由于本人10.17已成功考过CSA,经过两周所学的ansible并结合题库整理出来的CE解析版
我也是11月月底就要考了,不过这套解析也是可以满足今年的redhat8题库
文中可能涉及一些命令的参数解释,如有不懂的伙伴可参考我的笔记Ansible
ps:
一切模板似的题库考试,都需要经过大脑的理解 方可顺利上岸
正文开始:
文章目录
1、安装和配置Ansible
创建主机清单
修改配置文件
//必须修改的配置文件[grep@control ansible]$ vi ansible.cfg
[defaults]
inventory =/home/student/ansible/inventory
remote_user = greg ——自己所使用的用户
roles_path =/home/student/ansible/roles
host_key_checking =false ——主机之前传输文件不需要密钥认证
[privilege_escalation] 普通用户之间可以使用sudo模式
become =true
become_method = sudo
become_user = root
become_ask_pass =false[greg@control ansible]$ mkdir roles
测试是否可以ping通
2、创建和运行Ansible临时命令
考试时可以开启两台终端,另一半负责查看模块帮助文档,在练习当中需记住模块的使用就好
[greg@control ansible]$ ansible-doc yum_repository
node1进行验证
[greg@node1 yum. repos.d]$ yum list all | wc -l
6336
3、安装软件包
测试:
4、使用RHEL系统角色
首先下载系统角色
调用角色配置
写入主配置文件
roles: 用来调用timesync中的角色模块
执行
测试
5、使用Ansible Galaxy安装角色
balancer: 使用的是负载均衡
phpinfo: php测试
将两对角色下载到本地
-r 指定使用那个play下载角色 -p 指定下载目录
6、创建和使用角色
手动创建角色
[greg@control ansible]$ cat htttp.yml
---- name: install
hosts: webservers
roles:
- apache
[greg@control ansible]$ curl 172.25.250.11
Welcome to node3.lab.example.com on172.25.250.11[greg@control ansible]$ curl 172.25.250.12
Welcome to node4.lab.example.com on172.25.250.12
7、从Ansible Galaxy使用角色
这题可能说的有点绕,但是仔细想想其实就是通过利用balancers角色里的haproxy部署好负载均衡
然后webservers组里包含着node3、node4主机,
然而在第六题已经在webservers主机组部署好httpd服务和默认网页
第一步实验目的是实现在node5上负载均衡到webservers主机组
清单
PHP角色测试的内容
直接使用webservers组的IP访问
8、创建和使用逻辑卷
任务执行流程:
- 当block任务执行成功的时候,则执行always任务
- 当block任务执行失败的时候,则执行resvue任务,最后执行always任务(block任务执行失败,但是playbook不中止)
when语句是用来判断research卷组是否在data逻辑卷里面,如果存在则执行操作
测试:
[greg@control ansible] ansible all-a 'lvs'[root@node2~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0010G 0disk
└─vda1 252:1010G 0 part /
vdb 252:1605G 0disk
└─research-data253:001.5G 0 lvm
[greg@node3~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 252:0010G 0disk
└─vda1 252:1010G 0 part /
vdb 252:1605G 0disk
└─vdb1 252:1701G 0 part
└─research-data253:00800M 0 lvm
9、生成主机文件
[greg@control ansible]$ wget http://materials/hosts.j2--2022-11-09 11:07:41-- http://materials/hosts.j2
Resolving materials (materials)...172.25.254.254
Connecting to materials (materials)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response...200 OK
Length: 147
Saving to: ‘hosts.j2’
hosts.j2 100%[===================>]147--.-KB/s in 0s 2022-11-0911:07:41(37.9 MB/s)- ‘hosts.j2’ saved [147/147][greg@control ansible]$ ls
adhoc.sh hosts.j2 lv.yml roles timesync.yml
ansible.cfg inventory packages.yml roles.yml
[greg@control ansible]$ vim hosts.j2
[greg@control ansible]$ cat hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{%for host in groups.all%} ——循环匹配所有主机中的内容
{{ hostvars[host].ansible_enp1s0.ipv4.address }} ——匹配主机组中IP地址
{{ hostvars[host].ansible_fqdn }} ——匹配完全合格域名
{{ hostvars[host].ansible_hostname }} ——匹配主机名
{% endfor %} ——结束for循环
[greg@control ansible]$ cat hosts.yml
---- name: get all facts
hosts: all- name: cp to myhosts
hosts: dev
tasks:
- name: cp file
template:
src: hosts.j2
dest: /etc/myhosts
//测试[greg@control ansible]$ ansible-playbook hosts.yml
PLAY [get all facts]***********************************************************
TASK [Gathering Facts]*********************************************************
ok: [node4]
ok: [node2]
ok: [node5]
ok: [node3]
ok: [node1]
PLAY [cp to myhosts]***********************************************************
TASK [Gathering Facts]*********************************************************
ok: [node1]
TASK [cp file]*****************************************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node5 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0//node1[greg@node1~]$ cat /etc/myhosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.9
node1.lab.example.com
node1
172.25.250.10
node2.lab.example.com
node2
172.25.250.13
node5.lab.example.com
node5
172.25.250.11
node3.lab.example.com
node3
172.25.250.12
node4.lab.example.com
node4
10、修改文件内容
//原内容
[greg@node1 ~]$ cat /etc/issue
\S
Kernel \r on an \m
content :直接以content给定的字符串或变量值作为文件内容保存到远程主机上,它会替代src选项
[greg@control ansible]$ cat issue.yml
---- name: modify issue
hosts: all
tasks:
- name: input to issue
copy:
content: |
{%if'dev'in group_names %} ——将dev组中的所有内容替换
Development
{% elif 'test'in group_names %}
Test
{% elif 'prod'in group_names %}
Production
{% endif %}
dest: /etc/issue
[greg@control ansible]$ ansible-playbook issue.yml
PLAY [modify issue]************************************************************
TASK [Gathering Facts]*********************************************************
ok: [node5]
ok: [node4]
ok: [node3]
ok: [node2]
ok: [node1]
TASK [input to issue]**********************************************************
changed: [node4]
changed: [node5]
changed: [node3]
changed: [node2]
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node5 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0//发生改变[greg@node1~]$ cat /etc/issue
Development
11、创建 Web 内容目录
[greg@control ansible]$ cat webcontent.yml
---- name: web station
hosts: dev
tasks:
- name: install rpm
yum:
name:
- httpd
- firewalld
state: present
- name: creategroupgroup:
name: webdev
state: present
- name: create/webdev
file:
path: /webdev
state: directory
group: webdev
mode: 2775- name: cp
copy:
content: Development
dest: /webdev/index.html
- name: set selinux ——修改为http的网页值
sefcontext:
target: /webdev(/.*)?
setype: httpd_sys_content_t
- name: shell
shell:
cmd: restorecon -Rv /webdev
- name: create link ——创建软链接实现共享
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
- name: restart firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: firewall for http _放行防火墙规则
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[greg@control ansible]$ ansible-playbook webcontent.yml
PLAY [web station]*************************************************************
TASK [Gathering Facts]*********************************************************
ok: [node1]
TASK [install rpm]*************************************************************
ok: [node1]
TASK [creategroup]************************************************************
ok: [node1]
TASK [create/webdev]**********************************************************
ok: [node1]
TASK [cp]**********************************************************************
ok: [node1]
TASK [set selinux]*************************************************************
ok: [node1]
TASK [shell]*******************************************************************
changed: [node1]
TASK [create link]*************************************************************
changed: [node1]
TASK [restart httpd]***********************************************************
changed: [node1]
TASK [restart firewalld]*******************************************************
changed: [node1]
TASK [firewall for http]*******************************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=11 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0[greg@control ansible]$ curl http://node1.lab.example.com/webdev/
Development
12、生成硬件报告
replace模块
可以根据我们指定的正则表达式替换文件中的字符串,
文件中所有被匹配的字符串都会被替换 参数
:
- path参数:2.3版本之前只能用dest、destfile、name指定操作文件,2.4版本中仍然可以用这些参数名,也可以用path
- regexp参数:必须参数,指定一个python正则表达式,文件中与正则匹配的字符串将会被替换
- replace参数:指定最终要替换成的字符串 backup参数:是否在修改文件之前对文件进行备份,最好设置为yes。
//依据题目来查找内置变量,输关键字即可[greg@control ansible]$ ansible node2 -m setup > a
[greg@control ansible]$ vim a
240"ansible_hostname": "node1",//清单主机名称362"ansible_memtotal_mb": 1829,//以 MB 表示的总内存大小15"ansible_bios_version": "1.11.1-3.module+el8+2529+a9686a4d",//BIOS 版本
磁盘设备 vda 的大小
vdb则按上面像似
替换内容
开始编写主模块
[greg@control ansible]$ cat hwreport.yml
- name: get hwreport
hosts: all
tasks:
- name: create report file
get_url:
url: http://materials/hwreport.empty
dest: /root/hwreport.txt
- name: get hostname
replace:
path: /root/hwreport.txt
regexp: 'inventoryhostname'replace: "{{ inventory_hostname }}" ——匹配清单中主机名
- name: get mem
replace:
path: /root/hwreport.txt
regexp: 'memory_in_MB'replace: "{{ ansible_memtotal_mb }}"- name: get bios
replace:
path: /root/hwreport.txt
regexp: 'BIOS_version'replace: "{{ ansible_bios_version }}"- name: get vda
replace:
path: /root/hwreport.txt
regexp: 'disk_vda_size'replace: "{{ ansible_devices.vda.size if ansible_devices.vda is defined else 'NONE' }}"- name: get vdb
replace:
path: /root/hwreport.txt
regexp: 'disk_vdb_size'replace: "{{ ansible_devices.vdb.size if ansible_devices.vdb is defined else 'NONE' }}"
测试
[greg@control ansible]$ ansible-playbook hwreport.yml
PLAY [get hwreport]************************************************************
TASK [Gathering Facts]*********************************************************
ok: [node5]
ok: [node4]
ok: [node2]
ok: [node3]
ok: [node1]
TASK [create report file]******************************************************
changed: [node5]
changed: [node3]
changed: [node2]
changed: [node4]
changed: [node1]
TASK [get hostname]************************************************************
changed: [node2]
changed: [node3]
changed: [node4]
changed: [node5]
changed: [node1]
TASK [get mem]*****************************************************************[WARNING]: The value821(typeint)in a string field was converted to'821'(type string).If this does not look like what you expect, quote the entire
valueto ensure it does not change.
changed: [node5]
changed: [node2]
changed: [node4]
changed: [node3][WARNING]: The value1829(typeint)in a string field was converted to'1829'(type string).If this does not look like what you expect, quote the entire
valueto ensure it does not change.
changed: [node1]
TASK [get bios]****************************************************************
changed: [node5]
changed: [node4]
changed: [node2]
changed: [node3]
changed: [node1]
TASK [get vda]*****************************************************************
changed: [node5]
changed: [node2]
changed: [node4]
changed: [node3]
changed: [node1]
TASK [get vdb]*****************************************************************
changed: [node3]
changed: [node5]
changed: [node2]
changed: [node4]
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node5 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
测试:
[root@node2~]# ls
anaconda-ks.cfg hwreport.txt original-ks.cfg
[root@node2~]# cat hwreport.txt # Hardware report
HOST=node2
MEMORY=821
BIOS=1.11.1-3.module+el8+2529+a9686a4d
DISK_SIZE_VDA=10.00 GB
DISK_SIZE_VDB=5.00 GB[
13、创建密码库
[greg@control ansible]$ vim locker.yml
---
pw_developer: lmadev ——定义两个变量值为的密码为多少
pw_manager: lmamgr
[greg@control ansible]$ echo whenyouwishuponastar >/home/greg/ansible/secret.txt
[greg@control ansible]$ chmod 600 secret.txt
[greg@control ansible]$ ansible-vault encrypt locker.yml --vault-id=/home/greg/ansible/secret.txt
Encryption successful
[greg@control ansible]$ cat locker.yml ——为下一题的用户密码做准备
$ANSIBLE_VAULT;1.1;AES256
343632643961303166343561326334303632636266633033663438316332363836666635326538643237366536646632623438666538393334343930363833330a376636616536333639336135623633
366464653238313931376366393238383032383966316166323033383135643531346237316133393738633834323336610a376439646362356335306463623935643734346663366165383563373361
306464383539323765373836393232656130626137613433663435343635326464306139616234396163666330336231633264336531346438646664303432636463
14、创建用户账户
下载用户列表
[greg@control ansible]$ wget http://materials/user_list.yml[greg@control ansible]$ cat user_list.yml
users:
- name: bob
job: developer ——定义工作组中存在的用户
- name: sally
job: manager
- name: fred ——实事匹配的用户
job: developer
使用with_items迭代功能进行实现匹配文件中的多个键值
sha512是哈希大家庭里中的一个,哈希都有不可逆的特性。我们可以把它理解为无法解密的加密。
编写任务
[greg@control ansible]$ cat users.yml
---- name: create developer user
hosts: dev,test
vars_files: ——定义的变量文件获取
-/home/greg/ansible/locker.yml
-/home/greg/ansible/user_list.yml
tasks: ——创建devops组
- name: creategroup devops
group:
name: devops
state: present
- name: createuserin developer ——调用工作组的用户
user:
name: "{{ item.name }}" ——匹配developer工作组中的多个用户进行创建
groups: devops ——所属组
password: "{{ pw_developer | password_hash('sha512') }}" ——pw_developer调用locker.yml中加密的密码并常用采用 SHA512 哈希格式
state: present
loop: "{{ users }}" ——匹配循环将结果给后面
when: item.job =="developer" ——判断该工作目录在developer
- name: create developer user
hosts: prod
vars_files:
-/home/greg/ansible/locker.yml
-/home/greg/ansible/user_list.yml
tasks:
- name: creategroup opsmgr
group:
name: opsmgr
state: present
- name: createuserin manager ——指定工作组
user:
name: "{{ item.name }}"
groups: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
loop: "{{ users }}"when: item.job =="manager"[greg@control ansible]$ ansible-playbook users.yml --vault-id secret.txt
PLAY [create developer user]***************************************************
TASK [Gathering Facts]*********************************************************
ok: [node2]
ok: [node1]
TASK [creategroup devops]*****************************************************
ok: [node2]
ok: [node1]
TASK [createuserin developer]************************************************
changed: [node2]=>(item={'name': 'bob','job': 'developer'})
skipping: [node2]=>(item={'name': 'sally','job': 'manager'})
changed: [node1]=>(item={'name': 'bob','job': 'developer'})
skipping: [node1]=>(item={'name': 'sally','job': 'manager'})
changed: [node2]=>(item={'name': 'fred','job': 'developer'})
changed: [node1]=>(item={'name': 'fred','job': 'developer'})
PLAY [create developer user]***************************************************
TASK [Gathering Facts]*********************************************************
ok: [node4]
ok: [node3]
TASK [creategroup opsmgr]*****************************************************
ok: [node4]
ok: [node3]
TASK [createuserin manager]**************************************************
skipping: [node3]=>(item={'name': 'bob','job': 'developer'})
skipping: [node4]=>(item={'name': 'bob','job': 'developer'})
changed: [node3]=>(item={'name': 'sally','job': 'manager'})
skipping: [node3]=>(item={'name': 'fred','job': 'developer'})
changed: [node4]=>(item={'name': 'sally','job': 'manager'})
skipping: [node4]=>(item={'name': 'fred','job': 'developer'})
PLAY RECAP *********************************************************************
node1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
测试:
//可见test组已经完成创建了[root@node2~]# id bob
uid=1002(bob) gid=1003(bob) groups=1003(bob),1002(devops)[root@node2~]# id fred
uid=1003(fred) gid=1004(fred) groups=1004(fred),1002(devops)
15、更新 Ansible 库的密钥
[greg@control ansible]$
-[] wget http://materials/salaries.yml--2022-11-09 16:14:42-- http://materials/salaries.yml
Resolving materials (materials)...172.25.254.254
Connecting to materials (materials)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response...200 OK
Length: 355
Saving to: ‘salaries.yml’
salaries.yml 100%[===================>]355--.-KB/s in 0s 2022-11-0916:14:42(66.0 MB/s)- ‘salaries.yml’ saved [355/355][greg@control ansible]$ ansible-vault rekey salaries.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
[greg@control ansible]$ cat salaries.yml
$ANSIBLE_VAULT;1.1;AES256
383133616239303738393636386561303138626362356263353431313832303736376232333962333632303738386561346563313162353737343137653730340a663334366434373033653262376333
303936323830306662376230396436333638336433313738613465616439623039643534356631623638366139633830390a356331316633623932396636373932613365376539656139633133376637
6538
16、配置 cron 作业
创建⼀个名为 /home/greg/ansible/cron.yml 的 playbook ,配置 cron 作业,该作业每隔 2 分钟运⾏并执⾏以下命令:
logger “EX294 in progress”,以⽤户 natasha 身份运⾏
[greg@control ansible]$ cat cron.yml
---- name: create cron
hosts: all
tasks:
- name: createuseruser:
name: natasha
state: present
- name: create cron forall
cron:
name: crontab
minute: '*/2'
job: logger "EX294 in progress"user: natasha
[greg@control ansible]$ ansible-playbook cron.yml
PLAY [create cron]*************************************************************
TASK [Gathering Facts]*********************************************************
ok: [node4]
ok: [node3]
ok: [node5]
ok: [node2]
ok: [node1]
TASK [createuser]*************************************************************
changed: [node2]
changed: [node3]
changed: [node4]
changed: [node1]
changed: [node5]
TASK [create cron forall]*****************************************************
changed: [node5]
changed: [node4]
changed: [node2]
changed: [node3]
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node5 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0[root@node2~]# crontab -u natasha -l#Ansible: crontab*/2**** logger "EX294 in progress"
本文转载自: https://blog.csdn.net/cxyxt/article/details/127728055
版权归原作者 Blue Dream~ 所有, 如有侵权,请联系我们删除。
版权归原作者 Blue Dream~ 所有, 如有侵权,请联系我们删除。