2023年7月RHCE考试满分通过总结(RHCE)

小趴菜え

已于 2023-08-08 10:21:00 修改

阅读量2.4k

点赞数 13

分类专栏： RHEL红帽8认证文章标签：运维 centos linux

于 2023-08-03 17:17:14 首次发布

本文链接：https://blog.csdn.net/CoolYellows/article/details/131940908

版权

RHEL红帽8认证专栏收录该内容

2 篇文章 3 订阅

订阅专栏

RHCE考试

全程需要在控制节点操作其他节点，需要使用指定用户操作，切记不可使用root用户做题，避免考试得零分。

一、安装及配置 ansible

yum -y install ansible #安装ansible
ansible --version #查看ansible版本

mkdir /home/greg/ansible #创建ansible目录
mkdir /home/greg/ansible/roles #创建roles目录

vim inventory #修改inventory清单文件

ansible-inventory -i inventory --graph #验证清单文件

cp /etc/ansible/ansible.cfg /home/greg/ansible/ansible.cfg #创建ansible配置文件

vi ansible.cfg

[defaults]

inventory = /home/greg/ansible/inventory

roles_path = /home/greg/ansible/roles

host_key_checking = False

remote_user = greg

[privilege_escalation] #查找privi，然后按n往下翻，将注释打开 become=True become_method=sudo

become_user=root

become_ask_pass=False

二、创建并运行 ansible ad-hoc 命令

vi /home/grep/ansible/adhoc.sh #编辑adhoc.sh文件

ansible-doc -l |grep yum #查看ansible帮助

ansible-doc yum_repository #查看具体yun_repository模块帮助

#!/bin/bash

ansible all -m yum_repository -a "file=EX294_BASE name='EX294_BASE' description=‘EX294 base software’ baseurl='http://foundation0.ilt.example.com/dvd/BaseOS' gpgcheck=yes gpgkey='http://foundation0.ilt.example.com/dvd/RPM-GPGKEY-redhat-release' enabled=yes"

ansible all -m yum_repository -a "file=EX294_STREAM name='EX294_STREAM' description=‘EX294 stream software’ baseurl='http://foundation0.ilt.example.com/dvd/AppStream' gpgcheck=yes gpgkey='http://foundation0.ilt.example.com/dvd/RPM-GPGKEY-redhat-release' enabled=yes"

chmod +x adhoc.sh #添加执行权限

ansible all -a 'yum repolist' #验证all受控节点yum仓库

ansible all -a 'yum -y install lftp' #临时命令安装lftp

ansible all -a 'rpm -q lftp' #查看是否安装成功

三、安装软件包

vim /home/grep/ansible/packages.yml #编辑剧本文件

ansible-doc yum #查看帮助

---

- name: install php and mariadb

hosts: dev,test,prod

tasks:

- name: install php and mariadb

yum:

name: php,mariadb

state: present

- name: install groups

hosts: dev

tasks：

- name: install dev tools

yum:

name: '@RPM Development Tools'

state: present

- name: install update all

yum:

name: '*'

state: latest

ansible-playbook --syntax-check packages.yml #检测剧本是否有错
ansible-playbook packages.yml #运行剧本

ansible test -a 'rpm -q php' #验证一下php是否安装

ansible dev -a ‘yum grouplist’ #验证一下软件包组是否安装

四、使用RHEL系统角色

yum search roles #搜索roles安装包
yum install rhel-system-roles.noarch #安装roles

ansible-galaxy list #检测系统角色
rpm -ql rhel-system-roles-1.0-5.el8.noarch #寻找系统角色安装的路径和产生的文件

vi /home/grep/ansible/ansible.cfg
- :/usr/share/ansible/roles

rpm -ql rhel-system-roles-1.0-5.el8.noarch |grep example #查询系统时间角色案例

cp /usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml /home/greg/ansible/timesync.yml #复制案例修改名字

vi timesync.yml #按题目要求修改

---

- hosts: all

vars:

timesync_ntp_servers:

- hostname: 172.25.254.254

iburst: yes

roles:

- rhel-system-roles.timesync

ansible-playbook timesync.yml #运行调用角色脚本

ansible all -a 'timedatectl' #验证结果

五、使用 Ansible Galaxy 安装角色

vim /home/greg/ansible/roles/requirements.yml #编辑requirements.yml文件

---

- src: http://materials/haproxy.tar

name: balancer

- src: http://materials/phpinfo.tar

name: phpinfo

ansible-galaxy install -r /home/greg/ansible/roles/requirements.yml #安装requirements.yml文件

tree balancer/ #验证结果

六、创建和使用角色

ansible-galaxy --help #查看帮助信息

ansible-galaxy init apache #创建Apache角色
tree apache #验证位置和子目录信息

vim apache/tasks/main.yml #编写角色任务

ansible-doc yum #查看yum模块帮助
ansible-doc service #查看service模块帮助
ansible-doc firewalld #查看firewalld模块帮助
ansible-doc template #查看template模块帮助

---

# tasks file for apache

- name: install the latest version of Apache

yum:

name: httpd

state: latest

- name: Start service httpd, if not started

service:

name: httpd

state: started

enabled: yes

- name: Start service firewalld

service:

name: firewalld

state: started

enabled: yes

- firewalld:

service: http

permanent: yes

state: enabled

immediate: yes

- name: User firewalld http

firewalld:

service: http

permanent: yes

immediate: yes

state: enabled

- name: Template a file to index.html.j2

template:

src: index.html.j2

dest: /var/www/html/index.html

setype： httpd_sys_content_t

vim /home/greg/ansible/roles/apache/templates/index.html.j2

ansible 172.25.250.11 -m setup |grep serverb #查询主机对应事实变量
ansible 172.25.250.11 -m setup -a 'filter=*fqdn*' #查询主机对应事实变量

ansible 172.25.250.11 -m setup -a 'filter=*ipv4*' #查询IP地址对应事实变量

cat index.html.j2

Welcome to {{ ansible_fqdn}} on {{ansible_default_ipv4.address }} #设置变量，加空格，加空格

七、从Ansible Galaxy使用角色

vi /home/greg/ansible/roles.yml #写roles.yml剧本

---

- name: use apache

hosts: webservers

roles:

- apache

- name: use role balancers

hosts: balancers

roles:

- balancer

- name: use phpinfo

hosts: webservers

roles:

- phpinfo

ansible-playbook --syntax-check roles.yml #检测错误
ansible-playbook roles.yml #运行剧本

测试

八、创建和使用逻辑卷

block: 定义要运行的主要任务

rescue: 定义要在block子句中，定义的任务失败时运行的任务

always:定义始终都独立运行的任务，不论block和rescue字句中定义额任务是否成功还是失败

vim /home/greg/ansible/lv.yml #编辑剧本

ansile-doc -lgrep -I lvm #查询lvm模块

ansile-doc lvol #lvol模块，创建、删除或调整逻辑卷的大小

ansile-doc filesystem #filesystem模块，格式化文件系统

ansible-doc mount #mount模块，管理被控端设备挂载
ansile-doc debug #debug模块，用于在调试中输出信息

ansible node3 -m setup -a “filter=*lvm*” #查询lvm对应的变量

ansible-doc stat #stat模块，检索文件或文件系统状态，查询when设置案例

---

- name: User create lvm

hosts: all

tasks:

- block: #定义要运行的主要任务

- name: Create a logical volume of 1500M

lvol:

vg: research #卷组名

lv: data #逻辑卷名称

size: 1500 #逻辑卷大小

- name: Create a ext4 filesystem

filesystem:

fstype: ext4 #文件格式

dev: /dev/research/data #卷组路径

rescue: #定义要在block子句中定义的任务，失败时运行的任务

- debug:

msg: Could not create logical volume of that size #报错信息

- name: Create a logical volume of 800M

lvol:

vg: research

lv: data

size: 800

when: ansible_lvm.vgs.research is defined #条件表示卷组存在且定义，注意条件格式

ignore_errors: yes

- debug:

msg: Volume group done not exist #报错信息

when: ansible_lvm.vgs.research is not defined #条件表示卷组不存在，注意条件格式

ansible-playbook --syntax-check /home/ansible/lv.yml #检测语法
ansible-playbook /home/ansible/lv.yml #运行剧本

九、生成主机文件

wget http://http://materials/hosts.j2 -P /home/greg/ansible #下载hosts.j2文件

vi /home/greg/ansible/hosts.j2 #编辑剧本

{% for host in groups['all'] %}

{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}

{% endfor %} #注意空格和分号以及格式

ansible-doc template #查询template模块

---

- name: get host file

hosts: all

tasks:

- name: Template a file

template:

src: /home/greg/ansible/hosts.j2

dest: /etc/myhosts

when: "'dev' in group_names" #设置条件，只在dev组执行

when: "inventory_hostname in groups.dev" #设置条件，只在dev组执

ansible-playbook hosts.yml #执行剧本

cat /etc/myhosts #登录主机172.25.2250.9验证结果

十、修改文件内容

ansible-inventory --graph #查看对应的主机组

cat /etc/issue #查看原始文件

vim /home/greg/ansible/issue.yml #编辑剧本

ansible-doc copy #copy模块，查询模块使用模板

---

- name: User issue

hosts: all

tasks:

- name: copy using inline dev

copy:

content: 'Development'

dest: /etc/issue

when: "'dev' in group_names" # 设置条件，只在dev组执行

when: "inventory_hostname in groups.dev" #设置条件，只在dev组执行

- name: copy using inline test

copy:

content: 'Test'

dest: /etc/issue

when: "'test' in group_names" #设置条件，只在test组执行

when: "inventory_hostname in groups.test" #设置条件，只在test组执行

- name: copy using inline prod

copy:

content: 'Production'

dest: /etc/issue

when: "'prod' in group_names" #设置条件，只在prod组执行

when: "inventory_hostname in groups.prod" #设置条件，只在prod组执行

ansible-play --syntax-check issue.yml #验证剧本
ansible-play issue.yml #执行剧本

ansible all -a "cat /etc/issue" #验证结果

十一、创建Web内容目录

Ansible -dev -a "rpm -q httpd" #验证dev组中http软件和服务是否安装、开启

ansible-doc file #file模块，文件操作模块查看帮助

ansible-doc copy #copy模块，查询帮助和模板

ll -lZ /var/www/ #查看目录上下级类型，并设置相同的上下级类型httpd_sys_content_t

vim /home/greg/ansible/webcontent.yml #编辑剧本

---

- name: User httpd

hosts: dev

roles: #调用roles角色，apache服务

- apache

tasks:

- name: Create a directory

file:

path: /webdev

state: directory

mode: '2775' #设置目录属组、属主、其他权限，注意权限不要写错

group: webdev

- name: Create a symbolic link

file:

src: /webdev

dest: /var/www/html/webdev

state: link

- name: Copy using inline content

copy:

content: 'Development'

dest: /webdev/index.html

setype: httpd_sys_content_t

ansible-play --syntax-check webcontent.yml #验证剧本
ansible-play webcontent.yml #执行剧本

十二、生成硬件报告

ansible-doc get_url #get_url模块，下载文件

ansible-doc lineinfile #lineinfile模块，增加或修改文件内容

ansible 172.25.250.9 -m setup -a "filter=*mem*" #查询内存收集事实变量

ansible 172.25.250.9 -m setup -a "filter=*bios*" #查询bios，事实变量
ansible 172.25.250.9 -m setup -a "filter=*dev*" #查询硬盘，事实变量

---

- name: User hwreport

hosts: all

tasks:

- name: Download hwreport.txt

get_url:

url: http://materials/hwreport.empty

dest: /root/hwreport.txt

- name: Esure host

lineinfile:

path: /root/hwreport.txt

regexp: '^HOST='

line: HOST={{ inventory_hostname | default('NONE',true) }}

- name: Esure MEMORY

lineinfile:

path: /root/hwreport.txt

regexp: '^MEMORY='

line: MEMORY={{ ansible_memtotal_mb | default('NONE',true) }}

- name: Esure BIOS

lineinfile:

path: /root/hwreport.txt

regexp: '^BIOS='

line: BIOS={{ ansible_bios_version | default('NONE',true) }}

- name: Esure VDA

lineinfile:

path: /root/hwreport.txt

regexp: '^DISK_SIZE_VDA='

line: DISK_SIZE_VDA={{ ansible_devices.vda.size | default('NONE',true) }}

- name: Esure VDB

lineinfile:

path: /root/hwreport.txt

regexp: '^DISK_SIZE_VDB='

line: DISK_SIZE_VDB={{ ansible_devices.vdb.size | default('NONE',true) }}

ansible-playbook --syntax-check hwreport.yml #验证剧本
ansible-playbook hwreport.yml #执行剧本

ansible all -a "cat /root/hwreport.txt" #验证结果

十三、创建密码库

vim /home/greg/ansible/locker.yml #编辑存储库

pw_developer: Imadev
pw_manager： Imamgr #注意不要忘记冒号后面空格，

ansible-vault --help #查看帮助信息

ansible-vault encrypt locker.yml #加密文件

ansible-vault view locker.yml #验证结果

十四、创建用户账户

wget http://materials/user_list.yml -P /home/greg/ansible #下载文件
cat user_list.yml #验证查看内容

vim ansible.cfg #编辑配置文件

vault_password_file = /home/greg/ansible/secret.txt #修改存放密码的文件位置

ansible-doc user #user模块，查看帮助信息

ansible-doc group #group模块，查看帮助信息

---

- name: Touch user

hosts: dev,test

vars_files:

- /home/greg/ansible/user_list.yml

- /home/greg/ansible/locker.yml

tasks:

- name: Ensuer group

group:

name: devops

state: present

- name: Add the user

user:

name: "{{ item.name }}" #注意变量格式，双引号、括号、空格不可少

password: "{{ pw_developer | password_hash('sha512') }}" #注意变量格式，双引号、括号、空格不可少

groups: devops

append: yes

loop: "{{ users }}" #注意双引号不可少

when: item.job == 'developer' #注意单引号不可少

- name: Touch user1

hosts: prod

vars_files:

- /home/greg/ansible/user_list.yml

- /home/greg/ansible/locker.yml

tasks:

- name: Ensuer group1

group:

name: opsmgr

state: present

- name: Add the user1

user:

name: "{{ item.name }}"

password: "{{ pw_manager | password_hash('sha512') }}"

groups: opsmgr

append: yes

loop: "{{ users }}"

when: item.job == 'manager'

ansible-playbook --syntax-check users.yml #验证剧本
ansible-playbook users.yml #执行剧本

十五、更新Ansible库秘钥

wget http://materials/salaries.yml -P /home/greg/asnible #下载文件到指定目录

ansible-vault --help #查看帮助信息

ansible-vault rekey salaries.yml #更新密码库

ansible-vault view salaries.yml #验证结果

十六、安装RHEL角色（随机题）

安装RHEL角色，并使用SeLinux角色，要求在所有节点运行，配置该角色，配置被管理节点的selinux为enforcing

yum search roles #搜索roles安装包
yum install rhel-system-roles.noarch #安装roles

ansible-galaxy list #检测系统角色
rpm -ql rhel-system-roles-1.0-5.el8.noarch #寻找系统角色安装的路径和产生的文件

vi /home/grep/ansible/ansible.cfg
- :/usr/share/ansible/roles

rpm -ql rhel-system-roles-1.0-5.el8.noarch |grep selinux #查询selinux角色案例

cp -a /user/share/ansible/roles/rhel-system-roles.selinux /home/greg/ansible/roles/selinux #复制模板角色到roles目录

cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml /home/greg/ansible/selinux.yml #复制模板示例文件到ansible目录
vim /home/greg/ansible/selinux.yml #修改selinux角色剧本

---

- hosts: all

become: true

become_method: sudo

become_user: root

vars:

selinux_policy: targeted

selinux_state: enforcing

# prepare prerequisites which are used in this playbook

tasks:

- name: Creates directory

file:

path: /tmp/test_dir

state: directory

- name: Add a Linux System Roles SELinux User

user:

comment: Linux System Roles SELinux User

name: sar-user

- name: execute the role and catch errors

block:

- include_role:

#name: rhel-system-roles.selinux

name: selinux #修改对应的角色名称

rescue:

# Fail if failed for a different reason than selinux_reboot_required.

- name: handle errors

fail:

msg: "role failed"

when: not selinux_reboot_required

- name: restart managed host

shell: sleep 2 && shutdown -r now "Ansible updates triggered"

async: 1

poll: 0

ignore_errors: true

- name: wait for managed host to come back

wait_for_connection:

delay: 10

timeout: 300

- name: reapply the role

include_role:

#name: rhel-system-roles.selinux

name: selinux #修改对应的角色名称

十七、创建到期用户账户有效期30天（随机题）

创建用户账户，账户jack，新增设置密码有效期为30天。账户jony，新增设置相应的ID1111，用户有效期到2022-01-20

ansible-doc user #user模块，管理用户操作

ansible-doc shell #shell模块，执行对应指令

date -d 2022-01-20 +%s #有效期查询

vim /home/greg/ansible/create_user.yml #创建剧本

---

- name: Create users

hosts: all

vars:

- users:

- name: jack

- name: jony #创建需要的用户

tasks:

- name: Add the user

user:

name: "{{ item.name }}" #引用用户名

password: "{{ 'redhat' | password_hash('sha512') }}" #设置密码

loop: "{{ users }}" #循环

- name: Password expired jack

shell: chage -M 30 "{{ item.name }}" #设置密码到期时间，30天

loop: "{{ users }}"

when: item.name == 'jack'

- name: Added a expire jony

user:

name: "{{ item.name }}"

uid: 1111 #设置用户uid

expires: 1692489600 #设置用户到期时间 ，date -d 2023-08-20

loop: "{{ users }}"

when: item.name == 'jony'

十八、使用crontab模块（随机题）

用户jack每三个月的每周日晚上22点39分查看一次自身用户登录情况

ansible-crond #cron模块，计划任务，相当于crontab命令

vim /home/greg/ansible/crontab.yml #创建剧本

---
- hosts: all
tasks:
- name: create a cron file under /etc/cron.d
    cron:
      name: Lgin time
      minute: "39"                      #分
      hour: "22"                          #时
      day: ""                                #日
      month: "*/3"                      #月
      weekday: "0"                      #周 每周日

user: jack #指定用户
job: " last " #执行内容