RHCE角色练习题
1、使用RHEL系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的playbook /home/student/ansible/timesync.yml:
在所有受管节点上运行
使用 timesync 角色
配置该角色,以使用当前有效的 NTP 提供商
配置该角色,以使用时间服务器 classroom.example.com
配置该角色,以启用 iburst 参数
[student@ansible ansible]$ sudo dnf -y install rhel-system-roles-1.7.3-2.el8.noarch
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@ansible ansible]$ vim timesync.yml
---
- name: test
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@ansible ansible]$ ansible-playbook timesync.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Set version specific variables] *******************************
ok: [node3]
ok: [node1]
ok: [node2]
TASK [timesync : Populate service facts] ***************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [Set variable `timesync_services` with filtered uniq service names] *******
ok: [node1]
ok: [node2]
ok: [node3]
TASK [Check that variable 'timesync_services' is defined] **********************
ok: [node1] => {
"changed": false,
"msg": "All assertions passed"
}
ok: [node2] => {
"changed": false,
"msg": "All assertions passed"
}
ok: [node3] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [timesync : Check if only NTP is needed] **********************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [timesync : Check if single PTP is needed] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Check if both NTP and PTP are needed] *************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Determine current NTP provider] *******************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Select NTP provider] ******************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [timesync : Install chrony] ***********************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [timesync : Install ntp] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Install linuxptp] *********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Gather package facts] *****************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Run phc_ctl on PTP interface] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Check if PTP interface supports HW timestamping] **************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate chrony.conf file] ************************************
changed: [node2]
changed: [node1]
changed: [node3]
TASK [timesync : Generate chronyd sysconfig file] ******************************
changed: [node1]
changed: [node2]
changed: [node3]
TASK [timesync : Generate ntp.conf file] ***************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ntpd sysconfig file] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ptp4l.conf file] *************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ptp4l sysconfig file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate phc2sys sysconfig file] ******************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate timemaster.conf file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Update network sysconfig file] ********************************
changed: [node1]
changed: [node2]
changed: [node3]
TASK [timesync : Disable chronyd] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ntpd] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ntpdate] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable sntp] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ptp4l] ************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable phc2sys] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable timemaster] *******************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable chronyd] ***********************************************
ok: [node3]
ok: [node1]
changed: [node2]
TASK [timesync : Enable ntpd] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable ptp4l] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable phc2sys] ***********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable timemaster] ********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
RUNNING HANDLER [timesync : restart chronyd] ***********************************
changed: [node2]
changed: [node3]
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=15 changed=4 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
node2 : ok=15 changed=5 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
node3 : ok=15 changed=4 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
2、使用selinux角色
配置该角色,编写selinux.yml的playbook开启所有受控节点的selinux
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ /home/student/ansible/roles/selinux
[student@ansible ansible]$ cat selinux.yml
---
- hosts: all
vars:
selinux_state: enforcing
tasks:
- name: selinux
block:
- include_role:
name: selinux
rescue:
- name: failed reason require reboot
fail:
when: not selinux_reboot_required
- name: reboot
reboot:
- name: config selinux
include_role:
name: selinux
[student@ansible ansible]$ ansible-playbook selinux.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [include_role : selinux] **************************************************
TASK [selinux : Install SELinux python2 tools] *********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Install SELinux python3 tools] *********************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [selinux : refresh facts] *************************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Install SELinux tool semanage] *********************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Set permanent SELinux state if enabled] ************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Set permanent SELinux state if disabled] ***********************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Set ansible facts if needed] ***********************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [selinux : Fail if reboot is required] ************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : debug] *********************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Drop all local modifications] **********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Purge all SELinux boolean local modifications] *****************
skipping: [node2]
skipping: [node3]
skipping: [node1]
TASK [selinux : Purge all SELinux file context local modifications] ************
skipping: [node2]
skipping: [node1]
skipping: [node3]
TASK [selinux : Purge all SELinux port local modifications] ********************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Purge all SELinux login local modifications] *******************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Set SELinux booleans] ******************************************
TASK [selinux : Set SELinux file contexts] *************************************
TASK [selinux : Restore SELinux labels on filesystem tree] *********************
TASK [selinux : Restore SELinux labels on filesystem tree in check mode] *******
TASK [selinux : Set an SELinux label on a port] ********************************
TASK [selinux : Set linux user to SELinux user mapping] ************************
TASK [selinux : Get SELinux modules facts] *************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : include_tasks] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
PLAY RECAP *********************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
node2 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
node3 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
//查看受管主机状态
[root@node1 ~]# getenforce 0
Enforcing
3、使用Ansible Galaxy安装角色
使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml,从以下 URL 下载角色并安装到 /home/student/ansible/roles:
http://content.example.com/haproxy.tar.gz 此角色的名称应当为 balancer
http://content.example.com/phpinfo.tar.gz 此角色的名称应当为 phpinfo
//定义安装角色的路径
[student@ansible ansible]$ cd roles/
[student@ansible roles]$ vim test.yml
---
- name: balancer
src: file:///home/student/haproxy.tar.gz
- name: phpinfo
src: file:///home/student/phpinfo.tar.gz
[student@ansible ansible]$ ansible-galaxy install -r /home/student/ansible/roles/test.yml -p /home/student/ansible/roles/
- balancer is already installed, skipping.
- downloading role from file:///home/student/phpinfo.tar.gz
- extracting phpinfo to /home/student/ansible/roles/phpinfo
- phpinfo was installed successfully
[student@ansible ansible]$ cd roles/
[student@ansible roles]$ ls
balancer selinux timesync
phpinfo test.yml
4、创建和使用角色
根据下列要求,在/home/student/ansible/roles中创建名为apache的角色:
httpd软件包已安装,设为在系统启动时启用并启动
防火墙已启用并正在运行,并使用允许访问Web服务器的规则
模板文件 index.html.j2 已存在,用于创建具有以下输出的文件/var/www/html/index.html:
Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME是受管节点的完全限定域名,IPADDRESS则是受管节点的IP地址。
按照下方所述,创建一个使用此角色的playbook /home/student/ansible/newrole.yml:
该playbook在webservers主机组中的主机上运行
[student@ansible roles]$ ansible-galaxy init apache
- Role apache was created successfully
[student@ansible roles]$ ls
apache phpinfo test.yml
balancer selinux timesync
[student@ansible roles]$ cd apache/templates/
[student@ansible templates]$ vim index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_ens160.ipv4.address}}
[student@ansible apache]$ cat tasks/main.yml
---
# tasks file for apache
- name: mount cdrom
mount:
src: /dev/cdrom
path: /mnt
fstype: iso9660
state: mounted
- name: repo1
yum_repository:
file: server
name: BaseOS
description: CtenOS8
baseurl: file:///mnt/BaseOS
enabled: yes
gpgcheck: no
- name: repo2
yum_repository:
file: server
name: AppStream
description: CtenOS8
baseurl: file:///mnt/AppStream
enabled: yes
gpgcheck: no
- name: install httpd
dnf:
name:
- httpd
- firewalld
state: present
- name: cp file
template:
src: index.html.j2
dest: /var/www/html/index.html
notify:
- restarted httpd
- name: firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@ansible apache]$ cat handlers/main.yml
---
# handlers file for apache
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
[student@ansible ansible]$ cat newrole.yml
---
- name: apache
hosts: all
roles:
- apache
[student@ansible ansible]$ ansible-playbook newrole.yml
PLAY [apache] ******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [apache : mount cdrom] ****************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [apache : repo1] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [apache : repo2] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [apache : install httpd] **************************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [apache : cp file] ********************************************************
ok: [node2]
ok: [node1]
ok: [node3]
TASK [apache : firewalld] ******************************************************
ok: [node1]
ok: [node2]
ok: [node3]
PLAY RECAP *********************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@ansible ansible]$ curl http://node1.example.com
Welcome to node1.example.com on 192.168.244.140
[student@ansible ansible]$ curl http://node2.example.com
Welcome to node2.example.com on 192.168.244.141
[student@ansible ansible]$ curl http://node3.example.com
Welcome to node3.example.com on 192.168.244.142
5、从Ansible Galaxy使用角色
根据下列要求,创建一个名为 /home/student/ansible/roles.yml的playbook:
playbook中包含一个play,该play在balancers主机组中的主机上运行并将使用balancer角色。
此角色配置一项服务,以在webservers主机组中的主机之间平衡Web服务器请求的负载。
浏览到balancers主机组中的主机(例如http://bastion.lab.example.com/ )将生成以下输出:
Welcome to serverc.example.com on 172.25.1.12
重新加载浏览器将从另一Web服务器生成输出:
Welcome to serverd.example.com on 172.25.1.13
playbook 中包含一个 play,该 play 在 webservers主机组中的主机上运行并将使用 phpinfo 角色。
通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出:
Hello PHP World from FQDN
其中,FQDN是主机的完全限定名称。
例如,浏览到 http://serverc.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverc.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。
同样,浏览到 http://serverd.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverd.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。
[student@ansible ansible]$ cat roles.yml
---
- name: gather facts for webservers
hosts: webservers
- name: balancer role
hosts: balancers
roles:
- balancer
- name: php role
hosts: webservers
roles:
- phpinfo
[student@ansible ansible]$ ansible-playbook roles.yml
PLAY [gather facts for webservers] *********************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]
[WARNING]: Could not match supplied host pattern, ignoring: balancers
PLAY [balancer role] ***********************************************************
skipping: no hosts matched
PLAY [php role] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Install Apache] ************************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Install firewalld] *********************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Start and enable firewalld] ************************************
ok: [node3]
ok: [node2]
TASK [phpinfo : Enable http in firewall] ***************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Copy the hello_ver.html.j2] ************************************
changed: [node2]
changed: [node3]
TASK [phpinfo : Start and enable httpd] ****************************************
ok: [node2]
changed: [node3]
RUNNING HANDLER [phpinfo : restart httpd] **************************************
changed: [node2]
changed: [node3]
PLAY RECAP *********************************************************************
node2 : ok=9 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=9 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
验证:
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13
[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com
原文地址:http://www.cnblogs.com/loronoa/p/16856049.html
1. 本站所有资源来源于用户上传和网络,如有侵权请邮件联系站长!
2. 分享目的仅供大家学习和交流,请务用于商业用途!
3. 如果你也有好源码或者教程,可以到用户中心发布,分享有积分奖励和额外收入!
4. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解!
5. 如有链接无法下载、失效或广告,请联系管理员处理!
6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
7. 如遇到加密压缩包,默认解压密码为"gltf",如遇到无法解压的请联系管理员!
8. 因为资源和程序源码均为可复制品,所以不支持任何理由的退款兑现,请斟酌后支付下载
声明:如果标题没有注明"已测试"或者"测试可用"等字样的资源源码均未经过站长测试.特别注意没有标注的源码不保证任何可用性
