foundation
重置所有测试机
rht-vmctl status all
rht-vmctl fullreset classroom
rht-vmctl fullreset workstation
rht-vmctl fullreset servera
rht-vmctl fullreset serverb
rht-vmctl fullreset serverc
rht-vmctl fullreset serverd
rht-vmctl fullreset tower
ssh所有测试机
ssh root@workstation
ssh root@servera
ssh root@serverb
ssh root@serverc
ssh root@serverd
ssh root@tower
=========================================================
Chapter 1: Introducing Ansible
Guided Exercise: Install Ansible – p11
workstation
su – student
cd
lab install setup
yum list installed python
sudo yum install -y ansible
mkdir /home/student/dep-install
cd /home/student/dep-install
cat > inventory << EOF
[dev]
servera.lab.example.com
EOF
ansible dev -i inventory –list-hosts
lab install grade
=========================================================
Chapter 2: Deploying Ansible
Guided Exercise: Managing Ansible Configuration Files – p29
workstation
su – student
cd
lab manage setup
mkdir /home/student/dep-manage
cd /home/student/dep-manage
cat > ansible.cfg << EOF
[defaults]
inventory = inventory
EOF
cat > inventory << EOF
[myself]
localhost
[intranetweb]
servera.lab.example.com
[everyone:children]
myself
intranetweb
EOF
ansible myself –list-hosts
ansible intranetweb –list-hosts
ansible everyone –list-hosts
cat >> ansible.cfg << EOF
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = true
EOF
ansible intranetweb –list-hosts -v
ansible everyone -m ping
Guided Exercise: Running Ad Hoc Commands – p38
workstation
su – student
cd
lab adhoc setup
sudo cat /etc/sudoers.d/devops
ssh devops@servera.lab.example.com
exit
cd
cd dep-adhoc/
cat ansible.cfg
cat inventory
ansible everyone -m ping
ansible localhost -m command -a “id”
ansible localhost -m command -a ‘id’ -u devops
ansible localhost -m command -a ‘cat /etc/motd’ -u devops
ansible localhost -m copy -a ‘content=”Managed by Ansible\n” dest=/etc/motd’ -u devops
ansible localhost -m copy -a ‘content=”Managed by Ansible\n” dest=/etc/motd’ -u devops –become
more /etc/motd
ansible everyone -m copy -a ‘content=”Managed by Ansible\n” dest=/etc/motd’ -u devops –become
ansible everyone -m command -a ‘cat /etc/motd’ -u devops
Guided Exercise: Managing Dynamic Inventories – p46
workstation
su – student
cd
lab deploy-dynamic setup
cd /home/student/dep-dynamic
cat >> ansible.cfg << EOF
[defaults]
inventory = inventory
EOF
mkdir inventory
wget http://classroom.example.com/materials/dynamic/inventorya.py -O inventory/inventorya.py
wget http://classroom.example.com/materials/dynamic/inventoryw.py -O inventory/inventoryw.py
wget http://classroom.example.com/materials/dynamic/hosts -O inventory/hosts
ansible -i inventory/inventorya.py webservers –list-hosts
chmod 755 inventory/inventorya.py
chmod 755 inventory/inventoryw.py
inventory/inventorya.py –list
inventory/inventoryw.py –list
cat inventory/hosts
ansible webservers –list-hosts
cat >> inventory/hosts << EOF
[webservers]
EOF
cat inventory/hosts
ansible webservers –list-hosts
Lab: Deploying Ansible – p51
workstation
su – student
cd
lab deploy setup
yum list installed ansible
ansible –version
mkdir /home/student/dep-lab
cd /home/student/dep-lab
cat > ansible.cfg << EOF
[defaults]
remote_user = devops
inventory = inventory
[privilege_escalation]
become = False
become_method = sudo
become_user = root
become_ask_pass = False
EOF
cat ansible.cfg
mkdir inventory
wget http://classroom.example.com/materials/dynamic/inventory -O inventory/inventory
wget http://classroom.example.com/materials/dynamic/binventory.py -O inventory/binventory.py
chmod 755 inventory/binventory.py
cat > inventory/inventory << EOF
[internetweb]
[intranetweb]
servera.lab.example.com
serverb.lab.example.com
serverc.lab.example.com
serverd.lab.example.com
[everyone:children]
intranetweb
internetweb
EOF
cat inventory/inventory
ansible everyone -m command -a ‘id’
ansible everyone -m copy \
-a ‘content=”This server is managed by Ansible.\n” dest=/etc/motd’ –become
ansible everyone -m copy \
-a ‘content=”This server is managed by Ansible.\n” dest=/etc/motd’ –become
ansible everyone -m command -a ‘cat /etc/motd’
lab deploy grade
=========================================================
Chapter 3: Implementing Playbooks
Guided Exercise: Writing and Running Playbooks – p66
workstation
su – student
cd
lab basic setup
cat >> ~/.vimrc << EOF
autocmd FileType yaml setlocal ai ts=2 sw=2 et
EOF
cat ~/.vimrc
cd ~/basic-playbook
cat > ~/basic-playbook/site.yml << EOF
—
– name: Install and start Apache HTTPD
hosts: web
tasks:
– name: httpd package is present
yum:
name: httpd
state: present
– name: correct index.html is present
copy:
src: files/index.html
dest: /var/www/html/index.html
– name: httpd is started
service:
name: httpd
state: started
enabled: true
EOF
cat ~/basic-playbook/site.yml
ansible-playbook –syntax-check site.yml
ansible-playbook site.yml
ansible-playbook site.yml
Guided Exercise: Implementing Multiple Plays – p78
workstation
su – student
cd
lab playbook setup
cd /home/student/imp-playbook
cat > /home/student/imp-playbook/intranet.yml <<EOF
—
– name: Enable intranet services
hosts: servera.lab.example.com
become: yes
tasks:
– name: latest version of httpd and firewalld installed
yum:
name:
– httpd
– firewalld
state: latest
– name: firewalld enabled and running
service:
name: firewalld
enabled: true
state: started
– name: firewalld permits http service
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
– name: httpd enabled and running
service:
name: httpd
enabled: true
state: started
– name: test html page is installed
copy:
content: “Welcome to the example.com intranet!\n”
dest: /var/www/html/index.html
– name: Test intranet web server
hosts: localhost
become: no
tasks:
– name: connect to intranet web server
uri:
url: http://servera.lab.example.com
status_code: 200
EOF
cat /home/student/imp-playbook/intranet.yml
ansible-playbook –syntax-check intranet.yml
ansible-playbook intranet.yml
lab playbook grade
Lab: Implementing Playbooks – p87
workstation
su – student
cd
lab playbookinternet setup
cd /home/student/imp-lab
cat > internet.yml <<EOF
—
– name: Enable internet services
hosts: serverb.lab.example.com
become: yes
tasks:
– name: latest version of all required packages installed
yum:
name:
– firewalld
– httpd
– mariadb-server
– php
– php-mysql
state: latest
– name: firewalld enabled and running
service:
name: firewalld
enabled: true
state: started
– name: firewalld permits http service
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
– name: httpd enabled and running
service:
name: httpd
enabled: true
state: started
– name: mariadb enabled and running
service:
name: mariadb
enabled: true
state: started
– name: test php page is installed
get_url:
url: “http://materials.example.com/grading/var/www/html/index.php”
dest: /var/www/html/index.php
mode: 0644
– name: Test internet web server
hosts: localhost
become: no
tasks:
– name: connect to internet web server
uri:
url: http://serverb.lab.example.com
status_code: 200
EOF
cat internet.yml
sed ‘s#servera#serverb#’ inventory
cat inventory
ansible-playbook –syntax-check internet.yml
ansible-playbook internet.yml
lab playbookinternet grade
=========================================================
Chapter 4: Managing variables and inclusions
Guided Exercise: Managing Variables – p106
workstation
su – student
cd
lab manage-variables-playbooks setup
cd ~/dev-vars-playbook
cat > playbook.yml <<EOF
—
– name: Deploy and start Apache HTTPD service
hosts: webserver
vars:
web_pkg: httpd
firewall_pkg: firewalld
web_service: httpd
firewall_service: firewalld
python_pkg: python-httplib2
rule: http
tasks:
– name: Required packages are installed and up to date
yum:
name:
– “{{ web_pkg }}”
– “{{ firewall_pkg }}”
– “{{ python_pkg }}”
state: latest
– name: The {{ firewall_service }} service is started and enabled
service:
name: “{{ firewall_service }}”
enabled: true
state: started
– name: The {{ web_service }} service is started and enabled
service:
name: “{{ web_service }}”
enabled: true
state: started
– name: Web content is in place
copy:
content: “Example web content”
dest: /var/www/html/index.html
– name: The firewall port for {{ rule }} is open
firewalld:
service: “{{ rule }}”
permanent: true
immediate: true
state: enabled
– name: Verify the Apache service
hosts: localhost
become: false
tasks:
– name: Ensure the webserver is reachable
uri:
url: http://servera.lab.example.com
status_code: 200
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
lab manage-variables-playbooks grade
lab manage-variables-playbooks cleanup
Guided Exercise: Managing Facts – p118
workstation
su – student
cd
lab manage-variables-facts setup
cd ~/dev-vars-facts
ansible webserver -m setup
ansible webserver -m setup -a ‘filter=ansible_user’
cat > custom.fact <<EOF
[general]
package = httpd
service = httpd
state = started
EOF
cat custom.fact
cat > setup_facts.yml <<EOF
—
– name: Install remote facts
hosts: webserver
vars:
remote_dir: /etc/ansible/facts.d
facts_file: custom.fact
tasks:
– name: Create the remote directory
file:
state: directory
recurse: yes
path: “{{ remote_dir }}”
– name: Install the new facts
copy:
src: “{{ facts_file }}”
dest: “{{ remote_dir }}”
EOF
cat setup_facts.yml
ansible webserver -m setup -a ‘filter=ansible_local’
ansible-playbook –syntax-check setup_facts.yml
ansible-playbook setup_facts.yml
ansible webserver -m setup -a ‘filter=ansible_local’
cat > playbook.yml <<EOF
—
– name: Install Apache and starts the service
hosts: webserver
tasks:
– name: Install the required package
yum:
name: “{{ ansible_local.custom.general.package }}”
state: latest
– name: Start the service
service:
name: “{{ ansible_local.custom.general.service }}”
state: “{{ ansible_local.custom.general.state }}”
EOF
cat playbook.yml
ansible servera.lab.example.com -m command -a ‘systemctl status httpd’
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
ansible servera.lab.example.com -m command -a ‘systemctl status httpd’
lab manage-variables-facts grade
lab manage-variables-facts cleanup
Guided Exercise: Managing Inclusions – p132
workstation
su – student
cd
lab manage-variables-inclusions setup
cd ~/dev-vars-inclusions
mkdir tasks
cat > ~/dev-vars-inclusions/tasks/environment.yml <<EOF
—
– name: Install the {{ package }} package
yum:
name: “{{ package }}”
state: latest
– name: Start the {{ service }} service
service:
name: “{{ service }}”
state: “{{ svc_state }}”
EOF
cat ~/dev-vars-inclusions/tasks/environment.yml
cd ..
mkdir vars
cd vars
cat > ~/dev-vars-inclusions/vars/variables.yml <<EOF
—
firewall_pkg: firewalld
EOF
cat ~/dev-vars-inclusions/vars/variables.yml
cat > ~/dev-vars-inclusions/playbook.yml <<EOF
—
– name: Configure web server
hosts: webserver
vars:
rule: http
tasks:
– name: Include the variables from the YAML file
include_vars: vars/variables.yml
– name: Include the environment file and set the variables
include: tasks/environment.yml
vars:
package: httpd
service: httpd
svc_state: started
– name: Install the firewall
yum:
name: “{{ firewall_pkg }}”
state: latest
– name: Start the firewall
service:
name: firewalld
state: started
enabled: true
– name: Open the port for {{ rule }}
firewalld:
service: “{{ rule }}”
immediate: true
permanent: true
state: enabled
– name: Create index.html
copy:
content: “{{ ansible_fqdn }} has been customized using Ansible on the {{ ansible_date_time.date }}\n”
dest: /var/www/html/index.html
EOF
cat ~/dev-vars-inclusions/playbook.yml
cd ~/dev-vars-inclusions
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
curl http://servera.lab.example.com
lab manage-variables-inclusions grade
lab manage-variables-inclusions cleanup
Lab: Managing Variables and Inclusions
workstation
su – student
cd
lab manage-variables setup
cd ~/lab-managing-vars
cat > custom.fact <<EOF
[packages]
db_package = mariadb-server
web_package = httpd
[service]
db_service = mariadb
web_service = httpd
EOF
cat custom.fact
cat > setup_facts.yml <<EOF
—
– name: Install remote facts
hosts: lamp
vars:
remote_dir: /etc/ansible/facts.d
facts_file: custom.fact
tasks:
– name: Create the remote directory
file:
state: directory
recurse: yes
path: “{{ remote_dir }}”
– name: Install the new facts
copy:
src: “{{ facts_file }}”
dest: “{{ remote_dir }}”
EOF
cat setup_facts.yml
ansible-playbook –syntax-check setup_facts.yml
ansible-playbook setup_facts.yml
ansible lamp -m setup -a ‘filter=ansible_local’
mkdir vars
cat > vars/main.yml <<EOF
—
web_root: /var/www/html
EOF
cat vars/main.yml
mkdir tasks
cat > tasks/main.yml <<EOF
—
– name: Install and start the database and web servers
yum:
name:
– “{{ ansible_local.custom.packages.db_package }}”
– “{{ ansible_local.custom.packages.web_package }}”
state: latest
– name: Start the database service
service:
name: “{{ ansible_local.custom.service.db_service }}”
state: started
enabled: true
– name: Start the web service
service:
name: “{{ ansible_local.custom.service.web_service }}”
state: started
enabled: true
EOF
cat tasks/main.yml
cat > playbook.yml <<EOF
—
– name: Install and configure lamp
hosts: lamp
vars:
firewall: firewalld
tasks:
– name: Include the variable file
include_vars: vars/main.yml
– name: Include the tasks
include: tasks/main.yml
– name: Install the firewall
service:
name: “{{ firewall }}”
state: started
enabled: true
– name: Open the port for the web server
firewalld:
service: http
state: enabled
immediate: true
permanent: true
– name: Create index.html
copy:
content: “{{ ansible_fqdn }}({{ ansible_default_ipv4.address }}) has been customized by Ansible\n”
dest: “{{ web_root }}/index.html”
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
curl http://serverb
ansible lamp -a ‘systemctl status mariadb’
lab manage-variables grade
lab manage-variables cleanup
=========================================================
Chapter 5: Implementing Task Control
Guided Exercise: Constructing Flow Control – p155, 从这里开始,PDF是清晰的
workstation
su – student
cd
lab task-control-flowcontrol setup
cd ~/dev-flowcontrol
cat > configure_database.yml <<EOF
—
– yum:
name: “{{ extra_packages }}”
– get_url:
url: “http://materials.example.com/task_control/my.cnf”
dest: “{{ configure_database_path }}”
owner: mysql
group: mysql
mode: 0644
seuser: system_u
setype: mysqld_etc_t
force: yes
– service:
name: “{{ db_service }}”
state: started
enabled: true
EOF
cat configure_database.yml
cat > playbook.yml <<EOF
—
– hosts: all
vars:
db_package: mariadb-server
db_service: mariadb
db_users:
– db_admin
– db_user
configure_database_path: /etc/my.cnf
tasks:
– name: Create the MariaDB users
user:
name: “{{ item }}”
with_items: “{{ db_users }}”
when: inventory_hostname in groups[‘databases’]
– name: Install the database server
yum:
name: “{{ db_package }}”
when: db_package is defined
– name: Configure the database software
include: configure_database.yml
vars:
extra_packages:
– mariadb-bench
– mariadb-libs
– mariadb-test
when: configure_database_path is defined
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
ansible all -a ‘yum list installed mariadb-bench mariadb-libs mariadb-test’
ansible all -a ‘grep Ansible /etc/my.cnf’
ansible all -a ‘id db_user’
ansible all -a ‘id db_admin’
lab task-control-flowcontrol grade
lab task-control-flowcontrol cleanup
Guided Exercise: Implementing Handlers – p162
workstation
su – student
cd
lab task-control-handlers setup
cd ~/dev-handlers
cat > configure_db.yml <<EOF
—
– name: Installing Mariadb server
hosts: databases
vars:
db_packages:
– mariadb-server
– MySQL-python
db_service: mariadb
src_file: “http://materials.example.com/task_control/my.cnf.template”
dst_file: /etc/my.cnf
tasks:
– name: Install {{ db_packages }} package
yum:
name: “{{ item }}”
state: latest
with_items: “{{ db_packages }}”
notify:
– start_service
– name: Download and install {{ dst_file }}
get_url:
url: “{{ src_file }}”
dest: “{{ dst_file }}”
owner: mysql
group: mysql
force: yes
notify:
– restart_service
– set_password
handlers:
– name: start_service
service:
name: “{{ db_service }}”
state: started
– name: set_password
mysql_user:
name: root
password: redhat
EOF
cat configure_db.yml
ansible-playbook –syntax-check configure_db.yml
ansible-playbook configure_db.yml
lab task-control-handlers grade
lab task-control-handlers cleanup
Guided Exercise: Implementing Tags – p173
workstation:
su – student
cd
lab task-control-tags setup
cd ~/dev-tags
cat > configure_mail.yml <<EOF
—
– name: Install postfix
yum:
name: postfix
state: latest
tags:
– server
notify:
– start_postfix
– name: Install dovecot
yum:
name: dovecot
state: latest
tags:
– client
notify:
– start_dovecot
– name: Download main.cf configuration
get_url:
url: http://materials.example.com/task_control/main.cf
dest: /etc/postfix/main.cf
tags:
– server
notify:
– restart_postfix
EOF
cat configure_mail.yml
cat > playbook.yml <<EOF
—
– host: all
tasks:
– name: Include configure_mail.yml
include:
configure_mail.yml
when: inventory_hostname in groups[‘mailservers’]
handlers:
– name: start_postfix
service:
name: postfix
state: started
– name: start_dovecot
service:
name: dovecot
state: started
– name: restart_postfix
service:
name: postfix
state: restarted
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml –tags ‘server’
ansible mailservers -a ‘yum list installed postfix’
ansible-playbook playbook.yml –skip-tags ‘server’
ansible mailservers -a ‘yum list installed dovecot’
lab task-control-tags grade
lab task-control-tags cleanup
Guided Exercise: Handling Errors – p183
workstation:
su – student
cd
lab task-control-failures setup
cd ~/dev-failures
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: http
db_package: mariadb-server
db_service: mariadb
tasks:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: http
db_package: mariadb-server
db_service: mariadb
tasks:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
ignore_errors: yes
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: http
db_package: mariadb-server
db_service: mariadb
tasks:
– block:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
ignore_errors: yes
rescue:
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
always:
– name: Start {{ db_service }} service
service:
name: “{{ db_service }}”
state: started
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: httpd
db_package: mariadb-server
db_service: mariadb
tasks:
– block:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
ignore_errors: yes
rescue:
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
always:
– name: Start {{ db_service }} service
service:
name: “{{ db_service }}”
state: started
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: httpd
db_package: mariadb-server
db_service: mariadb
tasks:
– block:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
ignore_errors: yes
rescue:
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
always:
– name: Start {{ db_service }} service
service:
name: “{{ db_service }}”
state: started
– name: Check local time
command: date
register: command_result
– name: Print local time
debug:
var: command_result[“stdout”]
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: httpd
db_package: mariadb-server
db_service: mariadb
tasks:
– block:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
ignore_errors: yes
rescue:
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
always:
– name: Start {{ db_service }} service
service:
name: “{{ db_service }}”
state: started
– name: Check local time
command: date
register: command_result
changed_when: false
– name: Print local time
debug:
var: command_result[“stdout”]
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
cat > playbook.yml << EOF
—
– hosts: databases
vars:
web_package: httpd
db_package: mariadb-server
db_service: mariadb
tasks:
– block:
– name: Install {{ web_package }} package
yum:
name: “{{ web_package }}”
state: latest
failed_when: web_package == “httpd”
rescue:
– name: Install {{ db_package }} package
yum:
name: “{{ db_package }}”
state: latest
always:
– name: Start {{ db_service }} service
service:
name: “{{ db_service }}”
state: started
– name: Check local time
command: date
register: command_result
changed_when: false
– name: Print local time
debug:
var: command_result[“stdout”]
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
lab task-control-failures cleanup
===============================================
Lab: Implementing Task Control – p190
workstation:
su – student
cd
lab task-control setup
cd ~/lab-task-control
cat > install_packages.yml << EOF
—
– name: Installs the required packages
yum:
name: “{{ item }}”
with_items:
– “{{ web_package }}”
– “{{ ssl_package }}”
when:
– inventory_hostname in groups[“webservers”]
– “(ansible_memory_mb.real.total) > (memory)”
– name: Starts the service
service:
name: “{{ web_service }}”
state: started
EOF
cat install_packages.yml
cat > configure_web.yml <<EOF
—
– shell:
rpm -q httpd
register: rpm_check
failed_when: rpm_check.rc == 1
– block:
– get_url:
url: “{{ https_uri }}”
dest: /etc/httpd/conf.d/
– file:
path: /etc/httpd/conf.d/ssl
state: directory
mode: 0755
– file:
path: /var/www/html/logs
state: directory
mode: 0755
– stat:
path: /etc/httpd/conf.d/ssl.conf
register: ssl_file
– shell:
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
when: ssl_file.stat.exists
– unarchive:
src: “{{ ssl_uri }}”
dest: /etc/httpd/conf.d/ssl/
copy: no
notify:
– restart_services
– copy:
content: “{{ ansible_fqdn }} ({{ ansible_default_ipv4.address }}) has been customized by Ansible\n”
dest: /var/www/html/index.html
when:
rpm_check.rc == 0
EOF
cat configure_web.yml
cat > configure_firewall.yml << EOF
—
– yum:
name: “{{ fw_package }}”
state: latest
tags: production
– service:
name: “{{ fw_service }}”
state: started
tags: production
– firewalld:
service: “{{ item }}”
immediate: true
permanent: true
state: enabled
with_items:
– http
– https
tags: production
EOF
cat configure_firewall.yml
cat > playbook.yml << EOF
—
– hosts: webservers
tasks:
– block:
– include: install_packages.yml
vars:
memory: 256
web_package: httpd
ssl_package: mod_ssl
web_service: httpd
– include: configure_web.yml
vars:
https_uri: http://materials.example.com/task_control/https.conf
ssl_uri: http://materials.example.com/task_control/ssl.tar.gz
– include: configure_firewall.yml
vars:
fw_package: firewalld
fw_service: firewalld
tags: production
rescue:
– yum:
name: httpd
state: latest
notify:
– restart_services
– debug:
msg: “Failed to import and run all the tasks; installing the web server manually”
always:
– shell:
cmd: “systemctl status httpd”
handlers:
– name: restart_services
service:
name: “{{ item }}”
state: restarted
with_items:
– httpd
– firewalld
EOF
cat playbook.yml
ansible-playbook –syntax-check playbook.yml
ansible-playbook playbook.yml
lab task-control grade
lab task-control cleanup
=========================================================
Chapter 6 Implementing jinja2 templates
Guided Exercise: Implementing Jinja2 Templates – p215
workstation:
su – student
cd
lab jinja2-implement setup
cd ~/jinja2/
cat > inventory <<EOF
[webservers]
servera.lab.example.com
[workstations]
workstation.lab.example.com
EOF
cat inventory
cat > motd.j2 <<EOF
This is the system {{ ansible_hostname }}.
Today’s date is: {{ ansible_date_time.date }}.
Only use this system with permission.
You can ask {{ system_owner }} for access.
EOF
cat motd.j2
cat > motd.yml <<EOF
—
– hosts: all
user: devops
become: true
vars:
system_owner: clyde@example.com
tasks:
– template:
src: motd.j2
dest: /etc/motd
owner: root
group: root
mode: 0644
EOF
cat motd.yml
ansible-playbook –syntax-check motd.yml
ansible-playbook motd.yml
ssh devops@servera.lab.example.com
exit
lab jinja2-implement grade
lab jinja2-implement cleanup
Solution: Implementing Jinja2 Templates – p220
workstation:
su – student
cd
lab jinja2-lab setup
cd ~/jinja2-lab/
cat > inventory <<EOF
[servers]
serverb.lab.example.com
EOF
cat inventory
ansible serverb.lab.example.com -m setup
cat > motd.j2 <<EOF
This system’s total memory is: {{ ansible_memtotal_mb }} MBs.
The current free memory is: {{ ansible_memfree_mb }} MBs.
EOF
cat motd.j2
cat > motd.yml <<EOF
—
– hosts: all
user: devops
become: true
tasks:
– template:
src: motd.j2
dest: /etc/motd
owner: root
group: root
mode: 0644
EOF
cat motd.yml
ansible-playbook –syntax-check motd.yml
ansible-playbook motd.yml
ssh devops@serverb.lab.example.com
exit
lab jinja2-lab grade
lab jinja2-lab cleanup
=========================================================
Chapter 7 Implementing Roles – p224
Guided Exercise: Creating Roles – p235
workstation:
su – student
cd
lab creating-roles setup
cd ~/dev-roles
mkdir -p roles/myvhost/{files,handlers}
mkdir roles/myvhost/{meta,tasks,templates}
cat > roles/myvhost/tasks/main.yml <<EOF
—
# tasks file for myvhost
– name: install httpd
yum:
name: httpd
state: latest
– name: start and enable httpd service
service:
name: httpd
state: started
enabled: true
– name: deliver html content
copy:
src: html/
dest: “/var/www/vhosts/{{ ansible_hostname }}”
– name: template vhost file
template:
src: vhost.conf.j2
dest: /etc/httpd/conf.d/vhost.conf
owner: root
group: root
mode: 0644
notify:
– restart httpd
EOF
cat roles/myvhost/tasks/main.yml
cat > roles/myvhost/handlers/main.yml <<EOF
—
# handlers file for myvhost
– name: restart httpd
service:
name: httpd
state: restarted
EOF
cat roles/myvhost/handlers/main.yml
mkdir -p roles/myvhost/files/html
echo ‘simple index’ > roles/myvhost/files/html/index.html
mv vhost.conf.j2 roles/myvhost/templates/
cat > use-vhost-role.yml <<EOF
—
– name: use vhost role playbook
hosts: webservers
pre_tasks:
– debug:
msg: ‘Beginning web server configuration.’
roles:
– myvhost
post_tasks:
– debug:
msg: ‘Web server has been configured.’
EOF
cat use-vhost-role.yml
ansible-playbook –syntax-check use-vhost-role.yml
ansible-playbook use-vhost-role.yml
ansible webservers -a ‘yum list installed httpd’
ansible webservers -a ‘systemctl is-active httpd’
ansible webservers -a ‘systemctl is-enabled httpd’
ansible webservers -a ‘cat /etc/httpd/conf.d/vhost.conf’
ansible webservers -a ‘cat /var/www/vhosts/servera/index.html’
ansible webservers -a ‘curl -s http://localhost’
curl -S http://servera.lab.example.com
mkdir -p roles/myfirewall/{defaults,handlers,tasks}
cat > roles/myfirewall/tasks/main.yml <<EOF
—
# tasks file for myfirewall
– name: install firewalld
yum:
name: firewalld
state: latest
– name:
service:
name: firewalld
state: started
enabled: true
– name: firewall services config
firewalld:
state: enabled
immediate: true
permanent: true
service: “{{ firewall_service }}”
EOF
cat roles/myfirewall/tasks/main.yml
cat > roles/myfirewall/handlers/main.yml <<EOF
—
# handlers file for myfirewalld
– name: restart firewalld
service:
name: firewalld
state: restarted
EOF
cat roles/myfirewall/handlers/main.yml
cat > roles/myfirewall/defaults/main.yml <<EOF
—
# defaults file for myfirewall
firewall_service: ssh
EOF
cat roles/myfirewall/defaults/main.yml
cat > roles/myvhost/meta/main.yml <<EOF
—
dependencies:
– { role: myfirewall, firewall_service: http }
EOF
cat roles/myvhost/meta/main.yml
ansible-playbook –syntax-check use-vhost-role.yml
ansible-playbook use-vhost-role.yml
curl http://servera.lab.example.com
lab creating-roles grade
lab creating-roles cleanup
Guided Exercise: Deploying Roles with Ansible Galaxy – p249
workstation:
su – student
cd
lab ansible-galaxy setup
cd ~/dev-roles
cat > install-roles.yml <<EOF
—
# install-roles.yml
– src: http://materials.example.com/roles-library/student.bash_env.tgz
name: student.bash_env
EOF
cat install-roles.yml
ls roles/
ansible-galaxy install -p roles -r install-roles.yml
ls roles/
cat > use-bash_env-role.yml <<EOF
—
– name: use student.bash_env role playbook
hosts: webservers
user: devops
become: true
roles:
– student.bash_env
EOF
cat use-bash_env-role.yml
ansible-playbook –syntax-check use-bash_env-role.yml
ansible-playbook -i inventory use-bash_env-role.yml
md5sum roles/student.bash_env/templates/*
ssh servera md5sum /etc/skel/{.bash_profile,.bashrc,.vimrc}
cat roles/student.bash_env/templates/_bashrc.j2
ssh servera tail -n5 /etc/skel/.bashrc
ansible-galaxy init –offline -p roles empty.example
ls roles/
ls roles/empty.example/
ls roles/empty.example/*
cat roles/empty.example/tasks/main.yml
lab ansible-galaxy grade
lab ansible-galaxy cleanup
Solution: Implementing Roles – p257
workstation:
su – student
cd
lab ansible-roles-lab setup
cd ~/lab-roles
ansible-galaxy init –offline -p roles student.myenv
ansible-galaxy init –offline -p roles myapache
mv mkcd.sh.j2 roles/student.myenv/templates/
cp /usr/share/icons/hicolor/48×48/apps/system-logo-icon.png roles/student.myenv/files/profile.png
cat > roles/student.myenv/tasks/main.yml <<EOF
—
# task file for student.myenv
– name: check myenv_user default
fail:
msg: You must specify the variable myenv_user to use this role!
when: “myenv_user == ””
– name: install my packages
yum:
name: “{{ item }}”
state: installed
with_items: “{{ myenv_packages }}”
– name: copy placeholder profile pic
copy:
src: profile.png
dest: “~{{ myenv_user }}/profile.png”
– name: set an alias in .bashrc
lineinfile:
line: “alias tree=’tree -C'”
dest: “~{{ myenv_user }}/.bashrc”
– name: template out mkcd function
template:
src: mkcd.sh.j2
dest: /etc/profile.d/mkcd.sh
owner: root
group: root
mode: 0644
EOF
cat roles/student.myenv/tasks/main.yml
cat > roles/student.myenv/vars/main.yml <<EOF
—
# vars file for student.myenv
myenv_packages:
– ‘git’
– ‘tree’
– ‘vim-enhanced’
EOF
cat roles/student.myenv/vars/main.yml
cat > roles/student.myenv/defaults/main.yml <<EOF
—
# defaults file for student.myenv
myenv_user: ”
EOF
cat roles/student.myenv/defaults/main.yml
cat > myenv.yml <<EOF
—
– name: setup my personal environment
hosts: all
roles:
– student.myenv
EOF
cat myenv.yml
ansible-playbook –syntax-check myenv.yml
ansible-playbook myenv.yml
cat > myenv.yml <<EOF
—
– name: setup my personal environment
hosts: all
roles:
– role: student.myenv
myenv_user: student
EOF
cat myenv.yml
ansible-playbook –syntax-check myenv.yml
ansible-playbook myenv.yml
mv apache_*.j2 roles/myapache/templates
ls roles/myapache/templates
cat > roles/myapache/handlers/main.yml <<EOF
—
# handlers file for myapache
– name: restart apache
service:
name: httpd
state: restarted
EOF
cat roles/myapache/handlers/main.yml
cat > roles/myapache/tasks/main.yml <<EOF
—
# tasks file for myapache
– name: install apache package
yum:
name: httpd
state: latest
– name: install firewalld package
yum:
name: firewalld
state: latest
– name: template out apache configuration file
template:
src: apache_httpdconf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 0444
notify:
– restart apache
when: apache_enable
– name: template out apache index.html
template:
src: apache_indexhtml.j2
dest: /var/www/html/index.html
owner: root
group: root
mode: 0444
when: apache_enable
– name: start and enable apache daemon
service:
name: httpd
state: started
enabled: true
when: apache_enable
– name: start and enable firewalld daemon
service:
name: firewalld
state: started
enabled: true
when: apache_enable
– name: open http firewall port
firewalld:
port: 80/tcp
immediate: true
permanent: true
state: enabled
when: apache_enable
EOF
cat roles/myapache/tasks/main.yml
cat > roles/myapache/defaults/main.yml <<EOF
—
# defaults file for myapache
apache_enable: false
EOF
cat roles/myapache/defaults/main.yml
cat > apache.yml <<EOF
—
– name: setup apache on serverb.lab.example.com
hosts: serverb.lab.example.com
roles:
– myapache
EOF
cat apache.yml
ansible-playbook –syntax-check apache.yml
ansible-playbook apache.yml
cat > apache.yml <<EOF
—
– name: setup apache on serverb.lab.example.com
hosts: serverb.lab.example.com
roles:
– role: myapache
apache_enable: true
EOF
cat apache.yml
ansible-playbook –syntax-check apache.yml
ansible-playbook apache.yml
curl -s http://serverb.lab.example.com
lab ansible-roles-lab grade
lab ansible-roles-lab cleanup
=========================================================
Chapter 8: Optimizing Ansible
Guided Exercise: Selecting Hosts with Host Patterns – p274
workstation:
su – student
cd
lab patterns setup
cd patterns
ls
cat inventory
ansible db1.example.com -i inventory –list-hosts
ansible 172.25.252.44 -i inventory –list-hosts
ansible all -i inventory –list-hosts
ansible london -i inventory –list-hosts
ansible environments -i inventory –list-hosts
ansible ungrouped -i inventory –list-hosts
ansible ‘*.example.com’ -i inventory –list-hosts
ansible ‘*.example.com,!*.example.com’ -i inventory –list-hosts
ansible lb1.lab.example.com,s1.lab.example.com,db1.example.com -i inventory –list-hosts
ansible ‘172.25.*’ -i inventory –list-hosts
ansible ‘s*’ -i inventory –list-hosts
ansible ‘prod,172*,*lab*’ -i inventory –list-hosts
ansible ‘db,&london’ -i inventory –list-hosts
Guided Exercise: Configuring Delegation – p285
workstation:
su – student
cd
lab configure-delegation setup
cd ~/configure-delegation
cat > ~/configure-delegation/inventory/hosts <<EOF
[webservers]
servera.lab.example.com
[proxyservers]
serverc.lab.example.com
EOF
cat ~/configure-delegation/inventory/hosts
mv servera.lab.example.com-httpd.conf.j2 ~/configure-delegation/templates
mv serverc.lab.example.com-httpd.conf.j2 ~/configure-delegation/templates
cat > ~/configure-delegation/templates/index.html.j2 <<EOF
The webroot is {{ ansible_fqdn }}.
EOF
cat ~/configure-delegation/templates/index.html.j2
cat > ~/configure-delegation/site.yml <<EOF
—
– name: Install and configure httpd
hosts: all
remote_user: devops
become: true
tasks:
– name: Install httpd
yum:
name: httpd
state: installed
– name: Start and enable httpd
service:
name: httpd
state: started
enabled: yes
– name: Install firewalld
yum:
name: firewalld
state: installed
– name: Start and enable firewalld
service:
name: firewalld
state: started
enabled: yes
– name: Enable firewall
firewalld:
zone: public
service: http
permanent: true
state: enabled
immediate: true
– name: template server configs
template:
src: “templates/{{ inventory_hostname }}-httpd.conf.j2″
dest: /etc/httpd/conf.d/myconfig.conf
owner: root
group: root
mode: 0644
notify:
– restart httpd
handlers:
– name: restart httpd
service:
name: httpd
state: restarted
– name: Deploy web service and disable proxy server
hosts: webservers
remote_user: devops
become: true
tasks:
– name: Stop Apache proxy server
service:
name: httpd
state: stopped
delegate_to: “{{ item }}”
with_items: “{{ groups[‘proxyservers’] }}”
– name: Deploy webpages
template:
src: templates/index.html.j2
dest: /var/www/html/index.html
owner: apache
group: apache
mode: 0644
– name: Start Apache proxy server
service:
name: httpd
state: started
delegate_to: “{{ item }}”
with_items: “{{ groups[‘proxyservers’] }}”
EOF
cat ~/configure-delegation/site.yml
ansible-playbook –syntax-check site.yml
ansible-playbook site.yml
curl http://serverc.lab.example.com/external
lab configure-delegation cleanup
Guided Exercise: Configuring Parallelism – p295
workstation:
su – student
cd
lab configure-async setup
cd ~/configure-async
cat > ~/configure-async/templates/longfiles.j2 <<EOF
#!/bin/bash
echo “emptying \$2″ > \$2
for i in {00..30}; do
echo “run \$i, \$1″
echo “run \$i for \$1″ >> \$2
sleep 1
done
EOF
cat ~/configure-async/templates/longfiles.j2
cat > async.yml <<EOF
# async.yml
– name: longfiles async playbook
hosts: webservers
remote_user: devops
become: true
tasks:
– name: template longfiles script
template:
src: templates/longfiles.j2
dest: /usr/local/bin/longfiles
owner: root
group: root
mode: 0755
– name: run longfiles script
command: “/usr/local/bin/longfiles {{ item }} /tmp/{{ item }}.file”
async: 110
poll: 0
with_items:
– foo
– bar
– baz
register: script_sleeper
– name: show script_sleeper value
debug:
var: script_sleeper
– name: check status of longfiles script
async_status: “jid={{ item.ansible_job_id }}”
register: job_result
until: job_result.finished
retries: 30
with_items: “{{ script_sleeper.results }}”
EOF
cat async.yml
ansible-playbook –syntax-check async.yml
ansible-playbook async.yml
lab configure-async cleanup
Solution for Lab: Optimizing Ansible – p303
workstation:
su – student
cd
lab optimize-ansible-lab setup
cd ~/lab-optimizing-ansible
curl http://serverd.lab.example.com
curl http://serverd.lab.example.com
cat > templates/index-ver1.html.j2 <<EOF
<html>
<head><title>My Page</title></head>
<body>
<h1>
Welcome to {{ inventory_hostname }}.
</h1>
<h2>A new feature added.</h2>
</body>
</html>
EOF
cat templates/index-ver1.html.j2
cat > upgrade_webserver.yml <<EOF
—
– name: Upgrade Webservers
hosts: webservers
remote_user: devops
become: yes
serial: 1
tasks:
– name: disable the server in haproxy
haproxy:
state: disabled
backend: app
host: “{{ inventory_hostname }}”
socket: /var/lib/haproxy/stats
wait: yes
delegate_to: “{{ item }}”
with_items: “{{ groups.lbserver }}”
– name: upgrade the page
template:
src: “templates/index-ver1.html.j2″
dest: “/var/www/html/index.html”
register: pageupgrade
– name: restart machine
command: shutdown -r +1 “Ansible updates triggered”
async: 1
poll: 0
ignore_errors: true
when: pageupgrade.changed
– name: wait for webserver to restart
wait_for:
host: “{{ inventory_hostname }}”
port: 22
state: started
delay: 80
timeout: 200
become: False
delegate_to: 127.0.0.1
when: pageupgrade.changed
– name: wait for webserver to come up
wait_for:
host: “{{ inventory_hostname }}”
port: 80
state: started
timeout: 20
– name: enable the server in haproxy
haproxy:
state: enabled
backend: app
host: “{{ inventory_hostname }}”
socket: /var/lib/haproxy/stats
wait: yes
delegate_to: “{{ item }}”
with_items: “{{ groups.lbserver }}”
EOF
cat upgrade_webserver.yml
ansible-playbook –syntax-check upgrade_webserver.yml
ansible-playbook upgrade_webserver.yml
from another terminal:
curl http://serverd.lab.example.com
curl http://serverd.lab.example.com
lab optimize-ansible-lab grade
lab optimize-ansible-lab cleanup
=========================================================
Chapter 9: Implementing Ansible Vault
Guided Exercise: Configuring Ansible Vault – p319
workstation:
su – student
cd
lab configure-ansible-vault setup
cd ~/conf-ansible-vault
ansible-vault create super-secret.yml
–password: redhat
–input
This is encrypted.
cat super-secret.yml
ansible-vault view super-secret.yml
ansible-vault edit super-secret.yml
–add
This is also encrypted.
ansible-vault view super-secret.yml
wget http://materials.example.com/playbooks/passwd.yml
ansible-vault rekey passwd.yml
–原有密码 redhat
–改成 ansible
ansible-vault decrypt passwd.yml –output=passwd-decrypted.yml
–password is:
ansible
ansible-vault encrypt passwd-decrypted.yml –output=passwd-encrypted.yml
–new password is:
redhat
lab configure-ansible-vault grade
Guided Exercise: Executing with Ansible Vault – p327
workstation:
su – student
cd
lab execute-ansible-vault setup
cd ~/exec-ansible-vault
ansible-vault create secret.yml
–password
redhat
–增加以下内容
newusers:
– name: ansibleuser1
pw: redhat
– name: ansibleuser2
pw: Re4H1T
cat > create_users.yml <<EOF
—
– name: create user accounts for all or servers
hosts: devservers
become: True
remote_user: devops
vars_files:
– secret.yml
tasks:
– name: Creating users from secret.yml
user:
name: “{{ item.name }}”
password: “{{ item.pw | password_hash(‘sha512′) }}”
with_items: “{{ newusers }}”
EOF
cat create_users.yml
ansible-playbook –syntax-check –ask-vault-pass create_users.yml
echo ‘redhat’ > vault-pass
chmod 0600 vault-pass
ansible-playbook –syntax-check –vault-password-file=vault-pass create_users.yml
ansible-playbook –vault-password-file=vault-pass create_users.yml
ssh -o PreferredAuthentications=password ansibleuser1@servera.lab.example.com
–password:
redhat
exit
ssh -o PreferredAuthentications=password ansibleuser2@servera.lab.example.com
–password:
Re4H1T
exit
lab execute-ansible-vault grade
lab execute-ansible-vault cleanup
Lab Solution: Implementing Ansible Vault – p334
workstation:
su – student
cd
lab ansible-vault-lab setup
cd ~/lab-ansible-vault
ansible-galaxy init –offline -p roles/ encryptdisk
cat > roles/encryptdisk/vars/main.yml <<EOF
—
# vars file for encryptdisk
luks_dev: /dev/vdb
luks_name: crypto
luks_pass: Re4H1TAns1BLe
EOF
cat roles/encryptdisk/vars/main.yml
ansible-vault encrypt roles/encryptdisk/vars/main.yml
–password:
redhat
ansible-vault view roles/encryptdisk/vars/main.yml
–password:
redhat
wget http://materials.example.com/playbooks/encryptdisk-tasks.yml
mv encryptdisk-tasks.yml roles/encryptdisk/tasks/main.yml
cat > ~/lab-ansible-vault/encrypt.yml <<EOF
—
– name: Encrypt disk on serverb using LUKS
hosts: prodservers
remote_user: devops
become: yes
roles:
– encryptdisk
EOF
cat ~/lab-ansible-vault/encrypt.yml
ansible-playbook –syntax-check –ask-vault-pass encrypt.yml
ansible-playbook –ask-vault-pass encrypt.yml
ansible prodservers -a ‘lsblk’
wget http://materials.example.com/playbooks/keyfile-encrypted.j2
ansible-vault rekey keyfile-encrypted.j2
–Vault password: RedHat
–New Vault password: redhat
–Confirm: redhat
ansible-vault decrypt keyfile-encrypted.j2 –output=roles/encryptdisk/templates/keyfile.j2
–password: redhat
ansible-vault edit roles/encryptdisk/vars/main.yml
–password: redhat
–在最下面增加一行:
luks_key: templates/keyfile.j2
cat > roles/encryptdisk/defaults/main.yml <<EOF
—
# defaults file for encryptdisk
addkey: no
EOF
cat roles/encryptdisk/defaults/main.yml
cp roles/encryptdisk/tasks/main.yml roles/encryptdisk/tasks/main.yml.bak
cat >> roles/encryptdisk/tasks/main.yml <<EOF
– name: copying the key file
template:
src: “{{ luks_key }}”
dest: /root/keyfile
owner: root
group: root
mode: 0600
when: addkey
EOF
cat roles/encryptdisk/tasks/main.yml
cat >> roles/encryptdisk/tasks/main.yml <<EOF
– name: add new keyslot to encrypted disk
shell: echo {{ luks_pass }} | cryptsetup luksAddKey {{ luks_dev }} /root/keyfile
when: addkey
EOF
cat roles/encryptdisk/tasks/main.yml
cat > encrypt.yml <<EOF
—
– name: Encrypt disk on serverb using LUKS
hosts: prodservers
remote_user: devops
become: yes
roles:
– role: encryptdisk
addkey: yes
EOF
cat encrypt.yml
ansible-playbook –syntax-check –ask-vault-pass encrypt.yml
–password: redhat
ansible-playbook –ask-vault-pass encrypt.yml
–password: redhat
ssh root@serverb
cryptsetup luksDump /dev/vdb
umount /crypto
cryptsetup close crypto
cryptsetup open /dev/vdb crypto -d /root/keyfile
mount -a
lsblk
exit
lab ansible-vault-lab grade
lab ansible-vault-lab cleanup
=========================================================
Chapter 10: TroubleShooting Ansible
Guided Exercise: Troubleshooting Playbooks – p347
workstation:
su – student
cd
lab troubleshoot-playbooks setup
cd ~/troubleshooting/
cat > ansible.cfg <<EOF
[defaults]
log_path = /home/student/troubleshooting/ansible.log
inventory = /home/student/troubleshooting/inventory
EOF
cat ansible.cfg
ansible-playbook samba.yml
tail ansible.log
vim samba.yml
找到
random_var: This is colon: test
替换成
random_var: “This is colon: test”
ansible-playbook –syntax-check samba.yml
vim samba.yml
找到
– name: deliver samba config
本段落的错误在于,每行前面多了一个空格
删除该task的前面的一个空格,然后保存
ansible-playbook –syntax-check samba.yml
vim samba.yml
找到
install_state
将
state: {{ install_state }}
替换成:
state: “{{ install_state }}”
ansible-playbook –syntax-check samba.yml
ansible-playbook samba.yml
ping -c3 servera.lab.example.com
ssh devops@servera.lab.example.com
exit
ansible-playbook -vvv samba.yml
tail ansible.log
vim inventory
#该文件中servera的主机名写错
将
servera.lab.exammple.com
替换成
servera.lab.example.com
ansible-playbook samba.yml
vim samba.yml
找到 deliver samba config
将
src: samba.j2
替换成
src: samba.conf.j2
ansible-playbook samba.yml –step
Guided Exercise: Troubleshooting Ansible Managed Hosts – p256
su – student
cd
lab troubleshoot-managedhosts setup
cd ~/troubleshooting/
ansible-playbook mailrelay.yml –check
ansible servera.lab.example.com -u devops -b -a “head /etc/postfix/main.cf”
ansible-playbook mailrelay.yml
ansible servera.lab.example.com -u devops -b -a “head /etc/postfix/main.cf”
vim mailrelay.yml
#增加以下内容
– name: postfix firewalld config
firewalld:
state: enabled
permanent: true
immediate: true
service: smtp
#保存
ansible-playbook mailrelay.yml
ansible servera.lab.example.com -u devops -b -a “firewall-cmd –list-services”
telnet servera.lab.example.com 25
quit
Solution Lab: Troubleshooting Ansible – p361
workstation:
su – student
cd
lab troubleshoot-lab setup
cd ~/troubleshooting-lab/
ansible-playbook secure-web.yml
vim secure-web.yml
将
random_var: This is colon: test
替换成
random_var: “This is colon: test”
ansible-playbook secure-web.yml –syntax-check
vim secure-web.yml
找到 start and enable web services
这个任务块,每一行前面多了一个空格,删除多余的空格
ansible-playbook secure-web.yml –syntax-check
vim secure-web.yml
找到 install web server packages
将
{{ item }}
加上双引号
“{{ item }}”
ansible-playbook secure-web.yml –syntax-check
ansible-playbook secure-web.yml
ansible-playbook secure-web.yml -vvv
vim inventory-lab
将
serverb.lab.example.com ansible_host=tower.lab.example.com
替换成
serverb.lab.example.com
vim secure-web.yml
指定 devops 用户名
将
user: students
替换成
user: devops
ansible-playbook secure-web.yml -vvv
vim secure-web.yml
加上 become 参数
找到
user: devops
添加一行
become: true
ansible-playbook secure-web.yml –check
ansible all -u devops -b -a ‘systemctl status httpd’
ansible-playbook secure-web.yml
ansible all -u devops -b -a ‘systemctl status httpd’
lab troubleshoot-lab grade
lab troubleshoot-lab cleanup
=========================================================
Chapter 11是讲 tower
=========================================================
=========================================================
Chapter 12: Implementing Ansible in a devops environment – p398
Guided Exercise: Provisioning Vagrant Machines – p406
foundation:
rht-vmctl fullreset tower
ssh root@tower
workstation:
su – student
cd
lab ansible-vagrant-practice setup
tower:
su –
mkdir -p /root/vagrant/webapp
cd /root/vagrant/webapp
cp /var/tmp/Vagrantfile .
cat Vagrantfile
vagrant up
vagrant ssh
yum repolist
exit
vagrant destroy
mkdir -p /root/vagrant/webapp/etc/yum.repos.d
cp /etc/yum.repos.d/rhel_dvd.repo /root/vagrant/webapp/etc/yum.repos.d/
cat > /root/vagrant/webapp/provisioner.sh <<EOF
#!/bin/bash
# Install yum config file
sudo cp /home/vagrant/sync/etc/yum.repos.d/rhel_dvd.repo /etc/yum.repos.d/rhel_dvd.repo
EOF
cat /root/vagrant/webapp/provisioner.sh
vim Vagrantfile
#增加以下一行
# Define shell provisioner
config.vm.provision “shell”, path: “provisioner.sh”
vagrant up
vagrant ssh
yum repolist
exit
Guided Exercise: Deploying Vagrant in a DevOps Environment – p414
workstation:
su – student
cd
lab ansible-devops-practice setup
tower:
su –
cd /root/vagrant/webapp
vagrant status
vagrant destroy
cp /var/tmp/intranet-dev.yml .
cat intranet-dev.yml
vim Vagrantfile
#增加以下内容
# Define ansible provisioner
config.vm.provision “ansible” do |ansible|
ansible.playbook = “intranet-dev.yml”
end
# Define host settings
config.vm.hostname = “dev.lab.example.com”
config.vm.network “forwarded_port”, guest: 80, host: 8000
保存,退出
yum install -y ansible
vagrant up
curl http://localhost:8000
Solution Lab: Implementing Ansible in a DevOps Environment – p418
workstation:
su – student
cd
lab ansible-vagrant-lab setup
tower:
su –
yum -y install ansible
mkdir -p vagrant/webapp
cd vagrant/webapp
git clone student@workstation:/var/git/vagrantwebapp.git .
vagrant up
curl http://localhost:8000
vagrant ssh
sudo -i
cd /var/www/html
vi index.html
“Welcome to Web App 2.0″
git commit -am ‘New web app version’
git push origin master
exit
exit
curl http://localhost:8000
cat ansible.cfg
cat inventory
ansible-playbook intranet-prod.yml
curl http://servera
lab ansible-vagrant-lab grade
=========================================================
Chapter 13: Comprehensive Review: Automation with Ansible – p425
foundation
重置所有测试机
rht-vmctl status all
rht-vmctl fullreset classroom
rht-vmctl fullreset workstation
rht-vmctl fullreset servera
rht-vmctl fullreset serverb
rht-vmctl fullreset serverc
rht-vmctl fullreset serverd
rht-vmctl fullreset tower
ssh所有测试机
ssh root@workstation
ssh root@servera
ssh root@serverb
ssh root@serverc
ssh root@serverd
ssh root@tower
Lab Solution: Deploying Ansible – 431
workstation:
su – student
cd
lab ansible-deploy-cr setup
sudo yum -y install ansible
cd /home/student/ansible-deploy-cr/inventory/
cat > hosts <<EOF
[dev]
servera.lab.example.com
serverb.lab.example.com
EOF
cat hosts
cd ..
cat > ansible.cfg <<EOF
[defaults]
inventory=/home/student/ansible-deploy-cr/inventory
EOF
cat ansible.cfg
ansible dev -m copy -a ‘content=”Managed by Ansible\n” dest=/etc/motd’ -b -u devops
ansible dev -m command -a “cat /etc/motd”
lab ansible-deploy-cr grade
lab ansible-deploy-cr cleanup
Lab Solution: Creating Playbooks
workstation:
su – student
cd
lab ansible-playbooks-cr setup
cd /home/student/ansible-playbooks-cr
mkdir inventory
cat > inventory/hosts <<EOF
[ftpservers]
serverb.lab.example.com
serverd.lab.example.com
[ftpclients]
serverc.lab.example.com
EOF
cat inventory/hosts
cat > ansible.cfg <<EOF
[defaults]
remote_user = devops
inventory = ./inventory
[privilege_escalation]
become_user = root
become_method = sudo
EOF
cat ansible.cfg
cat > ftpclient.yml <<EOF
—
– name: ftp client installed
hosts: ftpclients
become: true
tasks:
– name: latest lftp version installed
yum:
name: ftp
state: latest
EOF
cat ftpclient.yml
mkdir templates
curl -o templates/vsftpd.conf.j2 http://materials.example.com/ansible-playbooks-cr/templates/vsftpd.conf.j2
ls templates/
mkdir vars
curl -o vars/defaults-template.yml http://materials.example.com/ansible-playbooks-cr/vars/defaults-template.yml
ls vars/
cat > vars/vars.yml <<EOF
vsftpd_packages: vsftpd
vsftpd_service: vsftpd
vsftpd_config_file: /etc/vsftpd/vsftpd.conf
EOF
cat vars/vars.yml
cat > ansible-vsftpd.yml <<EOF
—
– name: FTP server is installed
hosts:
– ftpservers
become: true
vars_files:
– vars/defaults-template.yml
– vars/vars.yml
tasks:
– name: Packages are installed
yum:
name: ‘{{ vsftpd_packages }}’
state: installed
– name: Ensure service is started
service:
name: ‘{{ item }}’
state: started
enabled: true
with_items: ‘{{ vsftpd_service }}’
– name: Configuration file is installed
template:
src: templates/vsftpd.conf.j2
dest: ‘{{ vsftpd_config_file }}’
owner: root
group: root
mode: ‘0600’
setype: etc_t
notify: restart vsftpd
– name: firewalld is installed
yum:
name: firewalld
state: present
– name: firewalld is started and enabled
service:
name: firewalld
state: started
enabled: yes
– name: Open ftp port in firewall
firewalld:
service: ftp
permanent: true
state: enabled
immediate: yes
handlers:
– name: restart vsftpd
service:
name: “{{ item }}”
state: restarted
with_items: “{{ vsftpd_service }}”
EOF
cat ansible-vsftpd.yml
cat > site.yml <<EOF
# Play for FTP clients
– include: ftpclient.yml
# Play for FTP servers
– include: ansible-vsftpd.yml
EOF
cat site.yml
ansible-playbook –syntax-check site.yml
ansible-playbook site.yml
lab ansible-playbooks-cr grade
lab ansible-playbooks-cr cleanup
Lab Solution: Creating Roles and Using Dynamic Inventory – p444
workstation:
su – student
cd
lab ansible-roles-cr setup
cd /home/student/ansible-roles-cr/
cp -r ../ansible-playbooks-cr/* ./
curl -o inventory/crinventory.py http://materials.example.com/comp-review/dynamic/crinventory.py
chmod +x inventory/crinventory.py
mkdir -p roles/ansible-vsftpd/templates
mkdir -p roles/ansible-vsftpd/tasks
mkdir -p roles/ansible-vsftpd/handlers
cp templates/vsftpd.conf.j2 roles/ansible-vsftpd/templates/
cat > roles/ansible-vsftpd/tasks/main.yml <<EOF
—
# tasks file for ansible-vsftpd
– name: Packages ae installed
yum:
name: ‘{{ vsftpd_packages }}’
state: installed
– name: Ensure service is started
service:
name: ‘{{ item }}’
state: started
enabled: true
with_items: ‘{{ vsftpd_service }}’
– name: Configuration file is installed
template:
src: vsftpd.conf.j2
dest: ‘{{ vsftpd_config_file }}’
owner: root
group: root
mode: ‘0600’
setype: etc_t
notify: restart vsftpd
– name: firewalld is installed
yum:
name: firewalld
state: present
– name: firewalld is started and enabled
service:
name: firewalld
state: started
enabled: yes
– name: Open ftp port in firewall
firewalld:
service: ftp
permanent: true
state: enabled
immediate: yes
EOF
cat roles/ansible-vsftpd/tasks/main.yml
cat > roles/ansible-vsftpd/handlers/main.yml <<EOF
—
# handlers file for ansible-vsftpd
– name: restart vsftpd
service:
name: “{{ item }}”
state: restarted
with_items: “{{ vsftpd_service }}”
EOF
cat roles/ansible-vsftpd/handlers/main.yml
mkdir meta
cat > meta/main.yml <<EOF
ansible-vsftpd
=========
Example ansible-vsftpd role from Red Hat’s “Automation with Ansible” (DO407) Course.
Requirement
———–
None.
Role Variables
————–
* defaults/main.yml contains variables used to configure the vsftpd.conf template
* vars/main.yml contains the name of the vsftpd service, the name of the RPM
package, and location of the service’s configuration file
Dependencies
————
None.
Example Playbook
—————-
– hosts: servers
roles:
– ansible-vsftpd
License
——-
BSD
Author Information
——————
Red Hat (training@redhat.com)
EOF
cat meta/main.yml
rm -rf roles/ansible-vsftpd/tests
cat > vsftpd-configure.yml <<EOF
—
– name: Install and configure vsftpd
hosts: ftpservers
vars_files:
– vars/defaults-template.yml
– vars/vars.yml
become: true
vars:
vsftpd_anon_root: /mnt/share/
vsftpd_local_root: /mnt/share/
roles:
– ansible-vsftpd
tasks:
– name: /dev/vdb1 is partitioned
command: >
creates=/dev/vdb1
parted –script /dev/vdb mklabel gpt mkpart primary 1MiB 100%
– name: XFS file system exists on /dev/vdb1
filesystem:
dev: /dev/vdb1
fstype: xfs
force: no
– name: anon_root mount point exists
file:
path: ‘{{ vsftpd_anon_root }}’
state: directory
– name: /dev/vdb1 is mounted on anon_root
mount:
name: ‘{{ vsftpd_anon_root }}’
src: /dev/vdb1
fstype: xfs
state: mounted
dump: ‘1’
passno: ‘2’
notify: restart vsftpd
– name: Make sure permissions on mounted fs are correct
file:
path: ‘{{ vsftpd_anon_root }}’
owner: root
group: root
mode: ‘0755’
setype: “{{ vsftpd_setype }}”
state: directory
– name: Copy README to the ftp anon_root
copy:
dest: ‘{{ vsftpd_anon_root }}/README’
content: “Welcome to the FTP server at {{ ansible_fqdn }}\n”
setype: ‘{{ vsftpd_setype }}’
EOF
cat vsftpd-configure.yml
cat > site.yml <<EOF
# Play for FTP clients
– include: ftpclient.yml
#Play for FTP servers
– include: vsftpd-configure.yml
EOF
cat site.yml
ansible-playbook site.yml –syntax-check
ansible-playbook site.yml
lab ansible-roles-cr grade
lab ansible-roles-cr cleanup
Lab Solution: Optimizing Ansible – p458
workstation:
su – student
cd
lab ansible-optimize-cr setup
cd /home/student/ansible-optimize-cr
curl http://serverc.lab.example.com
curl http://serverc.lab.example.com
curl -o templates/index-ver1.html.j2 http://materials.example.com/jinja2/index-ver1.html.j2
cat > upgrade_webserver.yml <<EOF
—
– name: Upgrade Webservers
hosts: webservers
remote_user: devops
become: yes
serial: 1
tasks:
– name: disable the server in haproxy
haproxy:
state: disabled
backend: app
host: “{{ inventory_hostname }}”
socket: /var/lib/haproxy/stats
wait: yes
delegate_to: “{{ item }}”
with_items: “{{ groups.lbserver }}”
– name: upgrade the page
template:
src: “templates/index-ver1.html.j2″
dest: “/var/www/html/index.html”
register: pageupgrade
– name: restart machine
shell: /bin/sleep 5 && shutdown -r now “Ansible updates triggered”
async: 1
poll: 0
ignore_errors: true
when: pageupgrade.changed
– name: wait for webserver to reboot
wait_for:
host: “{{ inventory_hostname }}”
port: 22
state: started
delay: 25
timeout: 200
become: False
delegate_to: 127.0.0.1
when: pageupgrade.changed
– name: wait for webserver to come up
wait_for:
host: “{{ inventory_hostname }}”
port: 80
state: started
timeout: 20
– name: enable the server in haproxy
haproxy:
state: enabled
backend: app
host: “{{ inventory_hostname }}”
socket: /var/lib/haproxy/stats
wait: yes
delegate_to: “{{ item }}”
with_items: “{{ groups.lbserver }}”
EOF
cat upgrade_webserver.yml
ansible-playbook –syntax-check upgrade_webserver.yml
ansible-playbook upgrade_webserver.yml
curl http://serverc.lab.example.com
curl http://serverc.lab.example.com
lab ansible-optimize-cr grade
lab ansible-optimize-cr cleanup
Lab Solution: Deploying Ansible Tower and Executing Jobs – p466
略
大佬,请问下有没有el7版本的ex407的考试题目,英文的?谢谢,还有280V3.5的,不胜感激,我邮箱 70589598@163.com
抱歉,没有