1.安装并且配置Ansible
安装和配置ansible以及ansible控制节点control.labx.example.com如下:
创建一个名为/home/student/ansible/inventory的静态库存文件如下所示:
2.1 servera是dev主机组的成员
2.2 serverb是test主机组的成员
2.3 serverc和serverd是prod主机组的成员
2.4 serverb是balancers主机组的一员
2.5 prod组是webservers主机组的成员
3.创建一个名为/home/student/ansible/ansible.cfg的配置文件,如下所示:
3.1主机库存文件/home/student/ansible/inventory
3.2剧本中角色的位置被定义为/home/student/ansible/roles
练习环境在workstation中登录student用户,考试环境中remote_user = student,这里是devops
解答
1.1.切换到student用户,创建ansible以及角色目录
su - student
mkdir -p /home/student/ansible/roles
cd /home/student/ansible/roles
1.2.编辑inventory文件
[student@workstation ansible]$ cat inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
serverb
[webservers:children]
prod
1.3.编辑ansible配置文件
[student@workstation ansible]$ cat ansible.cfg
[defaults]
remote_user= devops
inventory = /home/student/ansible/inventory
roles_path = /home/student/ansible/roles
ask_pass = Flase
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
1.4.ping测试
[student@workstation ansible]$ ansible all -m ping
serverd | SUCCESS=> { "changed": false, "ping": "pong" }
servera | SUCCESS => { "changed": false, "ping": "pong" }
serverb | SUCCESS => { "changed": false, "ping": "pong" }
serverc | SUCCESS => { "changed": false, "ping": "pong" }
2.作为系统管理员,您需要在托管节点上安装软件
创建一个名为/home/student/ansible/adhoc.sh的shell脚本,该脚本运行一个ansible ad-hoc命令,在每个托管节点上创建一个yum存储库,如下所示:
存储库的名称是exam_rhel 说明是EX407软件
基本URL是http://rhgls.labx.example.com/rhel
启用GPG签名检查
GPG密钥URL是http://rhgls.lab.example.com/rhel/RPM-GPG-KEY-redhat-release6.
启用了存储库
解答
2.1. 创建仓库脚本,注意url这里的url是练习环境的url,不是上面题目考试的url,自己的环境是rhel7.5
[student@workstation ansible]$ cat adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a 'name=Exam_RHEL description="EX407 software" baseurl=http://content.example.com/rhel7.5/x86_64/dvd gpgcheck=yes gpgkey=http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
2.2.更改脚本权限、执行脚本
sudo chmod 755 adhoc.sh && /adhoc.sh
2.3.检查yum源是否配置好
[student@workstation ansible]$ ansible all -m shell -a 'cat /etc/yum.repos.d/Exam_RHEL.repo'
serverc | SUCCESS | rc=0 >> [Exam_RHEL] baseurl = http://content.example.com/rhel7.5/x86_64/dvd enabled = 1 gpgcheck = 1 gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release name = EX407 software
serverb | SUCCESS | rc=0 >> [Exam_RHEL] baseurl = http://content.example.com/rhel7.5/x86_64/dvd enabled = 1 gpgcheck = 1 gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release name = EX407 software
servera | SUCCESS | rc=0 >> [Exam_RHEL] baseurl = http://content.example.com/rhel7.5/x86_64/dvd enabled = 1 gpgcheck = 1 gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release name = EX407 software
serverd | SUCCESS | rc=0 >> [Exam_RHEL] baseurl = http://content.example.com/rhel7.5/x86_64/dvd enabled = 1 gpgcheck = 1 gpgkey = http://content.example.com/rhel7.5/x86_64/dvd/RPM-GPG-KEY-redhat-release name = EX407 software
3.安装软件包
安装包创建一个名为/home/student/ansible/packages.yml的剧本
- 在dev、test和prod主机组的主机上安装php和mariadb包
- 将开发工具包组安装到dev主机组中的主机上
- 在dev主机组的主机上更新所有包到最新版本
解答
3.1.编辑package.yml文件
[student@workstation ansible]$ cat package.yml
---
- hosts: dev,test,prod
tasks:
- name: install php mariadb
yum:
name: "{{ item }}"
state: present
with_items:
- php
- mariadb
- name: install group Dev
yum:
name: "@Development Tools"
state: present
when: ansible_hostname in groups["dev"]
- name: update
yum:
name: "*"
state: latest
when: ansible_hostname in groups["dev"]
3.2.检查一下语法
ansible-playbook --syntax-check package.yml
3.3.验证一下装好没有
[student@workstation ansible]$ ansible dev,test,prod -m shell -a "rpm -qa|egrep 'php|mariadb'"
4.使用RHEL系统角色
安装timesync,角色包,下载地址http://materials/timesync-1.0.1.tar.gz
并创建一个名为/home/student/ansible/timesync.yml的剧本:
在所有托管主机上运行使用timesync角色。
配置角色以使用时间服务器172.24.1.254(在我们的实验室中是172.25.254.254) 将角色配置为将iburst参数
设置为启用
解答
4.1.安装这个角色,这里用yum安装不了,只能用ansible-galaxy的方式来安装
sudo yum install -y rhel-system-roles
4.2.编写软件源地址
cat get_timesync.yml
- src: http://materials/timesync-1.0.1.tar.gz name: linux-system-timesync
4.3.安装timesync放到roles/目录下
ansible-galaxy install -r get_timesync.yml -p roles/
4.4.编写剧本文件
cat timesync.yml
- hosts: all
vars:
timesync_ntp_servers:
- hostname: 172.25.254.254
iburst: yes
roles:
- role: linux-system-timesync
4.5.检测语法、真实执行、查看效果
ansible-playbook --syntax-check timesync.yml ansible-playbook timesync.yml ansible all -m shell -a 'chronyc sources'
servera | SUCCESS | rc=0 >> 210 Number of sources = 1
**MS Name/IP address Stratum Poll Reach LastRx Last sample
==========================================================
** ^* classroom.example.com 8 6 77 46 -14ms[ -16ms] +/- 18ms
5.安装并使用角色
使用Ansible Galaxy创建的名称为/home/student/ansible/roles/requirememts.yml
下载以后并且安装在/home/student/ansible/roles下
1.下载http://materials/haproxy.tar.gz, 这个角色名应该是balancer
2.下载http://materials/phpinfo.tar.gz, 这个角色名应该是phpinfo
解答
5.1.编写requirements.yml剧本
cat requirements.yml
- src: http://materials/haproxy.tar.gz
name: balancer
- src: http://materials/phpinfo.tar.gz
name: phpinfo
5.2.安装角色文件
ansible-galaxy install -r /home/stuednt/ansible/roles/requirements.yml -p /home/student/ansible/roles
- 创建并使用一个角色
根据以下要求在/home/student/ansible/role中创建一个名为apache的角色
1.复制默认模板目录到/tmp/custom/,并添加templates目录,创建角色时指定模板目录为/tmp/custom
2.安装httpd包,在启动时启用,然后启动
3.防火墙已启用并使用允许访问web服务器的规则运行
4.一个模板文件index.html.j2存在,用于创建文件/var/www/html/index.html输出如下:
Welcome to {{ FQDN }} on {{ IPADDRESS }}
创建一个名为/home/student/ansible/newrole.yml
剧本在webservers主机组的主机上运行
解答
6.1.初始化apache角色目录
ansible-galaxy init apache --init-path /home/student/ansible/roles
6.2.去到这个目录,并创建一个templates目录(没有才自己创建的)
cd /home/student/ansible/roles/apache && mkdir templates
6.3.编辑任务脚本文件
[student@workstation apache]$ cat tasks/main.yml
---
# tasks file for apache
- name: Install httpd
yum:
name: httpd
state: present
- name: Start httpd
service:
name: httpd
state: started
enabled: yes
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: firewalld permits http service
firewalld:
service: http
state: enabled
permanent: true
immediate: yes
- name: create /var/www/html/index.html
template:
src: index.html.j2
dest: /var/www/html/index.html
setype: httpd_sys_content_t
6.4.编辑网页模板文件
[student@workstation apache]$ cat templates/index.html.j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
6.5.编辑启动角色脚本
[student@workstation ansible]$cat home/student/ansible/newrole.yml
---
- hosts: webservers
roles:
- apache
6.6.检查语法,执行剧本,查看效果
ansible-playbook --syntax-check newrole.yml
ansible-playbook newrole.yml
curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12
curl http://serverd
Welcome to serverd.lab.example.com on 172.25.250.13
7.使Ansible Galaxy创建的角色
创建一个roles.yml剧本文件
在balancers主机上部署balancer角色
在webservers主机上部署phpinfo角色
解答
7.1.编辑剧本文件
cat roles.yml
- hosts: balancers,webservers
roles:
- { role: balancer,when: "ansible_hostname in groups['balancers']" }
- hosts: webservers
roles:
- phpinfo
7.2.测试,真实执行剧本
ansible-playbook -C roles.yml
ansible-playbook roles.yml
7.3.检测运行结果
[student@workstation ansible]$ curl http://serverb
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://serverb/hello.php
Hello PHP World form serverd.lab.example.com
[student@workstation ansible]$ curl http://serverc/hello.php
Hello PHP World form serverc.lab.example.com
8.创建一个分区
编写一个剧本位置在/home/student/ansible/partition.yml,在所有主机上运行,需求如下:
1.在vdb中,创建一个主分区,编号是1,大小1500MiB
2.格式化成ext4文件系统,挂在到/newpart
3.如果无法创建请求的分区大小,则应使用错误消息“无法创建该大小的分区”, 应该显示,而应该使用大小为800Mib的
4.如果设备vdb不存在,则错误消息磁盘不存在应该显示
伪代码逻辑
if vdb is exist
try:
fdisk vdb size=1500Mbib && mkfs.ext4 mount /dev/vdb1 /newpart
rescue:
fdisk vdb size=800Mbib && mkfs.ext4 mount /dev/vdb1 /newpart
else
echo does exist partion vdb
解答
8.1.编写分区剧本
[student@workstation ansible]$ cat partition.yml
- hosts: all
tasks:
- name: "1. test vdb is exist"
shell: ls /dev/vdb
register: msg
ignore_errors: yes
- name: "2.if vdb not exist output error msg"
debug:
msg: "vdb is not exist"
when: msg is failed
failed_when: msg is failed
- name: "3.create partition size of the 1500MiB"
block:
- name: "3-1.create a vdb1"
parted:
number: 1
device: /dev/vdb
part_start: 1MiB
part_end: 1500MiB
state: present
rescue:
- name: "3-2.show error msg"
debug:
msg: "clound not create partition of that size"
- name: "3-3.create a 800MiB"
parted:
number: 1
device: /dev/vdb
part_start: 1MiB
part_end: 800MiB
state: present
- name: "4.create filesystem"
filesystem:
dev: /dev/vdb1
fstype: ext4
- name: "5.create directory"
file:
path: /newpart
state: directory
mode: '0755'
- name: "6.mount device"
mount:
src: /dev/vdb1
path: /newpart
fstype: ext4
state: mounted
8.2.查看效果
[student@workstation ansible]$ ansible all -m shell -a "lsblk"
serverb | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
serverd | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
serverc | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
└─vda1 253:1 0 40G 0 part /
vdb 253:16 0 1G 0 disk
└─vdb1 253:17 0 799M 0 part
servera | SUCCESS | rc=0 >>
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0 0 40G 0 disk
└─vda1 252:1 0 40G 0 part /
vdb 252:16 0 1G 0 disk
└─vdb1 252:17 0 799M 0 part
9.创建并应用一个逻辑卷
在/home/student/ansible/创建一个lv.yml文件,让它在所有主机上跑,要求如下:
创建一个逻辑卷大小1500MiB,从research卷组中来 使用ext4格式化这个逻辑卷
实现开机自动挂载到/data目录下,只有主机是qa才可以 如果这个逻辑卷的大小不能够创建,则输出错误信息
Could not create logical volume of that size
并使用800MiB大小来创建逻辑卷如果research这个卷组不存在,则输出错误消息:不存在
解答
9.1.创建一个research的卷组,默认不存在,需要自己去创建的
一个一个去所有主机上去创建
9.2.编写剧本文件
[student@workstation ansible]$ cat lv.yml
- hosts: all
tasks:
- name: 1. check research is exist
shell: vgdisplay research
register: res
ignore_errors: yes
- name: 2. output error msg if research vgroup not exist
debug:
msg: "research volume is not exist"
when: res is failed
failed_when: res is failed
- name: 3. create 1500MiB logical volume
block:
- name: 3.1 create lvx
lvol:
vg: research
lv: lvx
size: 1500m
rescue:
- debug:
msg: "3.2 Could not create logical volume of that size"
- name: 4. create 800MiB size logical volume
lvol:
lv: lvx
vg: research
sieze: 800m
- name: 5. format logical volume
filesystem:
dev: /dev/research/lvx
fstype: ext4
- name: 6. create directory
file:
path: /data
state: directory
ignore_errors: yes
- name: 7. mount to /data
mount:
path: /data
src: /dev/research/lvx
fstype: ext4
state: mounted
when: ansible_hostname in groups['qa']
10.生成一个主机文件
下载http://rhgls.labx.example.com/materials/hosts.j2 到/home/student/ansible (考试环境没有可以下载模板文件,需要自己去写)
完成模板,以便可以使用它为每个库存主机生成与/etc/hosts格式相同的一行文件。
创建一个名为/home/student/ansible/host.yml的剧本,使用此模板在dev主机组的主机上生成文件/etc/myhosts.yml
完成后,dev host组主机上的/etc/myhosts文件应该为下方所示
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6172.25.250.11 serverb.lab.example.com serverb
172.25.250.10 servera.lab.example.com servera
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd
解答
10.1.首先复制hosts到hosts.j2
[student@workstation ansible]$ sed '3,$d' /etc/hosts > /home/student/ansible/hosts.j2
10.2.在下方添加如下代码,注意下方循环里面的代码是一行写完
[student@workstation ansible]$ cat /home/student/ansible/hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }}
{% endfor %}
10.3.编写剧本文件
[student@workstation ansible]$ cat /home/student/ansible/hosts.yml
---
- hosts: all
tasks:
- name: copy j2
template:
src: hosts.j2
dest: /etc/myhosts
when: ansible_hostname in groups["dev"]
10.4.检测语法,模拟执行测试,真实执行
ansible-playbook --syntax hosts.yml
ansible-playbook -C hosts.yml
ansible-playbook hosts.yml
10.5.验证结果
[student@workstation ansible]$ ansible dev -m shell -a 'cat /etc/myhosts'
servera | SUCCESS | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.11 serverb.lab.example.com serverb
172.25.250.10 servera.lab.example.com servera
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd
11.修改文件内容
创建一个名为/home/student/ansible/issure.yml的剧本如下:
1.剧本运行在所有主机
2.playbook将/etc/issue的内容替换为一行文本,如下所示:
2.1在dev主机组的主机上,内容:Development
2.2在测试主机组的主机上,内容:test
2.3在prod主机组的主机上,内容:Production
解答
11.1.编写剧本
[student@workstation ansible]$ cat /home/student/ansible/issue.yml
---
- hosts: all
tasks:
- name: replace content1
copy:
content: "Development"
dest: /etc/issue
when: ansible_hostname in groups["dev"]
- name: replace content2
copy:
content: "Test"
dest: /etc/issue
when: ansible_hostname in groups["test"]
- name: replace content3
copy:
content: "Production"
dest: /etc/issue
when: ansible_hostname in groups["prod"]
11.2.检测语法,模拟执行,真实执行
ansible-playbook --syntax-check issue.yml
ansible-playbook -C issue.yml
ansible-playbook issue.yml
11.3.查看运行结果
[student@workstation ansible]$ ansible all -m shell -a 'cat /etc/issue'
serverd | SUCCESS | rc=0 >>
Production
servera | SUCCESS | rc=0 >>
Development
serverc | SUCCESS | rc=0 >>
Production
serverb | SUCCESS | rc=0 >>
Test
12.创建一个web内容目录
创建一个名为/home/student/ansible/webcontent.yml的剧本l如下:
playbook在dev主机组的托管节点上运行 创建目录/webdev与以下要求:
2.1 webdev组成员
2.2 权限:owner=read+write+excute、group=read+write+excute,other=read+excute
2.3 特殊权限:设置组ID
创建文件/webdev/index.html,它的内容是:Development,将/webdev链接到/var/www/html/webdev