红帽CE练习题
1、安装和配置Ansible
按照下方所述,在控制节点workstation.lab.example.com 上安装和配置Ansible:
安装所需的软件包
创建名为/home/student/ansible/inventory的静态清单文件, 以满足以下需求:
servera是dev主机组的成员
serverb是test主机组的成员
serverc和serverd是prod主机组的成员
bastion是balancers主机组的成员
prod组是webservers主机组的成员
创建名为/home/student/ansible/ansible.cfg的配置文件, 以满足以下要求:
主机清单文件为/home/student/ansible/inventory
playbook中使用的角色的位置包括/home/student/ansible/roles
解答:
[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg /home/student/ansible/
[student@workstation ansible]$ mkdir /home/student/ansible/roles
[student@workstation ansible]$ vi ansible.cfg
[defaults]
inventory = /home/student/ansible/inventory
remote_user = student
roles_path = /home/student/ansible/roles
host_key_checking = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation ansible]$ vim inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
bastion
[webservers:children]
prod
验证:
[student@workstation ansible]$ ansible all -m ping
2、创建和运行Ansible临时命令
作为系统管理员, 您需要在受管节点上安装软件.
请按照下方所述, 创建一个名为/home/student/ansible/adhoc.sh的shell脚本,
该脚本将使用Ansible临时命令在各个受管节点上安装yum存储库:
存储库1:
存储库的名称为 rh294_BASE
描述为 rh294 base software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
存储库2:
存储库的名称为 rh294_STREAM
描述为 rh294 stream software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/AppStream
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
解答:
[student@workstation ansible]$ vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a "name=rh294_BASE description='rh294 base software'
file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
ansible all -m yum_repository -a "name=rh294_STREAM description='rh294 stream software'
file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
[student@workstation ansible]$ chmod +x adhoc.sh
[student@workstation ansible]$ ./adhoc.sh
3、安装软件包
创建一个名为 /home/student/ansible/packages.yml的 playbook:
将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
将 RPM Development Tools 软件包组安装到 dev主机组中的主机上
将 dev 主机组中主机上的所有软件包更新为最新版本
解答:
[student@workstation ansible]$ vim packages.yml
---
- name: install pkgs
hosts: dev, test, prod
tasks:
- name: install mariadb php
yum:
name:
- php
- mariadb
state: present
- name: install group pkgs
hosts: dev
tasks:
- name: install Development Tools
yum:
name: "@Development Tools"
state: present
- name: update all pkgs
hosts: dev
tasks:
- name: update pkgs
yum:
name: '*'
state: latest
[student@workstation ansible]$ ansible-playbook packages.yml
4、使用RHEL系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的playbook /home/student/ansible/timesync.yml:
在所有受管节点上运行
使用 timesync 角色
配置该角色,以使用当前有效的 NTP 提供商
配置该角色,以使用时间服务器 classroom.example.com
配置该角色,以启用 iburst 参数
解答:
[student@workstation ansible]$ sudo yum -y install rhel-system-roles
[student@workstation ansible]$ mkdir roles
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@workstation ansible]$ vim timesync.yml
---
- name: set time sync
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@workstation ansible]$ ansible-playbook timesync.yml
使用selinux角色
配置该角色,开启所有受控节点的selinux
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux /home/student/ansible/roles/selinux
vim selinux.yml
---
- name: set selinux
最低0.47元/天 解锁文章
3978
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
