RHCE备考
考前准备
[kiosk@foundation ~]$ RHEXAM ex294 init
clean all env
clean env successfully
sysprep EX294 workstation
sysprep EX294 node1
sysprep EX294 node2
sysprep EX294 node3
sysprep EX294 node4
sysprep EX294 node5
init EX294 workstation
init EX294 node1
init EX294 node2
init EX294 node3
init EX294 node4
init EX294 node5
远程控制:要配置网络,密码,配置文件,这三方面
改配置文件:
进入配置文件
改
重启服务
# 编写脚本,可以让所有虚拟机全部启动
[kiosk@foundation ~]$ vim ./start_all_vm.sh
[kiosk@foundation ~]$ cat ./start_all_vm.sh
#!/bin/bash
rht-vmctl start node1
sleep 10
rht-vmctl start node2
sleep 10
rht-vmctl start node3
sleep 10
rht-vmctl start node4
sleep 10
rht-vmctl start node5
sleep 10
rht-vmctl start workstation
sleep 10
[kiosk@foundation ~]$ chmod a+x ./start_all_vm.sh
[kiosk@foundation ~]$ ./start_all_vm.sh
node1 start
node2 start
node3 start
node4 start
node5 start
workstation start
第一题 安装并配置ansible
# 第一小问:安装所需的软件包
# 查看一下是否有以下6个软件,没有要安装
[root@workstation ~]# rpm -q vim
package vim is not installed
[root@workstation ~]# rpm -q ansible-navigator # 运行剧本 需要容器
ansible-navigator-2.1.0-1.el9ap.noarch
[root@workstation ~]# rpm -q ansible # 查找配置文件找例子
package ansible is not installed
root@workstation ~]# rpm -q podman # 容器
podman-4.6.1-5.el9.x86_64
[root@workstation ~]# rpm -q container-tools # 容器
package container-tools is not installed
[root@workstation ~]# rpm -q bash-completion # 命令补全工具
package bash-completion is not installed
# 搭建yum仓库
[root@workstation ~]# vi /etc/yum.repos.d/local.repo
[root@workstation ~]# cat /etc/yum.repos.d/local.repo
[baseos]
name=baseos
baseurl=http://master.rhel.exam.com/rhel9/repos/BaseOS/
enable=1
gpgcheck=0
[appstream]
name=appstream
baseurl=http://master.rhel.exam.com/rhel9/repos/AppStream/
enable=1
gpgcheck=0
# 安装
[root@workstation ~]# dnf clean all && dnf makecache
[root@workstation ~]# dnf install vim ansible-core container-tools bash-completion -y
。。。。。。
# 第二小问
# 考试系统只给greg用户配置了sudo免密功能,所以要在greg用户下创建文件,进行操作
[root@workstation ~]# ssh greg@workstation
greg@workstation's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sun Jul 13 22:05:04 2025 from 172.25.250.100
[greg@workstation ~]$
#一定要确保路径正确
[greg@workstation ~]$ mkdir /home/greg/ansible
[greg@workstation ~]$ ls /home/greg/
ansible
[greg@workstation ~]$ cd /home/greg/ansible
[greg@workstation ansible]$ pwd
/home/greg/ansible
[greg@workstation ansible]$ ls
[greg@workstation ansible]$
# 编写/home/greg/ansible/inventory
[greg@workstation ansible]$ vim /home/greg/ansible/inventory
[greg@workstation ansible]$ cat /home/greg/ansible/inventory
[dev]
172.25.250.101
[test]
172.25.250.102
[web]
172.25.250.103
172.25.250.104
[balancer]
172.25.250.105
[server:children]
web
# 编写/home/greg/ansible/ansible.cfg
[greg@workstation ansible]$ vim /home/greg/ansible/ansible.cfg
[greg@workstation ansible]$ cat /home/greg/ansible/ansible.cfg
[defaults]
inventory=/home/greg/ansible/inventory
remote_user=greg
ask_pass=false
host_key_checking=false
roles_path=/home/greg/ansible/roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
collections_path=/home/greg/ansible/collections:~/.ansible/collections:/usr/share/ansible/collections
[privilege_escalation]
become=true
become_ask_pass=False
become_method=sudo
become_user=root
[greg@workstation ansible]$
# 查看是否有该文件,没有要自己写
[greg@workstation ansible]$ cat ~/.ansible-navigator.yml
---
ansible-navigator:
execution-environment:
image: registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest
pull:
policy: missing
[greg@workstation ansible]$ ansible-navigator images
。。。。。。 #图1 报错,因为没登录
[greg@workstation ansible]$ podman login registry.rhel.exam.com
Username: felix
Password:
Login Succeeded!
[greg@workstation ansible]$ ansible-navigator images
。。。。。。# 图2 可跳转至交互式页面则说明没问题
[greg@workstation ansible]$ ls
ansible.cfg ansible-navigator.log inventory
[greg@workstation ansible]$ mkdir roles
[greg@workstation ansible]$ mkdir /home/greg/ansible/collections
[greg@workstation ansible]$ ls
ansible.cfg ansible-navigator.log collections inventory roles
[greg@workstation ansible]$ ansible-navigator inventory -m stdout --list #检查
图1
上红框内为镜像,和查到文件中的一致。下面报错说明无权访问容器相关资源,所以需要先登录镜像仓库(考试说明告知)
图2 交互界面
第2题 创建并运行ansible ad hoc命令
# 写脚本,将playbook中“:”变为“=”,临时命令
[greg@workstation ansible]$ vim /home/greg/ansible/adhoc.sh
[greg@workstation ansible]$ cat /home/greg/ansible/adhoc.sh
#!/bin/bash
ansible -b -u greg all -m ansible.builtin.yum_repository -a "name=EX294_BASE description='EX294 base software' baseurl=http://master.rhel.exam.com/rhel9/repos/BaseOS/ gpgcheck=yes gpgkey='http://master.rhel.exam.com/contents/RPM-GPG-KEY-redhat-release' enabled=yes"
ansible -b -u greg all -m ansible.builtin.yum_repository -a "name=EX294_STREAM description='EX294 stream software' baseurl=http://master.rhel.exam.com/rhel9/repos/AppStream/ gpgcheck=yes gpgkey='http://master.rhel.exam.com/contents/RPM-GPG-KEY-redhat-release' enabled=yes"
[greg@workstation ansible]$
# 给脚本权限
[greg@workstation ansible]$ chmod a+x ./adhoc.sh
[greg@workstation ansible]$ ./adhoc.sh
# 检查现象,查3个(目录,文件,文件)都要查
[greg@workstation ansible]$ ansible all -m shell -a "ls /etc/yum.repos.d"
172.25.250.104 | CHANGED | rc=0 >>
EX294_BASE.repo
EX294_STREAM.repo
redhat.repo
172.25.250.103 | CHANGED | rc=0 >>
EX294_BASE.repo
EX294_STREAM.repo
redhat.repo
172.25.250.101 | CHANGED | rc=0 >>
EX294_BASE.repo
EX294_STREAM.repo
redhat.repo
172.25.250.105 | CHANGED | rc=0 >>
EX294_BASE.repo
EX294_STREAM.repo
redhat.repo
172.25.250.102 | CHANGED | rc=0 >>
EX294_BASE.repo
EX294_STREAM.repo
redhat.repo
[greg@workstation ansible]$ ansible all -m shell -a "cat /etc/yum.repos.d/EX294_BASE.repo"
[greg@workstation ansible]$ ansible all -m shell -a "cat /etc/yum.repos.d/EX294_STREAM.repo"
[greg@workstation ansible]$
[greg@workstation ansible]$ ls
adhoc.sh ansible.cfg ansible-navigator.log collections inventory roles
第3题 安装软件包
# 剧本光标辅助工具,可装可不装
[greg@workstation ansible]$ vim ~/.vimrc
[greg@workstation ansible]$ cat ~/.vimrc
autocmd FileType yaml setlocal ai ru cursorcolumn ts=2 sw=2 et
[greg@workstation ansible]$
#写playbook
[greg@workstation ansible]$ vim /home/greg/ansible/packages.yml
[greg@workstation ansible]$ cat /home/greg/ansible/packages.yml
---
- hosts: dev,test,web
tasks:
- name: install php and mariadb
ansible.builtin.dnf:
name:
- php
- mariadb
state: present
- name: install Tools
ansible.builtin.dnf:
name: '@RPM Development Tools'
state: present
when: inventory_hostname in groups['dev']
- name: update
ansible.builtin.dnf:
name: "*"
state: latest
when: inventory_hostname in groups['dev']
#运行
[greg@workstation ansible]$ ansible-navigator run -m stdout packages.yml
# 检查
[greg@workstation ansible]$ ansible all -m shell -a "rpm -q php" #图1
[greg@workstation ansible]$ ansible all -m shell -a "rpm -q mariadb"
[greg@workstation ansible]$ ansible dev -m shell -a "dnf group list" #图2
图1
图2
第4题 使用RHEL system role
[kiosk@foundation ~]$ ssh root@workstation
root@workstation's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sun Jul 13 22:22:11 2025 from 172.25.250.1
[root@workstation ~]# dnf search roles #图1
[root@workstation ~]# dnf install rhel-system-roles.noarch #安装
[root@workstation ansible]# cd /usr/share/ansible/roles/
[root@workstation roles]# ls
[root@workstation roles]# cd
[root@workstation ~]# cp -a /usr/share/ansible/roles/rhel-system-roles.timesync /home/greg/ansible/roles/timesync
[root@workstation ~]#
[greg@workstation ansible]$ dnf install tree
Not root, Subscription Management repositories not updated
Error: This command has to be run with superuser privileges (under the root user on most systems). #安装tree
[greg@workstation ansible]$ vim roles/timesync/README.md #图2,查看说明书,找例子写playbook
[greg@workstation ansible]$
[greg@workstation ansible]$ vim /home/greg/ansible/timesync.yml
[greg@workstation ansible]$ cat /home/greg/ansible/timesync.yml
---
- hosts: all
vars:
timesync_ntp_servers:
- hostname: 172.25.250.1
iburst: true
roles:
- timesync
[greg@workstation ansible]$ ansible-navigator run -m stdout timesync.yml # 运行
# 检查,两种2选1
[greg@workstation ansible]$ ansible all -m shell -a "cat /etc/chrony.conf | grep server"
[greg@workstation ansible]$ ansible all -m shell -a "chronyc sources"
图1
图2
第5题 使用Ansible Galaxy安装roles和collections
[greg@workstation ansible]$ vim /home/greg/ansible/roles/requirements.yml
[greg@workstation ansible]$ cat /home/greg/ansible/roles/requirements.yml
---
- src: http://master.rhel.exam.com/contents/haproxy.tar
name: balancer
- src: http://master.rhel.exam.com/contents/phpinfo.tar
name: phpinfo
# 安装 -r 指明用哪个文件安装 -p 指明角色安装的位置
[greg@workstation ansible]$ ansible-galaxy role install -r roles/requirements.yml -p /home/greg/ansible/roles/
# 查询,2选1,最好用第2种
[greg@workstation ansible]$ ansible-galaxy role list #图1
[greg@workstation ansible]$ ansible-navigator exec -- ansible-galaxy role list #图2
# 第2问
# 通过文件指明安装的路径和名称
[greg@workstation ansible]$ vim /home/greg/ansible/collections/requirements.yml
[greg@workstation ansible]$ cat /home/greg/ansible/collections/requirements.yml
---
collections:
- name: http://master.rhel.exam.com/contents/ansible-posix-1.5.0.tar.gz
- name: http://master.rhel.exam.com/contents/community-crypto-2.2.1.tar.gz
- name: http://master.rhel.exam.com/contents/community-general-7.0.0.tar.gz
[greg@workstation ansible]$ ansible-galaxy collection install -r ./collections/requirements.yml -p /home/greg/ansible/collections
# 查看,图3
[greg@workstation ansible]$ ansible-navigator exec -- ansible-galaxy collection list
图1
图2
图3
第6题 创建和使用角色
# 创建角色
[greg@workstation ansible]$ ansible-navigator exec -- ansible-galaxy init apache --init-path=/home/greg/ansible/roles
- Role apache was created successfully
[greg@workstation ansible]$ ansible-navigator exec -- ansible-galaxy role list
# /home/greg/ansible/roles
- timesync, (unknown version)
- balancer, (unknown version)
- phpinfo, (unknown version)
- apache, (unknown version)
# 编写剧本
[greg@workstation ansible]$ vim roles/apache/tasks/main.yml
[greg@workstation ansible]$ cat roles/apache/tasks/main.yml
---
# tasks file for apache
- name: ensure install httpd
ansible.builtin.dnf:
name: httpd
state: present
- name: start and enable httpd
ansible.builtin.systemd:
name: httpd
state: started
enabled: yes
- name: start and enable firewall
ansible.builtin.systemd:
name: firewalld.service
state: started
enabled: yes
- name: allow web
ansible.posix.firewalld:
service: http
permanent: true
immediate: true
state: enabled
- name: use tem
ansible.builtin.template:
src: index.html.j2
dest: /var/www/html/index.html
[greg@workstation ansible]$
[greg@workstation ansible]$ vim roles/apache/templates/index.html.j2
# 如果忘记事实变量怎么写,可以通过图1的方法,收集某台主机的所有事实变量
[greg@workstation ansible]$ cat roles/apache/templates/index.html.j2
Welcome to {{ ansible_facts['fqdn'] }} on {{ ansible_facts['default_ipv4']['address'] }}
# 查说明书写
[greg@workstation ansible]$ vim /home/greg/ansible/apache.yml
[greg@workstation ansible]$ cat /home/greg/ansible/apache.yml
---
- hosts: server
roles:
- apache
[greg@workstation ansible]$
[greg@workstation ansible]$ ansible-navigator run -m stdout apache.yml # 运行
。。。。。。
#检查现象
[greg@workstation ansible]$ ansible server -m shell -a "cat /var/www/html/index.html"
172.25.250.104 | CHANGED | rc=0 >>
Welcome to node4.rhel.exam.com on 172.25.250.104
172.25.250.103 | CHANGED | rc=0 >>
Welcome to node3.rhel.exam.com on 172.25.250.103
图1
第7题 从Ansible Galaxy使用角色
[greg@workstation ansible]$ vim /home/greg/ansible/roles.yml
[greg@workstation ansible]$ cat /home/greg/ansible/roles.yml
---
- hosts: all
gather_facts: yes # 先收集,给后面两个用
- hosts: balancer
roles:
- balancer
- hosts: web
roles:
- phpinfo
[greg@workstation ansible]$ ansible-navigator run -m stdout roles.yml #运行
查现象
图1
图2
图3
第8题 创建和使用逻辑卷
[greg@workstation ansible]$ ansible all -m shell -a "lvs" # 先查看一下
[greg@workstation ansible]$ vim /home/greg/ansible/lv.yml
[greg@workstation ansible]$ cat /home/greg/ansible/lv.yml
---
- hosts: all
tasks:
- name: create 800
block:
- name: create 800
ansible.builtin.lvol:
vg: rhel_server
lv: data
size: 800m
rescue:
- name: no vg
ansible.builtin.debug:
msg: "Could not create logical volume of that size"
when: ansible_facts['lvm']['vgs']['rhel_server'] is not defined
- name: no space
ansible.builtin.debug:
msg: "Volume group done not exist"
when: ansible_facts['lvm']['vgs']['rhel_server'] is defined
- name: create 200
ansible.builtin.lvol:
vg: rhel_server
lv: data
size: 200m
when: ansible_facts['lvm']['vgs']['rhel_server'] is defined
always:
- name: create filesystem
community.general.filesystem:
dev: /dev/rhel_server/data
fstype: ext4
when: ansible_facts['lvm']['vgs']['rhel_server'] is defined
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout lv.yml
。。。。。。#图1中block方式1、2、5运行失败,进行rescue运行图2。最后运行always(图3),最终运行结果(图4)
#检查
[greg@workstation ansible]$ ansible all -m shell -a "lvs /dev/rhel_server/data"
图1
图2
图3
图4
第9题 创建并使用磁盘分区
# 要先查看所有受控主机的磁盘情况
[greg@workstation ansible]$ ansible all -m shell -a "lsblk"
[greg@workstation ansible]$ vim /home/greg/ansible/partation.yml
[greg@workstation ansible]$ cat /home/greg/ansible/partation.yml
---
- hosts: all
tasks:
- name: creat 800m
block:
- name: creat 800m
community.general.parted:
device: /dev/vdc
number: 1
part_start: 1MiB
part_end: 801MiB
state: present
rescue:
- name: no vdc
ansible.builtin.debug:
msg: "Disk dose not exist"
when: ansible_facts['devices']['vdc'] is not defined
- name: no space
ansible.builtin.debug:
msg: "Could not create partation of that size"
when: ansible_facts['devices']['vdc'] is defined
- name: creat 200m
community.general.parted:
device: /dev/vdc
number: 1
part_start: 1MiB
part_end: 201MiB
state: present
when: ansible_facts['devices']['vdc'] is defined
always:
- name: create filesystem
community.general.filesystem:
dev: /dev/vdc1
fstype: xfs
when: ansible_facts['devices']['vdc'] is defined
- name: creat dir # 先创建目录,为挂载准备
ansible.builtin.file:
path: /newpart
state: directory
when: ansible_facts['devices']['vdc'] is defined
- name: mount
ansible.posix.mount:
path: /newpart
src: /dev/vdc1
fstype: xfs
state: mounted
when: ansible_facts['devices']['vdc'] is defined
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout partation.yml
# 检查,受控主机的分区创建情况(2选1)
[greg@workstation ansible]$ ansible all -m shell -a "lsblk"
[greg@workstation ansible]$ ansible all -m shell -a "lsblk /dev/vdc"
# 检查格式化类型
[greg@workstation ansible]$ ansible all -m shell -a "df -TH /newpart"
第10题 生成主机文件
[greg@workstation ansible]$ ls
adhoc.sh
ansible.cfg
ansible-navigator.log
apache-artifact-2025-07-14T06:42:54.254256+00:00.json
apache-artifact-2025-07-14T06:44:09.654896+00:00.json
apache.yml
collections
hosts.j2
inventory
lv-artifact-2025-07-14T07:30:32.121632+00:00.json
lv-artifact-2025-07-14T07:31:25.970307+00:00.json
lv-artifact-2025-07-14T07:33:21.845430+00:00.json
lv-artifact-2025-07-15T01:21:15.925294+00:00.json
lv.yml
packages-artifact-2025-07-14T04:27:56.591615+00:00.json
packages-artifact-2025-07-14T04:31:16.590021+00:00.json
packages.yml
partation-artifact-2025-07-15T01:51:44.263989+00:00.json
partation-artifact-2025-07-15T01:52:17.985006+00:00.json
partation-artifact-2025-07-15T01:53:06.374217+00:00.json
partation-artifact-2025-07-15T01:54:01.910889+00:00.json
partation-artifact-2025-07-15T01:55:19.566842+00:00.json
partation.yml
roles
roles-artifact-2025-07-14T06:58:25.235696+00:00.json
roles.yml
timesync-artifact-2025-07-14T05:09:51.691693+00:00.json
timesync.yml
# 以json结尾的是日志文件,是一开始~/.ansible-navigator.yml文件里的内容
[greg@workstation ansible]$ cat ~/.ansible-navigator.yml
---
ansible-navigator:
execution-environment:
image: registry.redhat.io/ansible-automation-platform-22/ee-supported-rhel8:latest
pull:
policy: missing
[greg@workstation ansible]$ pwd
/home/greg/ansible
[greg@workstation ansible]$ wget http://master.rhel.exam.com/contents/hosts.j2
-bash: wget: command not found
#没有安装wget,所以要再开一个终端,在root下去安装
[root@workstation ~]# dnf install wget -y
。。。。。。
#安装完成,重新使用
[greg@workstation ansible]$ wget http://master.rhel.exam.com/contents/hosts.j2
# 查看里面是否有hosts.j2文件
[greg@workstation ansible]$ ls
。。。
hosts.j2
。。。
#先查看一下hosts.j2内容
[greg@workstation ansible]$ cat hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#写playbook
[greg@workstation ansible]$ vim /home/greg/ansible/hosts.yml
[greg@workstation ansible]$ cat /home/greg/ansible/hosts.yml
---
- hosts: all # 针对所有受控主机生成内容,所以是all
tasks:
- name: user tem
ansible.builtin.template:
src: /home/greg/ansible/hosts.j2
dest: /etc/myhosts
when: inventory_hostname in groups['dev'] # 只在dev主机下生产文件
[greg@workstation ansible]$ vim hosts.j2
[greg@workstation ansible]$ cat hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for item in hostvars %}
{{ hostvars[item]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[item]['ansible_facts']['fqdn'] }} {{ hostvars[item]['ansible_facts']['hostname'] }}
{% endfor %}
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout hosts.yml
# 检查
[greg@workstation ansible]$ ansible all -m shell -a "cat /etc/myhosts"
第11题 修改文件内容
第一种写法:
[greg@workstation ansible]$ vim /home/greg/ansible/issue.yml
[greg@workstation ansible]$ cat /home/greg/ansible/issue.yml
---
- hosts: all
tasks:
- name: install tools
ansible.builtin.dnf:
name: '@RPM Development Tools'
state: present
when: inventory_hostname in groups['dev']
- name: send content
ansible.builtin.copy:
content: 'Development'
dest: /etc/issue
when: inventory_hostname in groups['dev']
- name: send content
ansible.builtin.copy:
content: 'TEST'
dest: /etc/issue
when: inventory_hostname in groups['test']
- name: send content
ansible.builtin.copy:
content: 'WebServer'
dest: /etc/issue
when: inventory_hostname in groups['web']
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout issue.yml
# 检查
[greg@workstation ansible]$ ansible dev -m shell -a "dnf group list"
[greg@workstation ansible]$ ansible dev -m shell -a "cat /etc/issue"
172.25.250.101 | CHANGED | rc=0 >>
Development
[greg@workstation ansible]$ ansible test -m shell -a "cat /etc/issue"
172.25.250.102 | CHANGED | rc=0 >>
TEST
[greg@workstation ansible]$ ansible web -m shell -a "cat /etc/issue"
172.25.250.103 | CHANGED | rc=0 >>
WebServer
172.25.250.104 | CHANGED | rc=0 >>
WebServer
第二种写法
[greg@workstation ansible]$ vim /home/greg/ansible/issue.yml
[greg@workstation ansible]$ cat /home/greg/ansible/issue.yml
---
- hosts: all
tasks:
- name: install tools
ansible.builtin.dnf:
name: '@RPM Development Tools'
state: present
when: inventory_hostname in groups['dev']
- name: send content
ansible.builtin.copy:
content: "{{ item['content'] }}"
dest: /etc/issue
when: inventory_hostname in groups[item['groupname']]
loop:
- content: Development
groupname: dev
- content: TEST
groupname: test
- content: WebServer
groupname: web
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout issue.yml
# 检查
[greg@workstation ansible]$ ansible dev -m shell -a "dnf group list"
[greg@workstation ansible]$ ansible dev -m shell -a "cat /etc/issue"
[greg@workstation ansible]$ ansible test -m shell -a "cat /etc/issue"
[greg@workstation ansible]$ ansible web -m shell -a "cat /etc/issue"
第12题 创建Web内容目录
[greg@workstation ansible]$ vim /home/greg/ansible/webcontent.yml
[greg@workstation ansible]$ cat /home/greg/ansible/webcontent.yml
---
- hosts: dev
tasks:
- name: ensure group webdev
ansible.builtin.group:
name: webdev
state: present
- name: create dir
ansible.builtin.file:
group: webdev
mode: '2775'
path: /webdev
state: directory
- name: install httpd
ansible.builtin.dnf:
name: httpd
state: present
- name: creat link
ansible.builtin.file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: send content
ansible.builtin.copy:
content: "Development"
dest: /webdev/index.html
- name: start and enable httpd
ansible.builtin.systemd:
name: httpd
state: started
enabled: yes
- name: start and enable firewall
ansible.builtin.systemd:
name: firewalld.service
state: started
enabled: yes
- name: allow web
ansible.posix.firewalld:
service: http
permanent: true
immediate: true
state: enabled
- name: install semanage
ansible.builtin.dnf:
name: /usr/sbin/semanage
state: present
- name: ls -Z
community.general.sefcontext:
target: '/webdev(/.*)?'
setype: httpd_sys_content_t
state: present
- name: restorecon
ansible.builtin.shell: 'restorecon -Rv /webdev'
# 运行
[greg@workstation ansible]$ ansible-navigator run -m stdout webcontent.yml
检查:
第13题 生成硬件报告
[greg@workstation ansible]$ vim /home/greg/ansible/hwreport.yml
[greg@workstation ansible]$ cat /home/greg/ansible/hwreport.yml
---
- hosts: all
tasks:
- name: download file
ansible.builtin.get_url:
url: http://master.rhel.exam.com/contents/hwreport.empty
dest: /root/hwreport.txt
- name: set value
ansible.builtin.lineinfile:
path: /root/hwreport.txt
regexp: "{{ item['regexp'] }}"
line: "{{ item['line'] }}"
loop:
- regexp: '^HOST='
line: HOST={{ ansible_facts['hostname'] }}
- regexp: '^MEMORY='
line: MEMORY={{ ansible_facts['memtotal_mb'] }}
- regexp: '^BIOS='
line: BIOS={{ ansible_facts['bios_version'] }}
- regexp: '^DISK_SIZE_VDA='
line: DISK_SIZE_VDA={{ ansible_facts['devices']['vda']['size'] | default('NONE') }}
- regexp: '^DISK_SIZE_VDB='
line: DISK_SIZE_VDB={{ ansible_facts['devices']['vdb']['size'] | default('NONE') }}
- regexp: '^DISK_SIZE_VDC='
line: DISK_SIZE_VDC={{ ansible_facts['devices']['vdc']['size'] | default('NONE') }}
# 运行,看过程
[greg@workstation ansible]$ ansible-navigator run -m stdout hwreport.yml
# 检验 图1
[greg@workstation ansible]$ ansible all -m shell -a "cat /root/hwreport.txt"
图1(未全)
第14题 创建密码库
[greg@workstation ansible]$ vim /home/greg/ansible/locker.yml
[greg@workstation ansible]$ cat /home/greg/ansible/locker.yml
---
pw_dev: dev
pw_manager: manager
# 如果已经安装了ansible-core,可用--help查询
[greg@workstation ansible]$ ansible-vault --help
# 加密
[greg@workstation ansible]$ ansible-navigator exec -- ansible-vault encrypt locker.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[greg@workstation ansible]$ echo "whoisyoudaddy" > /home/greg/ansible/secret.txt
# 验证
[greg@workstation ansible]$ vim /home/greg/ansible/locker.yml
[greg@workstation ansible]$ ansible-navigator exec -- ansible-vault view locker.yml
Vault password:
---
pw_dev: dev
pw_manager: manager
第15题 创建用户账户
[greg@workstation ansible]$ wget http://master.rhel.exam.com/contents/user_list.yml
[greg@workstation ansible]$ ls
[greg@workstation ansible]$ vim /home/greg/ansible/users.yml
[greg@workstation ansible]$ cat /home/greg/ansible/users.yml
---
- hosts: dev,test
vars_files:
- /home/greg/ansible/locker.yml
- /home/greg/ansible/user_list.yml
tasks:
- name: ensure devops
ansible.builtin.group:
name: devops
state: present
- name: create user1
ansible.builtin.user:
name: "{{ item['name']}}"
password: "{{ pw_dev | password_hash('sha512') }}"
groups: devops
append: yes
loop: "{{ users }}"
when: item['job'] == 'developer'
- hosts: web
vars_files:
- /home/greg/ansible/locker.yml
- /home/greg/ansible/user_list.yml
tasks:
- name: ensure opsmgr
ansible.builtin.group:
name: opsmgr
state: present
- name: create user2
ansible.builtin.user:
name: "{{ item['name']}}"
password: "{{ pw_manager | password_hash('sha512') }}"
groups: opsmgr
append: yes
loop: "{{ users }}"
when: item['job'] == 'manager'
# 运行加密文件,通过--vault-id导入密码文件
[greg@workstation ansible]$ ansible-navigator run -m stdout users.yml --vault-id=/home/greg/ansible/secret.txt
#查看
# dev
[greg@workstation ansible]$ ansible dev -m shell -a "tail -n 5 /etc/passwd"
[greg@workstation ansible]$ ansible dev -m shell -a "id fred"
[greg@workstation ansible]$ ansible dev -m shell -a "id bob"
# test
[greg@workstation ansible]$ ansible test -m shell -a "tail -n 5 /etc/passwd"
[greg@workstation ansible]$ ansible test -m shell -a "id bob"
[greg@workstation ansible]$ ansible test -m shell -a "id fred"
# web
[greg@workstation ansible]$ ansible web -m shell -a "tail -n 3 /etc/passwd"
[greg@workstation ansible]$ ansible web -m shell -a "id sally"
第16题 更新Ansible库的秘钥
[greg@workstation ansible]$ wget http://master.rhel.exam.com/contents/sal.yml
#改密码
[greg@workstation ansible]$ ansible-navigator exec -- ansible-vault rekey sal.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
# 查看
[greg@workstation ansible]$ ansible-navigator exec -- ansible-vault view sal.yml
Vault password:
oldpasswd: ansible666
newpasswd: rhelansible
[greg@workstation ansible]$
