RHCE题库解析

最新推荐文章于 2023-05-19 19:38:59 发布

山客泛舟游Y

最新推荐文章于 2023-05-19 19:38:59 发布

阅读量448

点赞数 2

文章标签： linux ssh 运维

本文链接：https://blog.csdn.net/weixin_72898853/article/details/127715422

版权

linux RHCE题库解析

考试说明：
RH294系统信息
在练习期间，您将操作下列虚拟系统：
真实机： foundation：
kiosk：redhat
root： Asimov

workstation.lab.example.com 172.25.250.9 Ansible control node
servera.lab.example.com 172.25.250.10 Ansible managed node
serverb.lab.example.com 172.25.250.11 Ansible managed node
serverc.lab.example.com 172.25.250.12 Ansible managed node
serverd.lab.example.com 172.25.250.13 Ansible managed node
bastion.lab.example.com 172.25.250.254 Ansible managed node

workstation为ansible节点
servera、serverb、serverc、serverd、bastion为受控主机
已经全部配置好ssh的基于密钥认证

Ansible 控制节点上已创建了用户帐户 student。此帐户预装了 SSH密钥，
允许在 Ansible 控制节点和各个 Ansible 受管节点之间进行SSH 登录。
请勿对系统上的 student SSH 配置文件进行任何修改。
您可以从 root 帐户使用 su 访问此用户帐户

前提环境准备

1、
[kiosk@foundation ~]$ virt-manager
[kiosk@foundation ~]$ rht-vmctl reset all
输入y确认重置所有主机
[kiosk@foundation ~]$ ssh -X root@workstation
[root@workstation ~]# dnf install -y ansible
[root@workstation ~]# vim /etc/sudoers.d/student
student ALL=(ALL) NOPASSWD: ALL
[root@workstation ~]# for i in server{a..d} bastion
> do scp /etc/sudoers.d/student root@$i:/etc/sudoers.d/
> done

2、更改workstation、servera、serverb、serverc、serverd、bastion
主机的/etc/hosts文件，把文件中content.example.com对应的ip改为172.25.254.250
[root@workstation ~]# for i in server{a..d} bastion
> do scp /etc/hosts root@$i:/etc/hosts
> done

3、使用xshell将考试环境需要的那些文件都上传到/content/目录下

4、关闭bastion的httpd服务
ssh  root@bastion
systemctl  stop  httpd
systemctl  disable httpd

1、安装和配置Ansible

按照下方所述，在控制节点workstation.lab.example.com 上安装和配置Ansible：
安装所需的软件包
创建名为/home/student/ansible/inventory的静态清单文件, 以满足以下需求:
servera是dev主机组的成员
serverb是test主机组的成员
serverc和serverd是prod主机组的成员
bastion是balancers主机组的成员
prod组是webservers主机组的成员
创建名为/home/student/ansible/ansible.cfg的配置文件, 以满足以下要求:
主机清单文件为/home/student/ansible/inventory
playbook中使用的角色的位置包括/home/student/ansible/roles

[kiosk@foundation0 ~]$ ssh student@workstation
Activate the web console with: systemctl enable --now cockpit.socket

[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg  /home/student/ansible/
[student@workstation ansible]$ mkdir /home/student/ansible/roles
[student@workstation ansible]$ vim ansible.cfg
[defaults]
inventory = /home/student/ansible/inventory
remote_user = student
roles_path = /home/student/ansible/roles 
host_key_checking = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation ansible]$ vim inventory
[dev]
servera

[test]
serverb

[prod]
serverc
serverd

[balancers]
bastion

[webservers:children]
prod

验证

[student@workstation ansible]$ ansible  all  -m  ping
serverd | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
serverc | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
serverb | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
servera | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
bastion | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

2、创建和运行Ansible临时命令

作为系统管理员, 您需要在受管节点上安装软件.
请按照下方所述, 创建一个名为/home/student/ansible/adhoc.sh的shell脚本,
该脚本将使用Ansible临时命令在各个受管节点上安装yum存储库:
存储库1:
存储库的名称为 rh294_BASE
描述为 rh294 base software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
存储库2:
存储库的名称为 rh294_STREAM
描述为 rh294 stream software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/AppStream
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态

[student@workstation ansible]$ vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a "name=rh294_BASE description='rh294 base software' 
file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS gpgcheck=yes 
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"

ansible all -m yum_repository -a "name=rh294_STREAM description='rh294 stream software'
 file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream 
gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
[student@workstation ansible]$ chmod +x adhoc.sh

执行脚本

[student@workstation ansible]$ ./adhoc.sh
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_BASE",
    "state": "present"
}
bastion | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_BASE",
    "state": "present"
}
serverc | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_BASE",
    "state": "present"
}
serverb | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_BASE",
    "state": "present"
}
serverd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_BASE",
    "state": "present"
}
serverb | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_STREAM",
    "state": "present"
}
servera | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_STREAM",
    "state": "present"
}
serverc | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_STREAM",
    "state": "present"
}
serverd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_STREAM",
    "state": "present"
}
bastion | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "rh294_STREAM",
    "state": "present"
}

3、安装软件包

创建一个名为 /home/student/ansible/packages.yml的 playbook：
将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
将 RPM Development Tools 软件包组安装到 dev主机组中的主机上
将 dev 主机组中主机上的所有软件包更新为最新版本

[student@workstation ansible]$ vim packages.yml
---
- name: install php mariadb
  hosts: dev,test,prod
  tasks: 
    - name: install php mariadb
      yum: 
        name: 
          - php 
          - mariadb
        state: present

- name: install RPM
  hosts: dev
  tasks: 
    - name: yum RPM
      yum: 
        name: "@RPM Development Tools"
        state: present 

    - name: update all packages
      yum: 
        name: '*'
        state: latest

执行

[student@workstation ansible]$ ansible-playbook packages.yml 

PLAY [install php mariadb] **************************************************************************

TASK [Gathering Facts] ******************************************************************************
ok: [serverc]
ok: [serverd]
ok: [servera]
ok: [serverb]

TASK [install php mariadb] **************************************************************************
changed: [serverd]
changed: [serverc]
changed: [serverb]
changed: [servera]

PLAY [install RPM] **********************************************************************************

TASK [Gathering Facts] ******************************************************************************
ok: [servera]

TASK [yum RPM] **************************************************************************************
changed: [servera]

TASK [update all packages] **************************************************************************
ok: [servera]

PLAY RECAP ******************************************************************************************
servera                    : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
serverb                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
serverc                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
serverd                    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

4、1.使用RHEL系统角色

安装 RHEL 系统角色软件包，并创建符合以下条件的playbook /home/student/ansible/timesync.yml：
在所有受管节点上运行
使用 timesync 角色
配置该角色，以使用当前有效的 NTP 提供商
配置该角色，以使用时间服务器 classroom.example.com
配置该角色，以启用 iburst 参数

[student@workstation ansible]$ sudo yum -y install rhel-system-roles

[student@workstation ansible]$ cd roles/
[student@workstation roles]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ timesync
[student@workstation roles]$ ls
timesync

[student@workstation roles]$ cd ..
[student@workstation ansible]$ vim timesync.yml
---
- name: set time
  hosts: all 
  vars: 
    timesync_ntp_servers: 
      - hostname: