💗wei_shuo的个人主页

💫wei_shuo的学习社区

🌐Hello World ！

---

RHCE

1.安装和配置 Ansible

    安装和配置 Ansible按照下方所述，在控制节点 control 上安装和配置 Ansible：安装所需的软件包创建名为 /home/greg/ansible/inventory 的静态清单文件，以满足以下要求：node1 是 dev 主机组的成员node2 是 test 主机组的成员node3 和 node4 是 prod 主机组的成员node5 是 balancers 主机组的成员prod 组是 webservers 主机组的成员创建名为 /home/greg/ansible/ansible.cfg 的配置文件，以满足以下要求：主机清单文件为 /home/greg/ansible/inventoryplaybook 中使用的角色的位置包括 /home/greg/ansible/roles

#1.连接至普通用户greg，控制节点control
[kiosk@foundation0 ~]$ ssh greg@control#2.安装ansible软件包
[greg@control ~]$ sudo yum install -y ansible
[greg@control ~]$ rpm -q ansible 
ansible-2.9.15-1.el8ae.noarch#3.创建角色路径，并进入ansible目录
[greg@control ~]$ mkdir -p /home/greg/ansible/roles
[greg@control ~]$ cd ansible/
[greg@control ansible]$ #4.创建名为 /home/greg/ansible/ansible.cfg 的配置文件
[greg@control ansible]$ ansible --versionconfig file = /etc/ansible/ansible.cfg[greg@control ansible]$ cp /etc/ansible/ansible.cfg .[greg@control ansible]$ ansible --versionconfig file = /home/greg/ansible/ansible.cfg[greg@control ansible]$ ls
ansible.cfg  roles#5.修改配置文件，在配置文件做免密操作
[greg@control ansible]$ vim ansible.cfg inventory      = /home/greg/ansible/inventory		#清单文件路径
#inventory      = /etc/ansible/hosts/host
host_key_checking = False							#是否指纹解锁
#host_key_checking = False/remote
remote_user = root									#远程用户身份为root
#remote_user = root/become
[privilege_escalation]
become=True											#sudo提权
become_method=sudo
become_user=root
become_ask_pass=False#6.编写主机清单，在主机清单做免密操作
[greg@control ansible]$ vim /home/greg/ansible/inventory[all:vars]
ansible_password=flectrag[dev]
node1[test]
node2[prod]
node3
node4[balancers]
node5[webservers:children]
prod#7.进入ansible主配置文件，修改角色路径
[greg@control ansible]$ vim ansible.cfg 
roles_path    = /home/greg/ansible/roles
#roles_path    = /etc/ansible/roles#8.检查清单是否正确
[greg@control ansible]$ ansible-inventory --graph			#查看清单树
@all:|--@balancers:|  |--node5|--@dev:|  |--node1|--@test:|  |--node2|--@ungrouped:|--@webservers:|  |--@prod:|  |  |--node3|  |  |--node4#9.测试免密
[greg@control ansible]$ ansible all -a "hostname"
node4 | CHANGED | rc=0 >>
node4.lab.example.com

2.创建和运行 Ansible 临时命令

    创建和运行 Ansible 临时命令作为系统管理员，您需要在受管节点上安装软件。请按照正文所述，创建一个名为 /home/greg/ansible/adhoc.sh 的 shell 脚本，该脚本将使用 Ansible 临时命令在各个受管节点上安装 yum 存储库：存储库1：存储库的名称为 EX294_BASE描述为 EX294 base software基础 URL 为 http://content/rhel8.4/x86_64/dvd/BaseOSGPG 签名检查为启用状态GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release存储库为启用状态存储库2：存储库的名称为 EX294_STREAM描述为 EX294 stream software基础 URL 为 http://content/rhel8.4/x86_64/dvd/AppStreamGPG 签名检查为启用状态GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release存储库为启用状态

#ansible-doc查询文档
[greg@control ansible]$ ansible-doc -l | grep yum
yum                                                         
yum_repository [greg@control ansible]$ ansible-doc yum_repository 
/EX
gg
/gpgkey
/enabled#2.创建shell脚本文件
[greg@control ansible]$ vim /home/greg/ansible/adhoc.sh
=========================================================================================
#!/bin/bashansible all -m yum_repository -a "name=EX294_BASE description='EX294 base software' baseurl=http://content/rhel8.4/x86_64/dvd/BaseOS gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
ansible all -m yum_repository -a "name=EX294_STREAM description='EX294 stream software' baseurl=http://content/rhel8.4/x86_64/dvd/AppStream gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
=========================================================================================#3.shell脚本文件添加执行权限，并运行
[greg@control ansible]$ chmod +x /home/greg/ansible/adhoc.sh
[greg@control ansible]$ vim /home/greg/ansible/adhoc.sh
[greg@control ansible]$ /home/greg/ansible/adhoc.sh#4.测试，验证
[greg@control ansible]$ ansible all -a "yum install -y ftp"
Complete!

3.安装软件包

    安装软件包创建一个名为 /home/greg/ansible/packages.yml 的 playbook :将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上将 RPM Development Tools 软件包组安装到 dev 主机组中的主机上将 dev 主机组中主机上的所有软件包更新为最新版本

#1.设置行号显示，设置Tab格式
[greg@control ansible]$ vim ~/.vimrc
set number ts=2 sw=2 et#2.创建playbook，编写playbook
[greg@control ansible]$ ansible-doc yum
/EX- name: ensure a list of packages installedyum:name: "{{ packages }}"vars:packages:- httpd- httpd-tools- name: install the 'Development tools' package groupyum:name: "@Development tools"state: present- name: upgrade all packagesyum:name: '*'state: latest[greg@control ansible]$ vim /home/greg/ansible/packages.yml
=========================================================================================  1 ---2 - name: 安装软件包3   hosts: dev,test,prod4   tasks:5   - name: ensure a list of packages installed6     yum:7       name: "{{ packages }}"8     vars:9       packages:10       - php11       - mariadb12 13 - name: 安装软件包214   hosts: dev15   tasks:16   - name: install the package group17     yum:18       name: "@RPM Development Tools"19       state: present20   - name: upgrade all packages21     yum:22       name: '*'23       state: latest
=========================================================================================#3.playbook安装
[greg@control ansible]$ ansible-playbook packages.yml #4.验证
[greg@control ansible]$ ansible dev,test,prod -a "rpm -q php mariadb"
[greg@control ansible]$ ansible dev -a "yum grouplist"
[greg@control ansible]$ ansible dev -a "yum update"

4.A 使用 RHEL 系统角色（NEW）

    使用 RHEL 系统角色安装 RHEL 系统角色软件包，并创建符合以下条件的 playbook /home/greg/ansible/selinux.yml ：在所有受管节点上运行使用 selinux 角色配置该角色，配置被管理节点的 selinux 为enforcing

#1.搜索软件包
[greg@control ansible]$ yum search roles
rhel-system-roles.noarch 
#2.安装角色软件包
[greg@control ansible]$ sudo yum install -y rhel-system-roles.noarch #3.查看角色路径，角色路径放到配置文件
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch
/usr/share/ansible/roles[greg@control ansible]$ vim ansible.cfg70 roles_path    = /home/greg/ansible/roles:/usr/share/ansible/roles [greg@control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
# /usr/share/ansible/roles#4.查找配置文件样例，复制样例到playbook，修改playbook
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch | grep example
/usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml[greg@control ansible]$ cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml /home/greg/ansible/selinux.yml[greg@control ansible]$ vim /home/greg/ansible/selinux.yml#5.运行playbook
[greg@control ansible]$ ansible-playbook selinux.yml #6.验证
[greg@control ansible]$ ansible all -a "grep ^SELINUX /etc/selinux/config"
node4 | CHANGED | rc=0 >>
SELINUX=enforcing
SELINUXTYPE=targeted

4.B 使用 RHEL 系统角色（OLD）

    使用 RHEL 系统角色安装 RHEL 系统角色软件包，并创建符合以下条件的 playbook /home/greg/ansible/timesync.yml ：在所有受管节点上运行使用 timesync 角色配置该角色，以使用当前有效的 NTP 提供商配置该角色，以使用时间服务器 172.25.254.254配置该角色，以启用 iburst 参数

#1.搜索软件包
[greg@control ansible]$ yum search roles#2.查找配置文件样例，复制样例到playbook，修改playbook
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch | grep example
/usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml[greg@control ansible]$ cp /usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml /home/greg/ansible/timesync.yml[greg@control ansible]$ vim /home/greg/ansible/timesync.yml#3.运行playbook
[greg@control ansible]$ ansible-playbook timesync.yml#4.验证
[greg@control ansible]$ ansible all -m shell -a "timedatectl"
[greg@control ansible]$ ansible all -m shell -a 'chronyc sources -v | grep classroom'

 1 ---2 - hosts: all3   vars:4     timesync_ntp_servers:5       - hostname: 172.25.254.2546         iburst: yes7   roles:8     - rhel-system-roles.timesync

5.使用 Ansible Galaxy 安装角色

    使用 Ansible Galaxy 安装角色使用 Ansible Galaxy 和要求文件 /home/greg/ansible/roles/requirements.yml 。从以下 URL 下载角色并安装到 /home/greg/ansible/roles ：http://materials/haproxy.tar 此角色的名称应当为 balancerhttp://materials/phpinfo.tar 此角色的名称应当为 phpinfo

#1.编写playbook文件
[greg@control ansible]$ vim /home/greg/ansible/roles/requirements.yml#2.安装角色
[greg@control ansible]$ ansible-galaxy role install -r  /home/greg/ansible/roles/requirements.yml#3.验证
[greg@control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
- balancer, (unknown version)
- phpinfo, (unknown version)
# /usr/share/ansible/roles

 1 ---2 - src: http://materials/haproxy.tar3   name: balancer4 - src: http://materials/phpinfo.tar5   name: phpinfo

6.创建和使用角色

    创建和使用角色根据下列要求，在 /home/greg/ansible/roles 中创建名为 apache 的角色：httpd 软件包已安装，设为在系统启动时启用并启动防火墙已启用并正在运行，并使用允许访问 Web 服务器的规则模板文件 index.html.j2 已存在，用于创建具有以下输出的文件 /var/www/html/index.html ：1	Welcome to HOSTNAME on IPADDRESS其中，HOSTNAME 是受管节点的完全限定域名，IPADDRESS 则是受管节点的 IP 地址。创建一个名为 /home/greg/ansible/apache.yml 的 playbook：该 play 在 webservers 主机组中的主机上运行并将使用 apache 角色

[greg@control ansible]$ ansible-doc service
/EX
- name: Start service httpd, if not startedservice:name: httpdstate: started[greg@control ansible]$ ansible-doc firewalld
/EX		/imm #立即生效
- firewalld:service: httpspermanent: yesstate: enabled[greg@control ansible]$ ansible-doc template
/EX
- name: Template a file to /etc/files.conftemplate:src: /mytemplates/foo.j2dest: /etc/file.confowner: bingroup: wheelmode: '0644'[greg@control ansible]$ ansible dev -m setup -a "filter=*name*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*ipv4*"

#1.进入角色路径，创建名为 apache 的角色
[greg@control ansible]$ cd roles/
[greg@control roles]$ ansible-galaxy init apache
- Role apache was created successfully[greg@control roles]$ tree apache/
apache/
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars└── main.yml#2.编写任务tasks文件
[greg@control roles]$ vim apache/tasks/main.yml#3.编写模板文件
[greg@control roles]$ vim apache/templates/index.html.j2
Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }}#4.编写playbook文件
[greg@control roles]$ vim /home/greg/ansible/apache.yml1 ---2 - name: 创建和使用角色3   hosts: webservers4   roles:5   - apache#5.回到ansible路径，执行playbook文件
[greg@control roles]$ cd ..
[greg@control ansible]$ ansible-playbook apache.yml#6.验证
[greg@control ansible]$ ansible-inventory --graph[greg@control ansible]$ curl node3
Welcome to node3.lab.example.com on 172.25.250.11
[greg@control ansible]$ curl node4
Welcome to node4.lab.example.com on 172.25.250.12

  1 ---2 # tasks file for apache3 - name: Start service httpd, if not started4   service:5     name: httpd6     state: started7     enabled: yes8 - name: Start service httpd, if not started9   service:10     name: firewalld11     state: started12     enabled: yes13 - firewalld:14     service: http15     permanent: yes16     state: enabled17     immediate: yes18 - name: Template a file to /etc/files.conf19   template:20     src: index.html.j221     dest: /var/www/html/index.html

7.从 Ansible Galaxy 使用角色

    从 Ansible Galaxy 使用角色根据下列要求，创建一个名为 /home/greg/ansible/roles.yml 的 playbook ：playbook 中包含一个 play， 该 play 在 balancers 主机组中的主机上运行并将使用 balancer 角色。此角色配置一项服务，以在 webservers 主机组中的主机之间平衡 Web 服务器请求的负载。浏览到 balancers 主机组中的主机（例如 http://172.25.250.13 ）将生成以下输出：1	Welcome to node3.lab.example.com on 172.25.250.11重新加载浏览器将从另一 Web 服务器生成输出：1	Welcome to node4.lab.example.com on 172.25.250.12playbook 中包含一个 play， 该 play 在 webservers 主机组中的主机上运行并将使用 phpinfo 角色。请通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出：1	Hello PHP World from FQDN其中，FQDN 是主机的完全限定名称。1	Hello PHP World from node3.lab.example.com另外还有 PHP 配置的各种详细信息，如安装的 PHP 版本等。同样，浏览到 http://172.25.250.12/hello.php 会生成以下输出：1	Hello PHP World from node4.lab.example.com另外还有 PHP 配置的各种详细信息，如安装的 PHP 版本等。

#1.编写playbook
[greg@control ansible]$ vim /home/greg/ansible/roles.yml#2.执行playbook
[greg@control ansible]$ ansible-playbook /home/greg/ansible/roles.yml#3.验证
浏览器访问http://172.25.250.13
Welcome to node4.lab.example.com on 172.25.250.11
Welcome to node4.lab.example.com on 172.25.250.12浏览器访问http://172.25.250.13/hello.php
Hello PHP World from node4.lab.example.com 

  1 ---2 - name: 从 Ansible Galaxy 使用角色3   hosts: webservers4   roles:5   - phpinfo6 - name: 从 Ansible Galaxy 使用角色7   hosts: balancers8   roles:9   - balancer

8.A 创建和使用分区（NEW）

    创建和使用分区创建一个名为 /home/greg/ansible/partition.yml 的 playbook ，它将在所有受管节点上创建分区：在vdb创建一个1500M主分区，分区号1，并格式化ext4prod组将分区永久挂载到/data如果磁盘空间不够，给出提示信息Could not create partition of that size创建800MiB分区如果 vdb不存在，则给出提示信息this disk is not exist

[greg@control ansible]$ ansible-doc parted
/EX
- name: Create a new primary partition with a size of 1GiBparted:device: /dev/sdbnumber: 1state: presentpart_end: 1GiB[greg@control ansible]$ ansible-doc filesystem
/EX
- name: Create a ext2 filesystem on /dev/sdb1filesystem:fstype: ext2dev: /dev/sdb1[greg@control ansible]$ ansible-doc mount
/EX
- name: Mount DVD read-onlymount:path: /mnt/dvdsrc: /dev/sr0fstype: iso9660opts: ro,noautostate: present[greg@control ansible]$ ansible-doc debug
/EX
- debug:msg: System {{ inventory_hostname }} has gateway {{ ansible_default_ipv4.gatewa>when: ansible_default_ipv4.gateway is defined[greg@control ansible]$ ansible dev -m setup -a "filter=*device*"

#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/partition.yml#2.执行playbook
[greg@control ansible]$ ansible-playbook partition.yml #3.验证
[greg@control ansible]$ ansible all -a "blkid | grep /dev/vdb1"

  1 ---2 - name: 创建和使用分区3   hosts: all4   tasks:5   - block:6     - name: Create a new primary partition7       parted:8         device: /dev/vdb9         number: 110         state: present11         part_end: 1500MiB12     - name: Create a ext2 filesystem on /dev/sdb113       filesystem:14         fstype: ext415         dev: /dev/vdb116     - name: Mount DVD read-only17       mount:18         path: /data19         src: /dev/vdb120         fstype: ext421         state: mounted22       when: inventory_hostname in groups.prod23     rescue:24     - debug:25         msg: Could not create partition of that size26     - name: Create a new primary partition27       parted:28         device: /dev/vdb29         number: 130         state: present31         part_end: 800MiB32       when: ansible_devices.vdb is defined33   - debug:34       msg: this disk is not exist35     when: ansible_devices.vdb is not defined

8.B 创建和使用逻辑卷（OLD）

    创建和使用逻辑卷创建一个名为 /home/greg/ansible/lv.yml 的 playbook ，它将在所有受管节点上运行以执行下列任务：创建符合以下要求的逻辑卷：逻辑卷创建在 research 卷组中逻辑卷名称为 data逻辑卷大小为 1500 MiB使用 ext4 文件系统格式化逻辑卷如果无法创建请求的逻辑卷大小，应显示错误信息1	Could not create logical volume of that size，并且应改为使用大小 800 MiB。如果卷组 research 不存在，应显示错误信息1	Volume group done not exist。不要以任何方式挂载逻辑卷

[greg@control ansible]$ ansible-doc lvol
/EX
- name: Create a logical volume of 512mlvol:vg: fireflylv: testsize: 512[greg@control ansible]$ ansible-doc filesystem
/EX
- name: Create a ext2 filesystem on /dev/sdb1filesystem:fstype: ext2dev: /dev/sdb1[greg@control ansible]$ ansible-doc debug
/EX
- debug:msg: System {{ inventory_hostname }} has gatew>when: ansible_default_ipv4.gateway is defined[greg@control ansible]$ ansible dev -m setup -a "filter=*lvm*"

#1.创建playbook文件
[greg@control ansible]$ vim /home/greg/ansible/lv.yml#2.执行playbook文件
[greg@control ansible]$ ansible-playbook lv.yml #3.验证
[greg@control ansible]$ ansible all -a "lvs"

1 ---2 - name: 创建和使用逻辑卷3   hosts: all4   tasks:5   - block:6     - name: Create a logical volume of 512m7       lvol:8         vg: research9         lv: data10         size: 150011     - name: Create a ext2 filesystem on /dev/sdb112       filesystem:13         fstype: ext414         dev: /dev/research/data15     rescue:16     - debug:17         msg: Could not create logical volume of that size18     - name: Create a logical volume of 512m19       lvol: 20         vg: research21         lv: data22         size: 80023       when: ansible_lvm.vgs.research is defined24   - debug: 25       msg: Volume group done not exist 26     when: ansible_lvm.vgs.research is not defined

9.生成主机文件

生成主机文件将一个初始模板文件从 http://materials/hosts.j2 下载到 /home/greg/ansible完成该模板，以便用它生成以下文件：针对每个清单主机包含一行内容，其格式与 /etc/hosts 相同创建名为 /home/greg/ansible/hosts.yml 的 playbook ，它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts 。该 playbook 运行后， dev 主机组中主机上的文件 /etc/myhosts 应针对每个受管主机包含一行内容：1	127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain42	::1 localhost localhost.localdomain localhost6 localhost6.localdomain634	172.25.250.9    node1.lab.example.com node15	172.25.250.10   node2.lab.example.com node26	172.25.250.11   node3.lab.example.com node37	172.25.250.12   node4.lab.example.com node48	172.25.250.13   node5.lab.example.com node5

[greg@control ansible]$ ansible-doc template
/EX
- name: Template a file to /etc/files.conftemplate:src: /mytemplates/foo.j2dest: /etc/file.confowner: bingroup: wheelmode: '0644'

[greg@control ansible]$ ansible dev -m setup -a "filter=*address*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*name*"

#1.下载初始模板文件
[greg@control ansible]$ wget http://materials/hosts.j2#2.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/hosts.yml#3.编写hosts.j2文件
[greg@control ansible]$ vim hosts.j2 #4.运行playbook
[greg@control ansible]$ ansible-playbook hosts.yml#5.验证
[greg@control ansible]$ ansible dev -a "cat /etc/myhosts"

 1 ---2 - name: 生成主机文件3   hosts: all4   tasks:5   - name: Template 6     template:7       src: /home/greg/ansible/hosts.j28       dest: /etc/myhosts9     when: inventory_hostname in groups.dev

方法一：

 1 127.0.0.1 localhost localhost.localdomain localhost4 localho    st4.localdomain42 ::1 localhost localhost.localdomain localhost6 localhost6.lo    caldomain63 4 {% for host in groups['all'] %}5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_nodename }} {{ hostvars[host].ansible_hostname }}6 {% endfor %}

方法二：

{% for host in groups['all'] %} {{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['nodename'] }} {{ hostvars[host] ['ansible_facts']['hostname'] }} {% endfor %}

方法三：

#直接复制 /etc/hosts 内容到 hosts.j2 文件 
#运行playbook

10.修改文件内容

    修改文件内容按照下方所述，创建一个名为 /home/greg/ansible/issue.yml 的 playbook ：该 playbook 将在所有清单主机上运行该 playbook 会将 /etc/issue 的内容替换为下方所示的一行文本：在 dev 主机组中的主机上，这行文本显示 为：Development在 test 主机组中的主机上，这行文本显示 为：Test在 prod 主机组中的主机上，这行文本显示 为：Production

[greg@control ansible]$ ansible-doc copy
- name: Copy using inline contentcopy:content: '# This file was moved to /etc/other.con>dest: /etc/mine.conf#1.创建playbook，并编写
[greg@control ansible]$ vim /home/greg/ansible/issue.yml#2.运行playbook
[greg@control ansible]$ ansible-playbook issue.yml #3.验证
[greg@control ansible]$ ansible all -a "cat  /etc/issue"
[greg@control ansible]$ ansible-inventory --graph

  1 ---2 - name: 修改文件内容3   hosts: all4   tasks:5   - name: Copy using inline content6     copy:7       content: 'Development'8       dest: /etc/issue9     when: inventory_hostname in groups.dev10   - name: Copy using inline content11     copy:12       content: 'Test'13       dest: /etc/issue14     when: inventory_hostname in groups.test15   - name: Copy using inline content16     copy:17       content: 'Production'18       dest: /etc/issue19     when: inventory_hostname in groups.prod

11.创建 Web 内容目录

创建 Web 内容目录按照下方所述，创建一个名为 /home/greg/ansible/webcontent.yml 的 playbook ：该 playbook 在 dev 主机组中的受管节点上运行创建符合下列要求的目录 /webdev ：所有者为 webdev 组具有常规权限：owner=read+write+execute ， group=read+write+execute ，other=read+execute具有特殊权限：设置组 ID用符号链接将 /var/www/html/webdev 链接到 /webdev创建文件 /webdev/index.html ，其中包含如下所示的单行文件： Development在 dev 主机组中主机上浏览此目录（例如 http://172.25.250.9/webdev/ ）将生成以下输出：1 Development

#1.检查webdev 组是否存在
[greg@control ansible]$ ansible dev -a "grep webdev /etc/group"
node1 | CHANGED | rc=0 >>
webdev:x:1003:#2.创建playbook
[greg@control ansible]$ /home/greg/ansible/webcontent.yml#3.运行playbook
[greg@control ansible]$ ansible-playbook webcontent.yml#3.浏览器浏览http://172.25.250.9/webdev/
Development

[greg@control ansible]$ ansible-doc file
/EX
- name: Change file ownership, group and permissionsfile:path: /etc/foo.confowner: foogroup: foomode: '0644'- name: Create a directory if it does not existfile:path: /etc/some_directorystate: directorymode: '0755'- name: Create a symbolic linkfile:src: /file/to/link/todest: /path/to/symlinkowner: foogroup: foostate: link[greg@control ansible]$ ansible-doc copy
/EX- name: Copy using inline contentcopy:content: '# This file was moved to /etc/other.conf'dest: /etc/mine.conf- setypeThe type part of the SELinux file context.When set to `_default', it will use the `type' portion of>policy if available.[Default: (null)]type: str- name: Start service httpd, if not startedservice:name: httpdstate: startedenabled: yes

  1 ---2 - name: 创建 Web 内容目录3   hosts: dev4   tasks:5   - name: Change file ownership6     file:7       path: /webdev8       state: directory9       group: webdev10       mode: '2775'11   - name: Create a symbolic link12     file:13       src: /webdev14       dest: /var/www/html/webdev15       state: link16   - name: Copy using inline content17     copy:18       content: 'Development'19       dest: /webdev/index.html20       setype: httpd_sys_content_t21   - name: Start service httpd, if not started22     service:23       name: httpd24       state: started25       enabled: yes

12.生成硬件报告

    生成硬件报告创建一个名为 /home/greg/ansible/hwreport.yml 的 playbook ，它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt ：清单主机名称以 MB 表示的总内存大小BIOS 版本磁盘设备 vda 的大小磁盘设备 vdb 的大小输出文件中的每一行含有一个 key=value 对。您的 playbook 应当：从 http://materials/hwreport.empty 下载文件，并将它保存为 /root/hwreport.txt使用正确的值改为 /root/hwreport.txt如果硬件项不存在，相关的值应设为 NONE

#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/hwreport.yml#2.运行playbook
[greg@control ansible]$ ansible-playbook hwreport.yml#3.验证[greg@control ansible]$ ansible all -a 'cat /root/hwreport.txt'

[greg@control ansible]$ ansible-doc lineinfile
/EX
- name: Ensure SELinux is set to enforcing modelineinfile:path: /etc/selinux/configregexp: '^SELINUX='line: SELINUX=enforcing[greg@control ansible]$ ansible-doc get_url
/EX
- name: Download foo.confget_url:url: http://example.com/path/file.confdest: /etc/foo.confmode: '0440'[greg@control ansible]$ ansible dev -m debug -a "var=inventory_hostname"
[greg@control ansible]$ ansible dev -m setup -a "filter=*mem*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*bios*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*device*"

  1 ---2 - name: 生成硬件报告3   hosts: all4   tasks:5   - name: Download6     get_url:7       url: http://materials/hwreport.empty8       dest: /root/hwreport.txt9   - name: Ensure110     lineinfile:11       path: /root/hwreport.txt12       regexp: '^HOST='13       line: HOST={{ inventory_hostname }}14   - name: Ensure215     lineinfile:16       path: /root/hwreport.txt17       regexp: '^MEMORY='18       line: MEMORY={{ ansible_memtotal_mb }}19 20   - name: Ensure321     lineinfile:22       path: /root/hwreport.txt23       regexp: '^BIOS='24       line: BIOS={{ ansible_bios_version }}25   - name: Ensure426     lineinfile:27       path: /root/hwreport.txt28       regexp: '^DISK_SIZE_VDA='29       line: DISK_SIZE_VDA={{ ansible_devices.vda.size }}30 31   - name: Ensure532     lineinfile:33       path: /root/hwreport.txt34       regexp: '^DISK_SIZE_VDB='35       line: DISK_SIZE_VDB={{ ansible_devices.vdb.size | default('NONE', true) }}

13.创建密码库

(15题先，13题后，再14题)

    创建密码库按照下方所述，创建一个 Ansible 库来存储用户密码：库名称为 /home/greg/ansible/locker.yml库中含有两个变量，名称如下：pw_developer，值为 Imadevpw_manager，值为 Imamgr用于加密和解密该库的密码为 whenyouwishuponastar密码存储在文件 /home/greg/ansible/secret.txt 中

#1.密码导入密码存储文件
[greg@control ansible]$ echo "whenyouwishuponastar" > /home/greg/ansible/secret.txt#2.修改配置文件存储路径
[greg@control ansible]$ vim ansible.cfg
/password
144 #vault_password_file = /path/to/vault_password_file
145 vault_password_file = /home/greg/ansible/secret.txt #3.创建Ansible 库，存储用户密码
[greg@control ansible]$ ansible-vault create /home/greg/ansible/locker.yml
pw_developer: Imadev
pw_manager: Imamgr#4.验证
[greg@control ansible]$ ansible-vault view /home/greg/ansible/locker.yml---
pw_developer: Imadev
pw_manager: Imamgr[greg@control ansible]$ cat /home/greg/ansible/locker.yml

14.创建用户帐户

(15题先，13题后，再14题)

    创建用户帐户从 http://materials/user_list.yml 下载要创建的用户的列表，并将它保存到 /home/greg/ansible在本次练习中使用在其他位置创建的密码库 /home/greg/ansible/locker.yml 。创建名为 /home/greg/ansible/users.yml 的 playbook ，从而按以下所述创建用户帐户：职位描述为 developer 的用户应当：在 dev 和 test 主机组中的受管节点上创建从 pw_developer 变量分配密码是补充组 devops 的成员职位描述为 manager 的用户应当：在 prod 主机组中的受管节点上创建从 pw_manager 变量分配密码是补充组 opsmgr 的成员密码采用 SHA512 哈希格式。您的 playbook 应能够在本次练习中使用在其他位置创建的库密码文件 /home/greg/ansible/secret.txt 正常运行。

#查看组是否存在
[greg@control ansible]$ ansible dev,test -a "grep devops /etc/group"#playbook查询文档
[greg@control ansible]$ ansible-doc group
/EX
- name: Ensure group "somegroup" existsgroup:name: somegroupstate: present[greg@control ansible]$ ansible-doc user
/EX
- name: Add the user 'james' with a bash shell, appen>user:name: jamesshell: /bin/bashgroups: admins,developersappend: yes

#1.下载要创建的用户的列表
[greg@control ansible]$ wget http://materials/user_list.yml#2.创建playbook，并编写
[greg@control ansible]$ vim /home/greg/ansible/users.yml#3.运行playbook
[greg@control ansible]$ ansible-playbook users.yml#4.验证
[greg@control ansible]$ ansible-inventory --graph[greg@control ansible]$ ansible dev,test -m shell -a "id bob; id sally; id fred" 
[greg@control ansible]$ ssh bob@node1[greg@control ansible]$ ansible prod -m shell -a "id bob; id sally; id fred"
[greg@control ansible]$ ssh sally@node3

  1 ---2 - name: 创建用户帐户3   hosts: dev,test4   vars_files:5   - /home/greg/ansible/locker.yml6   - /home/greg/ansible/user_list.yml7   tasks:8   - name: Ensure group "somegroup" exists9     group:10       name: devops11       state: present12   - name: Add the user13     user:14       name: "{{ item.name }}"15       groups: devops16       password: "{{ pw_developer | password_hash('sha512') }}"17       append: yes18     loop: "{{ users }}"19     when: item.job == 'developer'20 21 - name: 创建用户帐户22   hosts: prod23   vars_files:24   - /home/greg/ansible/locker.yml25   - /home/greg/ansible/user_list.yml26   tasks:27   - name: Ensure group "somegroup" exists28     group:29       name: opsmgr30       state: present31   - name: Add the user32     user:33       name: "{{ item.name }}"34       groups: opsmgr35       password: "{{ pw_manager | password_hash('sha512') }}"36       append: yes37     loop: "{{ users }}"38     when: item.job == 'manager'

15.更新 Ansible 库的密钥

(15题先，13题后，再14题)

    更新 Ansible 库的密钥按照下方所述，更新现有 Ansible 库的密钥：从 http://materials/salaries.yml 下载 Ansible 库到 /home/greg/ansible当前的库密码为 insecure8sure新的库密码为 bbs2you9527库使用新密码保持加密状态

#1.下载Ansible 库
[greg@control ansible]$ wget http://materials/salaries.yml#2.重设密码
[greg@control ansible]$ ansible-vault rekey  /home/greg/ansible/salaries.yml #3.验证
[greg@control ansible]$ ansible-vault view  /home/greg/ansible/salaries.yml 
Vault password: 
haha

16.配置 cron 作业（增加）

    配置 cron 作业创建一个名为 /home/greg/ansible/cron.yml 的 playbook :该 playbook 在 test 主机组中的受管节点上运行配置 cron 作业，该作业每隔 2 分钟运行并执行以下命令：logger "EX200 in progress"，以用户 bob 身份运行

[greg@control ansible]$ ansible-doc cron
/EX
- name: Creates a cron file under /etc/cron.dcron:name: yum autoupdateweekday: "2"minute: "0"hour: "12"user: rootjob: "YUMINTERACTIVE=0 /usr/sbin/yum-autoupdate"cron_file: ansible_yum-autoupdate#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/cron.yml#2.运行playbook
[greg@control ansible]$ ansible-playbook cron.yml #3.验证
[greg@control ansible]$ ansible test -a "grep EX200 /var/log/cron"node2 | CHANGED | rc=0 >>
Jul  8 15:34:02 node2 CROND[6182]: (bob) CMD (logger "EX200 in progress")[greg@control ansible]$ ansible test -a "crontab -l -u bob"

  1 ---2 - name: cron3   hosts: test4   tasks:5   - name: Creates a cron6     cron:7       name: yum autoupdate8       minute: "*/2"9       user: bob10       job: logger "EX200 in progress"

---

🌼 结语：创作不易，如果觉得博主的文章赏心悦目，还请——点赞👍收藏⭐️评论📝

---