playbook角色应用

1.首先先安装RHEL系统角色

[root@localhost ~]# yum -y install rhel-system-roles

• 安装后，RHEL系统角色位于/usr/share/ansible/roles目录中：

[root@localhost ~]# ls -l /usr/share/ansible/roles/

2.timesync角色

创建一个date目录用来存放timesync角色

[root@localhost ~]# mkdir date

把rhel-system-roles.timesync文件复制一份到date目录下

[root@localhost ~]# cp -r /usr/share/ansible/roles/rhel-system-roles.timesync date/timesync

• 编辑playbook

[root@localhost date]# vim main.yml 

---
- hosts: web.example.com
  vars:
    timesync_ntp_servers:
      - hostname: time1.aliyun.org
        pool: yes
        iburst: yes
    timezone: Asia/Shanghai

  roles:
     - timesync
  tasks:
    - name: set timezone
      timezone:
        name: "{{ timezone }}"

• 将ansible.cfg 配置文件和inventory主机配置文件也放到date目录中

[root@localhost date]# ls
ansible.cfg  inventory  main.yml  timesync

[root@localhost date]# cat inventory 
[web]
web.example.com ansible_user=root ansible_password=1

[root@localhost date]# cat ansible.cfg 
# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

inventory      = ./inventory       //这里改成当前目录下的inventory
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5
#poll_interval  = 15
#sudo_user      = root

• 用playbook执行main.yml

[root@localhost date]# ansible-playbook main.yml 

到受管主机上查看是否已经更改

[root@localhost ~]# head /etc/chrony.conf 
# Ansible managed

pool time1aliyun.org iburst            //可以看到已经执行成功

# Allow the system clock to be stepped in the first three updates.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

• 开机自启也已经打开了

[root@localhost ~]# systemctl status chronyd.service 
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: >
   Active: active (running) since Tue 2022-06-14 21:07:31 CST; 3min 18s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
  Process: 296649 ExecStartPost=/usr/libexec/chrony-helper update-daemon (code=exite>
  Process: 296645 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCES>
 Main PID: 296647 (chronyd)
    Tasks: 1 (limit: 11160)
   Memory: 2.0M
   CGroup: /system.slice/chronyd.service

3.SELinux角色

• 先创建一个selinux目录

[root@localhost ~]# mkdir selinux

• 把rhel-system-roles.selinux文件复制一份到selinux目录下

[root@localhost ~]# cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ selinux/

• 将ansible.cfg 配置文件和inventory主机配置文件也放到selinux目录中

[root@localhost ~]# cp date/inventory selinux/
[root@localhost ~]# cp date/ansible.cfg selinux/
[root@localhost selinux]# ls
ansible.cfg  inventory  rhel-system-roles.selinux

• 编写playbook

[root@localhost selinux]# cat main.yml 
---
- hosts: web.example.com
  vars:
    selinux_policy: targeted
    selinux_state: anforcing

  roles:
    - rhel-system-roles.selinux

• 先到受管主机查看一下状态

[root@localhost ~]# getenforce 0     //改为Permissive
Permissive

• 执行playbook

[root@localhost selinux]# ansible-playbook main.yml 

• 再次查看受管主机

[root@localhost ~]# getenforce    //状态已经变成了enforcing了
Enforcing