本文详细介绍了RHCE8.0模拟考试中的Ansible使用,包括安装配置Ansible、创建运行Ansible命令、管理软件包、使用系统角色、Galaxy角色安装、创建自定义角色以及执行逻辑卷、分区、主机文件、文件内容修改等任务。通过一系列Ansible playbook,实现了自动化运维操作。
文章目录
RHCE8.0模拟题
RHCE模拟练习题⽬,请使⽤环境RH294:
在练习期间,您将操作下列虚拟系统
system IP Address Role
workstation.lab.example.com 172.25.250.9 Ansible control node
servera.lab.example.com 172.25.250.10 Ansible managed node
serverb.lab.example.com 172.25.250.11 Ansible managed node
serverc.lab.example.com 172.25.250.12 Ansible managed node
serverd.lab.example.com 172.25.250.13 Ansible managed node
bastion.lab.example.com 172.25.250.254 Ansible managed node
这些系统的 IP 地址采⽤静态设置,主机名称解析已配置为解析上⽅列出的主机名。 请勿更改这些设
置。
帐户信息:
f0主机的root密码为 Asimov ,f0上其他⽤户的密码均为 redhat
f0⾥⾯所有虚拟系统的 root 密码是 redhat ,请勿更改 root 密码。所有系统上已预装了 SSH 密
钥,允许在不输⼊密码的前提下通过 SSH 进⾏ root 访问。请勿对系统上的 root SSH 配置⽂件进⾏
任何修改。
Ansible 控制节点上已创建了⽤户 student 。此帐户预装了 SSH密钥,允许在 Ansible 控制节点和
各个 Ansible 受管节点之间进⾏SSH 登录。请勿对系统上的 student SSH 配置⽂件进⾏任何修改。
Ansible 被管理节点上已创建了⽤户 student ⽤于控制节点连接使⽤,考试时ssh免密和sudo提权已
经全部配置好,请勿修改。
开启虚拟机
开启虚拟机
[root@foundation0 ~]# virsh start bastion
[root@foundation0 ~]# virsh start workstation
[root@foundation0 ~]# virsh start servera
[root@foundation0 ~]# virsh start serverb
[root@foundation0 ~]# virsh start serverc
[root@foundation0 ~]# virsh start serverd
重置所有虚拟机
[root@foundation0 ~]# rht-vmctl reset all
说明:考试需要通过图形界⾯对虚拟机进⾏开机(start),关机(poweroff),重启(reboot)和重置
(rebuilt)操作,重置虚拟机后,虚拟机所有的配置将会清空。
安装和配置Ansible
按照下方所述,在控制节点workstation.lab.example.com 上安装和配置Ansible:
安装所需的软件包
创建名为/home/student/ansible/inventory的静态清单文件, 以满足以下需求:
servera是dev主机组的成员
serverb是test主机组的成员
serverc和serverd是prod主机组的成员
bastion是balancers主机组的成员
prod组是webservers主机组的成员
创建名为/home/student/ansible/ansible.cfg的配置文件, 以满足以下要求:
主机清单文件为/home/student/ansible/inventory
playbook中使用的角色的位置包括/home/student/ansible/roles
[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg /home/student/ansible/
[student@workstation ansible]$ mkdir /home/student/ansible/roles
[student@workstation ansible]$ vi ansible.cfg
[defaults]
inventory = /home/student/ansible/inventory
remote_user = student
roles_path = /home/student/ansible/roles
host_key_checking = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation ansible]$ vim inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
bastion
[webservers:children]
prod
[student@workstation ansible]$ ansible all -m ping
创建和运行Ansible临时命令
作为系统管理员, 您需要在受管节点上安装软件.
请按照下方所述, 创建一个名为/home/student/ansible/adhoc.sh的shell脚本,
该脚本将使用Ansible临时命令在各个受管节点上安装yum存储库:
存储库1:
存储库的名称为 rh294_BASE
描述为 rh294 base software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
存储库2:
存储库的名称为 rh294_STREAM
描述为 rh294 stream software
基础URL为 http://content.example.com/rhel8.0/x86_64/dvd/AppStream
GPG签名检查为启用状态
GPG密钥URL为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为开启状态
[student@workstation ansible]$ vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a "name=rh294_BASE description='rh294 base software'
file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
ansible all -m yum_repository -a "name=rh294_STREAM description='rh294 stream software'
file=rhel_dvd baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
[student@workstation ansible]$ chmod +x adhoc.sh
[student@workstation ansible]$ ./adhoc.sh
安装软件包
创建一个名为 /home/student/ansible/packages.yml的 playbook:
将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
将 RPM Development Tools 软件包组安装到 dev主机组中的主机上
将 dev 主机组中主机上的所有软件包更新为最新版本
[student@workstation ansible]$ vim packages.yml
---
- name: install pkgs
hosts: dev, test, prod
tasks:
- name: install mariadb php
yum:
name:
- php
- mariadb
state: present
- name: install group pkgs
hosts: dev
tasks:
- name: install Development Tools
yum:
name: "@Development Tools"
state: present
- name: update all pkgs
hosts: dev
tasks:
- name: update pkgs
yum:
name: '*'
state: latest
[student@workstation ansible]$ ansible-playbook packages.yml
使用RHEL系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的playbook /home/student/ansible/timesync.yml:
在所有受管节点上运行
使用 timesync 角色
配置该角色,以使用当前有效的 NTP 提供商
配置该角色,以使用时间服务器 classroom.example.com
配置该角色,以启用 iburst 参数
[student@workstation ansible]$ sudo yum -y install rhel-system-roles
[student@workstation ansible]$ mkdir roles
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@workstation ansible]$ vim timesync.yml
---
- name: set time sync
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@workstation ansible]$ ansible-playbook timesync.yml
使用selinux角色
配置该角色,开启所有受控节点的selinux
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux /home/student/ansible/roles/selinux
[student@workstation ansible]$ vim selinux.yml
---
- name: set selinux
hosts: all
vars:
selinux_state: enforcing
roles:
- role: selinux
become: true
[student@workstation ansible]$ ansible-playbook selinux.yml
使用Ansible Galaxy安装角色
使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml,从以下 URL 下载角色并安装到 /home/student/ansible/roles:
http://content.example.com/haproxy.tar.gz 此角色的名称应当为 balancer
http://content.example.com/phpinfo.tar.gz 此角色的名称应当为 phpinfo
[student@workstation ansible]$ vim roles/requirements.yml
---
- name: balancer
src: http://content.example.com/ansible2.8/haproxy.tar.gz
- name: phpinfo
src: http://content.example.com/ansible2.8/phpinfo.tar.gz
[student@workstation ansible]$ ansible-galaxy install -r /home/student/asnible/roles/requirements.yml -p /home/student/ansible/roles/
创建和使用角色
根据下列要求,在/home/student/ansible/roles中创建名为apache的角色:
httpd软件包已安装,设为在系统启动时启用并启动
防火墙已启用并正在运行,并使用允许访问Web服务器的规则
模板文件 index.html.j2 已存在,用于创建具有以下输出的文件/var/www/html/index.html:
Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME是受管节点的完全限定域名,IPADDRESS则是受管节点的IP地址。
按照下方所述,创建一个使用此角色的playbook /home/student/ansible/newrole.yml:
该playbook在webservers主机组中的主机上运行
[student@workstation ansible]$ cd roles/
[student@workstation roles]$ ansible-galaxy init apache
[student@workstation roles]$ vim http/tasks/main.yml
---
# tasks file for http
- name: install httpd firewalld
yum:
name:
- httpd
- firewalld
state: present
- name: cp file
template:
src: index.html.j2
dest: /var/www/html/index.html
- name: start httpd
service:
name: httpd
state: started
enabled: yes
- name: restart firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: firewalld for http
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@workstation roles]$ vim http/templates/index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_enp1s0.ipv4.address}}
[student@workstation ansible]$ vim newrole.yml
---
- name: use http role
hosts: webservers
roles:
- apache
[student@workstation ansible]$ ansible-playbook newrole.yml
[student@workstation ansible]$ curl http://serverc
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://serverd
Welcome to serverd.lab.example.com on 172.25.250.13
从Ansible Galaxy使用角色
根据下列要求,创建一个名为 /home/student/ansible/roles.yml的playbook:
playbook中包含一个play,该play在balancers主机组中的主机上运行并将使用balancer角色。
此角色配置一项服务,以在webservers主机组中的主机之间平衡Web服务器请求的负载。
浏览到balancers主机组中的主机(例如http://bastion.lab.example.com/ )将生成以下输出:
Welcome to serverc.example.com on 172.25.1.12
重新加载浏览器将从另一Web服务器生成输出:
Welcome to serverd.example.com on 172.25.1.13
playbook 中包含一个 play,该 play 在 webservers主机组中的主机上运行并将使用 phpinfo 角色。
通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出:
Hello PHP World from FQDN
其中,FQDN是主机的完全限定名称。
例如,浏览到 http://serverc.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverc.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。
同样,浏览到 http://serverd.lab.example.com/hello.php 会生成以下输出:
Hello PHP World from serverd.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的PHP 版本等。
[student@workstation ansible]$ vim roles.yml
---
- name: gather facts for webservers
hosts: webservers
- name: balancer role
hosts: balancers
roles:
- balancer
- name: php role
hosts: webservers
roles:
- phpinfo
[student@workstation ansible]$ ansible-playbook roles.yml
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13
[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com
创建和使用逻辑卷
创建一个名为/home/student/ansible/lv.yml 的playbook,它将在所有受管节点上运行以执行下列任务:
创建符合以下要求的逻辑卷:
逻辑卷创建在research卷组中
逻辑卷名称为data
逻辑卷大小为1500MiB
使用ext4文件系统格式化逻辑卷
如果无法创建请求的逻辑卷大小,应显示错误消息
Could not create logical volume of that size,并且应改为使用大小 800MiB。
如果卷组research 不存在 ,应显示错误消息
Volume group does not exist。
不要以任何方式挂载逻辑卷
前期环境
首先执行lvm_pre.yml
[student@workstation ansible]$ vim lvm_pre.yml
---
- name: create volume group
hosts: dev, test
tasks:
- name: Create partition for LVM
parted:
device: /dev/vdb
number: 1
flags: [ lvm ]
state: present
part_start: 1MiB
part_end: 2GiB
- name: create research vg
lvg:
vg: research
pvs: /dev/vdb1
- name: create volume group
hosts: prod
tasks:
- name: Create partition for LVM
parted:
device: /dev/vdb
number: 1
flags: [ lvm ]
state: present
part_start: 1MiB
part_end: 1GiB
- name: create research vg
lvg:
vg: research
pvs: /dev/vdb1
[student@workstation ansible]$ ansible-playbook lvm_pre.yml
[student@workstation ansible]$ vim lv.yml
---
- name: create lvm
hosts: all
tasks:
- name: create lv data
block:
- name: create lv 1500M
lvol:
lv: data
vg: research
size: 1500M
rescue:
- name: output fail message
debug:
msg: Could not create logical volume of that size
- name: create lv 800M
lvol:
lv: data
vg: research
size: 800M
always:
- name: format lv
filesystem:
dev: /dev/research/data
fstype: ext4
when: "'research' in ansible_lvm.vgs"
- name: search not exists
debug:
msg: Volume group does not exist
when: "'research' not in ansible_lvm.vgs"
[student@workstation ansible]$ ansible-playbook lv.yml
创建和使用分区
创建名为partition.yml的playbook,对所有节点进行操作:
在vdb上创建一个主分区1500MiB
使用ext4文件系统进行格式化
将文件系统挂载到/newpart
如果分区大小不满足,产生报错信息 could not create partition os that size
则创建分区大小变成800MiB
如果磁盘不存在,产生报错信息:disk does not exist
[student@workstation ansible]$ vim partition.yml
---
- name: create partition
hosts: all
tasks:
- name: create part1
block:
- name: create part 1500
parted:
device: /dev/vdb
number: 1
part_type: primary
part_start: 10MiB
part_end: 1510MiB
state: present
rescue:
- name: output fail message
debug:
msg: could not create partition os that size
- name: create part 800
parted:
device: /dev/vdb
number: 1
part_type: primary
part_start: 10MiB
part_end: 800MiB
state: present
always:
- name: format part
filesystem:
dev: /dev/vdb1
fstype: ext4
- name: create mount point
file:
path: /newpart
state: directory
- name: mount
mount:
src: /dev/vdb1
path: /newpart
fstype: ext4
state: mounted
when: "ansible_devices.vdb is defined"
- name: vdb not exist
debug:
msg: disk does not exist
when: "ansible_devices.vdb is not defined"
[student@workstation ansible]$ ansible-playbook partition.yml
由于练习环境原因,无法正常运行。
生成主机文件
将一个初始模板文件从http://content.example.com/hosts.j2下载到/home/student/ansible
完成该模板,以便用它生成以下文件:针对每个清单主机包含一行内容,其格式与 /etc/hosts 相同
创建名为 /home/student/ansible/hosts.yml 的playbook,它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts。
该 playbook 运行后,dev 主机组中主机上的文件/etc/myhosts 应针对每个受管主机包含一行内容:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.24.1.6 servera.lab1.example.com servera
172.24.1.7 serverb.lab1.example.com serverb
172.24.1.8 serverc.lab1.example.com serverc
172.24.1.9 serverd.lab1.example.com serverd
172.24.1.10 bastion.lab1.example.com bastion
[student@workstation ansible]$ wget http://content.example.com/hosts.j2
[student@workstation ansible]$ vim hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{{ hostvars[host].ansible_enp1s0.ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }}
{% endfor %}
[student@workstation ansible]$ vim hosts.yml
---
- name: get all facts
hosts: all
- name: cp to myhosts
hosts: dev
tasks:
- name: cp file
template:
src: /home/student/ansible/hosts.j2
dest: /etc/myhosts
[root@servera ~]# cat /etc/myhosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.10 servera.lab.example.com servera
172.25.250.11 serverb.lab.example.com serverb
172.25.250.254 bastion.lab.example.com bastion
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd
修改文件内容
按照下方所述,创建一个名为 /home/student/ansible/issue.yml 的 playbook:
该 playbook 将在所有清单主机上运行
该 playbook 会将 /etc/issue 的内容替换为下方所示的一行文本:
在 dev 主机组中的主机上,这行文本显示为:Development
在 test 主机组中的主机上,这行文本显示为:Test
在 prod 主机组中的主机上,这行文本显示为:Production
[student@workstation ansible]$ vim issue.yml
---
- name: modify issue
hosts: all
tasks:
- name: input to issue
copy:
content: |
{% if 'dev' in group_names %}
Development
{% elif 'test' in group_names %}
Test
{% elif 'prod' in group_names %}
Production
{% endif %}
dest: /etc/issue
[student@workstation ansible]$ ansible-playbook issue.yml
[student@workstation ansible]$ for i in server{a..d} bastion ; do ssh root@$i 'cat
/etc/issue'; done
Development
Test
Production
Productio
创建Web内容目录
按照下方所述,创建一个名为 /home/student/ansible/webcontent.yml 的 playbook:
该 playbook 在 dev 主机组中的受管节点上运行
创建符合下列要求的目录 /webdev:
所有者为 devops 组
具有常规权限:owner=read+write+execute,group=read+write+execute,other=read+execute
具有特殊权限: set group ID
用符号链接将 /var/www/html/webdev 链接到 /webdev
创建文件 /webdev/index.html,其中包含如下所示的单行文本:Development
在 dev 主机组中主机上浏览此目录(例如 http://servera.lab.example.com/webdev/ )将生成以下输出:
Development
[student@workstation ansible]$ vim webcontent.yml
---
- name: web station
hosts: dev
tasks:
- name: install httpd firewalld
yum:
name:
- httpd
- firewalld
state: present
- name: create group
group:
name: devops
state: present
- name: create /webdev
file:
path: /webdev
state: directory
group: devops
mode: 2775
- name: cp
copy:
content: Development
dest: /webdev/index.html
- name: set selinux context
sefcontext:
target: /webdev(/.*)?
setype: httpd_sys_content_t
- name: shell
shell:
cmd: restorecon -Rv /webdev
- name: create link to /var/www/html/webdev
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
- name: restart firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: firewall for http
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@workstation ansible]$ ansible-playbook webcontent.yml
[student@workstation ansible]$ curl http://servera.lab.example.com/webdev/
Development
生成硬件报告
创建一个名为 /home/student/ansible/hwreport.yml的 playbook,它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt:
输出文件中的每一行含有一个 key=value 对。
您的 playbook 应当:
从 http://content.example.com/hwreport.empty 下载文件,并将它保存为/root/hwreport.txt
使用正确的值修改 /root/hwreport.txt
如果硬件项不存在,相关的值应设为NONE
[student@workstation ansible]$ vim hwreport.yml
---
- name: get hwreport
hosts: all
tasks:
- name: Create report file
get_url:
url: http://content.example.com/hwreport.empty
dest: /root/hwreport.txt
- name: get inventory_hostname
replace:
path: /root/hwreport.txt
regexp: 'inventoryhostname'
replace: "{{ inventory_hostname }}"
- name: get mem
replace:
path: /root/hwreport.txt
regexp: 'memory_in_MB'
replace: "{{ ansible_memtotal_mb }}"
- name: get bios
replace:
path: /root/hwreport.txt
regexp: 'BIOS_version'
replace: "{{ ansible_bios_version }}"
- name: get vda
replace:
path: /root/hwreport.txt
regexp: 'disk_vda_size'
replace: "{{ ansible_devices.vda.size | default('NONE') }}"
- name: get vdb
replace:
path: /root/hwreport.txt
regexp: 'disk_vdb_size'
replace: "{{ ansible_devices.vdb.size | default('NONE') }}"
[student@workstation ansible]$ ansible-playbook hwreport.yml
[student@workstation ansible]$ for i in server{a..d} bastion;do ssh root@$i 'cat /r
oot/hwreport.txt';done
创建密码库
按照下方所述,创建一个 Ansible 库来存储用户密码:
库名称为 /home/student/ansible/locker.yml
库中含有两个变量,名称如下:
pw_developer,值为 Imadev
pw_manager,值为 Imamgr
用于加密和解密该库的密码为whenyouwishuponastar
密码存储在文件 /home/student/ansible/secret.txt中
[student@workstation ansible]$ vim locker.yml
---
pw_developer: lmadev
pw_manager: lmamgr
[student@workstation ansible]$ echo whenyouwishuponastar > secret.txt
[student@workstation ansible]$ chmod 600 secret.txt
[student@workstation ansible]$ ansible-vault encrypt locker.yml --vault-id=/home/student/ansible/secret.txt
创建用户账户
从 http://content.example.com/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/student/ansible
在本次考试中使用在其他位置创建的密码库 /home/student/ansible/locker.yml,创建名为/home/student/ansible/users.yml 的playbook,从而按以下所述创建用户帐户:
职位描述为 developer 的用户应当:
在 dev 和 test 主机组中的受管节点上创建
从 pw_developer 变量分配密码,密码有效期为30天
是附加组 student 的成员
职位描述为 manager 的用户应当:
在 prod 主机组中的受管节点上创建
从 pw_manager 变量分配密码,密码有效期为30天
是附加组 opsmgr 的成员
密码应采用 SHA512 哈希格式。
您的 playbook 应能够在本次考试中使用在其他位置创建的库密码文件/home/student/ansible/secret.txt 正常运行
[student@workstation ansible]$ wget http://content.example.com/user_list.yml
[student@workstation ansible]$ vim users.yml
---
- name: create developer user
hosts: dev, test
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group student
group:
name: student
state: present
- name: create user in developer
user:
name: "{{ item.name }}"
groups: student
password: "{{ pw_developer | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "developer"
- name: chage
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "developer"
- name: create manager user
hosts: prod
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group opsmgr
group:
name: opsmgr
state: present
- name: create user in manager
user:
name: "{{ item.name }}"
groups: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "manager"
- name: chage1
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "manager"
[student@workstation ansible]$ ansible-playbook users.yml --vault-id secret.txt
更新Ansible库的密钥
按照下方所述,更新现有 Ansible 库的密钥:
从 http://content.example.com/salaries.yml 下载 Ansible 库到 /home/student/ansible
当前的库密码为 为 insecure4sure
新的库密码为 bbe2de98389b
库使用新密码保持加密状态
# 准备⼯作,创建⼀个被加密的⽂件salaries.yml,并上传到f0的/content⽬录⾥⾯,考试不需要做,只需
要wget下载即可。
[student@workstation ansible]$ ansible-vault create salaries.yml
New Vault password: # 输⼊密码insecure4sure
Confirm New Vault password: # 输⼊密码insecure4sure
this is a test file # 内容任意
# 实际操作
[student@workstation ansible]$ wget http://172.25.254.254/content/salaries.yml
[student@workstation ansible]$ ansible-vault rekey salaries.yml
Vault password: # 输⼊旧密码insecure4sure
New Vault password: # 输⼊新密码bbe2de98389b
Confirm New Vault password: # 输⼊新密码bbe2de98389b
Rekey successful
计划任务
创建⼀个名为 /home/student/ansible/cron.yml 的 playbook ,
配置 cron 作业,该作业每隔 2 分钟运⾏并执⾏以下命令:
logger “EX294 in progress”,以⽤户 natasha 身份运⾏
[student@workstation ansible]$ vim cron.yml
---
- name: create cron
hosts: all
tasks:
- name: create user
user:
name: natasha
state: present
- name: create cron for all
cron:
name: cron
minute: '*/2'
job: logger "EX294 in progress"
user: natasha
[student@workstation ansible]$ ansible-playbook cron.yml
扫一扫
2069
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
