接执行
wget http://master.content1.example.com/materials/hosts.yml
T11-修改文件内容
vim /home/catherine/ansible/issue.yml
# when 语句可以从T10的hosts.yml文件中参考
# ansible-doc copy
---
- name: T11 change content
hosts: all
tasks:
- name: change dev
ansible.builtin.copy:
content: 'Development'
dest: /etc/issue
when: inventory_hostname in groups['dev']
- name: change test
ansible.builtin.copy:
content: 'Test'
dest: /etc/issue
when: inventory_hostname in groups['test']
- name: change prod
ansible.builtin.copy:
content: 'Production'
dest: /etc/issue
when: inventory_hostname in groups['prod']
#验证命令
ansible all -m shell -a "cat /etc/issue"
T12-创建Web内容目录
vim /home/catherine/ansible/webcontent.yml
---
- name: t12 built web
hosts: dev
tasks:
# 创建组 webdev
- name: creater group
ansible.builtin.group:
name: webdev
state: present
# 创建目录
- name: create dir
ansible.builtin.file:
path: /webdev
state: directory
group: webdev
mode: '2775'
setype: httpd_sys_content_t
# 创建链接
- name: create link
ansible.builtin.file:
path: /var/www/html/webdev
state: link
src: /webdev
# 创建文件
- name: copy content
ansible.builtin.copy:
content: 'Development'
dest: /webdev/index.html
setype: httpd_sys_content_t
#以下4个小段,来自T7,可直接复制
- name: t7-1-1
ansible.builtin.yum:
name: httpd
state: present
- name: t7-1-2 star and enabled
ansible.builtin.service:
name: httpd
state: started
enabled: yes
- name: t7-1-3 star and onboot firewall
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
- name: premit http
ansible.posix.firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
#执行后,验证结果
curl node1/webdev/index.htmlT13-生成硬件报告
#vim /home/catherine/ansible/hwreport.yml
---
- name: T13 Create hwreport
hosts: all
tasks:
- name: 1-Download foo.conf
ansible.builtin.get_url:
url: http://master.content1.example.com/materials/hwreport.empty
dest: /root/hwreport.txt
- name: 2-hostname
ansible.builtin.replace:
path: /root/hwreport.txt
regexp: "inventoryhostname"
replace: '{{ ansible_hostname }}'
- name: 3-memory_in_MB
ansible.builtin.replace:
path: /root/hwreport.txt
regexp: "memory_in_MB"
replace: '{{ ansible_memtotal_mb | string }}'
- name: 4-BIOS_version
ansible.builtin.replace:
path: /root/hwreport.txt
regexp: "BIOS_version"
replace: '{{ ansible_bios_version }}'
- name: 5-vda_size
ansible.builtin.replace:
path: /root/hwreport.txt
regexp: 'disk_vda_size'
replace: "{{ ansible_devices.vda.size | default('NONE') }}"
- name: 6-vdc_size
ansible.builtin.replace:
path: /root/hwreport.txt
regexp: "disk_vdc_size"
replace: "{{ ansible_devices.vdc.size | default('NONE') }}"
# 验证结果
ansible all -m shell -a "cat /root/hwreport.txt"T14-创建密码库
# vim /home/catherine/ansible/locker.yml
---
- pw_developer: Imadev
- pw_manager: Imamgr
vim /home/catherine/ansible/secret.txt
写入:whenyouwishuponastar
#执行命令
ansible-vault encrypt locker.yml --vault-password-file secret.txt T15-创建用户账户
---
- name: T15-1
hosts: dev,test
vars_files:
- /home/catherine/ansible/locker.yml
- /home/catherine/ansible/user_list3.yml
tasks:
- name: Ensure group "somegroup" exists
ansible.builtin.group:
name: devops
state: presen
- name: Added a consultant whose account you want to expire
ansible.builtin.user:
name: "{{ item.name }}"
groups: devops
password: '{{ pw_developer | password_hash("sha512") }}'
loop: "{{ user }}"
when: item.job == "developer"
- name: T15-2
hosts: prod
vars_files:
- /home/catherine/ansible/locker.yml
- /home/catherine/ansible/user_list3.yml
tasks:
- name: Ensure group "somegroup" exists
ansible.builtin.group:
name: opsmgr
state: presen
- name: Added a consultant whose account you want to expire
ansible.builtin.user:
name: "{{ item.name }}"
groups: opsmgr
password: '{{ pw_manager | password_hash("sha512") }}'
loop: "{{ user }}"
when: item.job == "manager"
# 执行命令
ansible-navigator run users.yml -m stdout --vault-password-file secret.txtT16-更新Ansible库的密钥(操作题)
wget http://master.content1.example.com/materials/salaries.yml
ansible]$ ansible-vault rekey salaries.yml
先输入旧密码,再输入新密码。
T17-配置cron作业
vim /home/catherine/ansible/cron.yml
# ansible-doc cron 参考案例
---
- name: t17-cron
hosts: all
tasks:
- name: cron-1
ansiblt.builtin.cron:
name: "cron"
user: natasha
minute: '*/2'
job: '"logger "EX294 in progress"'
# 验证结果
ansible all -m shell -a "cat /var/log/cron"