RHCE练习题二

1、使用RHEL系统角色

安装 RHEL 系统角色软件包,并创建符合以下条件的playbook /home/student/ansible/timesync.yml:
在所有受管节点上运行
使用 timesync 角色
配置该角色,以使用当前有效的 NTP 提供商
配置该角色,以使用时间服务器 classroom.example.com
配置该角色,以启用 iburst 参数

[student@ansible ansible]$ mkdir roles
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/  /home/student/ansible/roles/timesync
[student@ansible ansible]$ vim timesync.yml
---
- name: set time sync
  hosts: all
  vars:  
    timesync_ntp_servers:
      - hostname: classroom.example.com
        iburst: yes
  roles:
    - timesync
[student@ansible ansible]$ ansible-playbook timesync.yml

PLAY [set time sync] ********************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.253.134]
ok: [node1]
ok: [node2]
ok: [node3]

TASK [timesync : Set version specific variables] ****************************************************************
ok: [node1]
ok: [node2]
ok: [192.168.253.134]
ok: [node3]

TASK [timesync : Populate service facts] ************************************************************************
ok: [node2]
ok: [node1]
ok: [192.168.253.134]
ok: [node3]

TASK [Set variable `timesync_services` with filtered uniq service names] ****************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [Check that variable 'timesync_services' is defined] *******************************************************
ok: [node1] => {
    "changed": false,
    "msg": "All assertions passed"
}
ok: [node2] => {
    "changed": false,
    "msg": "All assertions passed"
}
ok: [192.168.253.134] => {
    "changed": false,
    "msg": "All assertions passed"
}
ok: [node3] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [timesync : Check if only NTP is needed] *******************************************************************
ok: [node1]
ok: [node3]
ok: [node2]
ok: [192.168.253.134]

TASK [timesync : Check if single PTP is needed] *****************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Check if both NTP and PTP are needed] **********************************************************
skipping: [node2]
skipping: [node1]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Determine current NTP provider] ****************************************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [timesync : Select NTP provider] ***************************************************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [timesync : Install chrony] ********************************************************************************
ok: [node3]
ok: [192.168.253.134]
ok: [node1]
changed: [node2]

TASK [timesync : Install ntp] ***********************************************************************************
skipping: [node1]
skipping: [192.168.253.134]
skipping: [node2]
skipping: [node3]

TASK [timesync : Install linuxptp] ******************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Gather package facts] **************************************************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [timesync : Run phc_ctl on PTP interface] ******************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Check if PTP interface supports HW timestamping] ***********************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate chrony.conf file] *********************************************************************
ok: [192.168.253.134]
ok: [node1]
changed: [node2]
ok: [node3]

TASK [timesync : Generate chronyd sysconfig file] ***************************************************************
ok: [node1]
ok: [192.168.253.134]
changed: [node2]
ok: [node3]

TASK [timesync : Generate ntp.conf file] ************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate ntpd sysconfig file] ******************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate ptp4l.conf file] **********************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate ptp4l sysconfig file] *****************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate phc2sys sysconfig file] ***************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Generate timemaster.conf file] *****************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Update network sysconfig file] *****************************************************************
ok: [node1]
ok: [192.168.253.134]
changed: [node2]
ok: [node3]

TASK [timesync : Disable chronyd] *******************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable ntpd] **********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable ntpdate] *******************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable sntp] **********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable ptp4l] *********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable phc2sys] *******************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Disable timemaster] ****************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Enable chronyd] ********************************************************************************
ok: [192.168.253.134]
ok: [node1]
ok: [node3]
changed: [node2]

TASK [timesync : Enable ntpd] ***********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Enable ptp4l] **********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Enable phc2sys] ********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [timesync : Enable timemaster] *****************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

RUNNING HANDLER [timesync : restart chronyd] ********************************************************************
changed: [node2]

PLAY RECAP ******************************************************************************************************
192.168.253.134            : ok=14   changed=0    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   
node1                      : ok=14   changed=0    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   
node2                      : ok=15   changed=6    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   
node3                      : ok=14   changed=0    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   

2、使用selinux角色

配置该角色,编写selinux.yml的playbook开启所有受控节点的selinux

[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux  /home/student/ansible/roles/selinux
[student@ansible ansible]$ 
[student@ansible ansible]$ vim selinux.yml
[student@ansible ansible]$ cat selinux.yml 
- name: set selinux
  hosts: all
  vars: 
    selinux_state: enforcing
  roles: 
    - role: selinux
      become: true
[student@ansible ansible]$ ansible-playbook selinux.yml
- name: set selinux
  hosts: all
  vars: 
    selinux_state: enforcing
  roles: 
    - role: selinux
      become: true
[student@ansible ansible]$ ansible-playbook selinux.yml

PLAY [set selinux] **********************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [selinux : Install SELinux python2 tools] ******************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Install SELinux python3 tools] ******************************************************************
ok: [node3]
changed: [node2]
changed: [192.168.253.134]
ok: [node1]

TASK [selinux : refresh facts] **********************************************************************************
ok: [192.168.253.134]
ok: [node2]
ok: [node1]
ok: [node3]

TASK [selinux : Install SELinux tool semanage] ******************************************************************
ok: [node3]
changed: [node1]
ok: [192.168.253.134]
changed: [node2]

TASK [selinux : Set permanent SELinux state if enabled] *********************************************************
changed: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [selinux : Set permanent SELinux state if disabled] ********************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Set ansible facts if needed] ********************************************************************
ok: [node1]
ok: [node2]
ok: [192.168.253.134]
ok: [node3]

TASK [selinux : Fail if reboot is required] *********************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : debug] ******************************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Drop all local modifications] *******************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Purge all SELinux boolean local modifications] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Purge all SELinux file context local modifications] *********************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Purge all SELinux port local modifications] *****************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
skipping: [192.168.253.134]

TASK [selinux : Purge all SELinux login local modifications] ****************************************************
skipping: [node2]
skipping: [node1]
skipping: [192.168.253.134]
skipping: [node3]

TASK [selinux : Set SELinux booleans] ***************************************************************************

TASK [selinux : Set SELinux file contexts] **********************************************************************

TASK [selinux : Restore SELinux labels on filesystem tree] ******************************************************

TASK [selinux : Restore SELinux labels on filesystem tree in check mode] ****************************************

TASK [selinux : Set an SELinux label on a port] *****************************************************************

TASK [selinux : Set linux user to SELinux user mapping] *********************************************************

TASK [selinux : Get SELinux modules facts] **********************************************************************
ok: [node1]
ok: [192.168.253.134]
ok: [node2]
ok: [node3]

TASK [selinux : include_tasks] **********************************************************************************
skipping: [node1]
skipping: [node2]
skipping: [192.168.253.134]
skipping: [node3]

PLAY RECAP ******************************************************************************************************
192.168.253.134            : ok=7    changed=1    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0   
node1                      : ok=7    changed=2    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0   
node2                      : ok=7    changed=2    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0   
node3                      : ok=7    changed=0    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0

3、使用Ansible Galaxy安装角色

使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml,从以下 URL 下载角色并安装到 /home/student/ansible/roles:
http://content.example.com/haproxy.tar.gz 此角色的名称应当为 balancer
http://content.example.com/phpinfo.tar.gz 此角色的名称应当为 phpinfo

[student@ansible ansible]$ vim roles/requirements.yml
[student@ansible ansible]$ cat roles/requirements.yml
---
- name: balancer
  src: http://content.example.com/ansible2.8/haproxy.tar.gz
- name: phpinfo
  src: http://content.example.com/ansible2.8/phpinfo.tar.gz
[student@ansible ansible]$ ansible-galaxy install -r /home/student/asnible/roles/requirements.yml -p  /home/student/ansible/roles/
- balancer is already installed, skipping.
- downloading role from file:///home/student/phpinfo.tar.gz
- extracting phpinfo to /home/student/ansible/roles/phpinfo
- phpinfo was installed successfully

4、创建和使用角色

根据下列要求,在/home/student/ansible/roles中创建名为apache的角色:
httpd软件包已安装,设为在系统启动时启用并启动
防火墙已启用并正在运行,并使用允许访问Web服务器的规则
模板文件 index.html.j2 已存在,用于创建具有以下输出的文件/var/www/html/index.html:
Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME是受管节点的完全限定域名,IPADDRESS则是受管节点的IP地址。
按照下方所述,创建一个使用此角色的playbook /home/student/ansible/newrole.yml:
该playbook在webservers主机组中的主机上运行

[student@ansible ansible]$ cd roles/
[student@ansible roles]$ ansible-galaxy init apache
- Role apache was created successfully
[student@ansible templates]$ cat index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_ens160.ipv4.address}}
[student@ansible templates]$   vim  tasks/main.yml 
---
# tasks file for http
- name: install httpd firewalld
  yum:
    name: 
      - httpd
      - firewalld
    state: present
    
- name: cp file
  template:
    src: index.html.j2
    dest: /var/www/html/index.html

- name: start httpd
  service:
    name: httpd
    state: started
    enabled: yes

- name: restart firewalld
  service: 
    name: firewalld
    state: restarted
    enabled: yes 
       
- name: firewalld for http
  firewalld:
    service: http
    state: enabled
    permanent: yes
    immediate: yes


 
[student@ansible apache]$ cat handlers/main.yml 
---
# handlers file for apache
- name: restart httpd
  service: 
    name: httpd
    state: restarted
    enabled: yes

[student@ansible ansible]$ cat newrole.yml 
--- 
- name: use http role 
  hosts: webservers 
  roles: 
    - apache
[student@workstation ansible]$ ansible-playbook newrole.yml
PLAY RECAP *********************************************************************
node1                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node3                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[student@ansible ansible]$ curl http://node1.example.com
Welcome to node1.example.com on 192.168.253.134
[student@ansible ansible]$ curl http://node2.example.com
Welcome to node2.example.com on 192.168.253.150
[student@ansible ansible]$ curl http://node3.example.com
Welcome to node3.example.com on 192.168.253.152

5、从Ansible Galaxy使用角色

根据下列要求,创建一个名为 /home/student/ansible/roles.yml的playbook:
playbook中包含一个play,该play在balancers主机组中的主机上运行并将使用balancer角色。
此角色配置一项服务,以在webservers主机组中的主机之间平衡Web服务器请求的负载。
浏览到balancers主机组中的主机(例如http://bastion.lab.example.com/ )将生成以下输出:
Welcome to serverc.example.com on 172.25.1.12
重新加载浏览器将从另一Web服务器生成输出:
Welcome to serverd.example.com on 172.25.1.13
playbook 中包含一个 play,该 play 在 webservers主机组中的主机上运行并将使用 phpinfo 角色。
通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出:
Hello PHP World from FQDN
其中,FQDN是主机的完全限定名称。
例如,浏览到 http://serverc.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverc.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。
同样,浏览到 http://serverd.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverd.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。

[student@workstation ansible]$ vim roles.yml
---
- name: gather facts for webservers
  hosts: webservers                 

- name: balancer role
  hosts: balancers
  roles:
    - balancer

- name: php role
  hosts: webservers
  roles:
    - phpinfo


再来执行该playbook
[student@workstation ansible]$ ansible-playbook roles.yml 
         


验证:
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13


[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值
>