ansible阶段练习题
一、安装和配置 ansible 环境
1)安装所需软件包
2)在/home/student/ansible/inventory 文件中设置主机清单,要求:
node1 属于 test01 主机组
node2 属于 test02 主机组
node3 和 node4 属于 web 主机组
node5 属于 test05 主机组
web 组属于 webtest 主机组
3)在/home/student/ansible 目录中创建 ansible.cfg,满足以下需求:
主机清单文件为/home/student/ansible/inventory
playbook 中角色位置为/home/student/ansible/roles
collection 位置为/home/student/ansible/collections
1、编辑主机清单,创建两个目录(roles、collections),下载配置文件ansible.cfg
powershell
[student@master ~]$ mkdir ansible
[student@master ~]$ ls
ansible
[student@master ~]$ cd ansible/
[student@master ansible]$ ls
[student@master ansible]$ vim inventory
[student@master ansible]$ cat inventory
[test01]
node1
[test02]
node2
[web]
node3
node4
[test05]
node5
[webtest:children]
web
[student@master ansible]$ mkdir roles
[student@master ansible]$ mkdir collections
[student@master ansible]$ sudo vim /etc/ansible/ansible.cfg
[student@master ansible]$ ansible-config init --disabled > ansible.cfg
[student@master ansible]$ ls
ansible.cfg collections inventory roles
2、更改配置文件ansible.cfg
(1)inventory=/home/student/ansible/inventory
(2)roles_path=/home/student/ansible/roles
(3)collections_path=/home/student/ansible/collections
(4)remote_user=student
(5)host_key_checking=False
(6)privilege:
become=True
become_ask_pass=False
become_method=sudo
become_user=root
3、测试是否更改成功
powershell
[student@master ansible]$ ansible all -m ping
node5 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node4 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
二、创建和运行 Ansible 任务
编写脚本/home/student/ansible/yum.yml,为所有受管机配置 yum 仓库。
仓库 1:
名称为 BASEOS,描述为 software base
URL 为 http://ansible.example.com/rhel9/BaseOS
GPG 签名启用
GPG 密钥 URL 为 http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
仓库为启用状态
仓库 2:
名称为 APPSTREAM,描述为 software stream
URL 为 http://ansible.example.com/rhel9/AppStream
GPG 签名启用
GPG 密钥 URL 为 http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
仓库为启用状态
powershell
[student@master ansible]$ vim yum.yml
[student@master ansible]$ ansible-playbook yum.yml
[student@master ansible]$ ansible node1 -m shell -a 'ls /etc/yum.repos.d'
node1 | CHANGED | rc=0 >>
APPSTREAM.repo
BASEOS.repo
redhat.repo
powershell
---
- name: repo
hosts: all
tasks:
- name: repo1
yum_repository:
name: BASEOS
description: software base
baseurl: http://ansible.example.com/rhel9/BaseOS
enabled: yes
gpgcheck: yes
gpgkey: http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
- name: repo2
yum_repository:
name: APPSTREAM
description: software stream
baseurl: http://ansible.example.com/rhel9/AppStream
enabled: yes
gpgcheck: yes
gpgkey: http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
三、编写剧本远程安装软件
创建名为/home/student/ansible/tools.yml 的 playbook,能够实现以下目的:
1)将 php 和 tftp 软件包安装到 test01、test02 和 web 主机组中的主机上
2)将 RPM Development Tools 软件包组安装到 test01 主机组中的主机上
3)将 test01 主机组中的主机上所有软件包升级到最新版本
powershell
[student@master ansible]$ vim tools.yml
[student@master ansible]$ ansible-playbook tools.yml
powershell
---
- name: install php tftp
hosts: test01,test02,web
tasks:
- name: php tftp
yum:
name:
- php
- tftp
state: present
- name: install RPM Development Tools
hosts: test01
tasks:
- name: RPM Development Tools
yum:
name: "@RPM Development Tools"
state: present
- name: update
yum:
name: '*'
state: latest
四、配置计划任务
编写剧本/home/student/ansible/jihua.yml
1)在 test02 组中的被管理主机运行
2)为用户 student 创建计划任务: student 用户每隔 5 分钟执行 echo "hello tarena"
powershell
[student@master ansible]$ vim jihua.yml
[student@master ansible]$ ansible-playbook jihua.yml
[student@master ansible]$ ansible node2 -m shell -a 'crontab -l -u student'
node2 | CHANGED | rc=0 >>
#Ansible: cron1
*/5 * * * * echo "hello tarena"
powershell
---
- name: cron
hosts: test02
tasks:
- name: test
cron:
name: cron1
user: student
minute: '*/5'
job: echo "hello tarena"
五、安装并使用系统角色(timesync)
安装 RHEL 角色软件包,并创建剧本/home/student/ansible/timesync.yml,满足以下要求:
1)在 test01 组中的被管理主机运行
2)使用 timesync 角色
3)配置该角色,使用时间服务器 ansible.example.com,并启用 iburst 参数
1、安装软件包(sudo yum -y install )
powershell
[student@master ansible]$ sudo yum -y install rhel-system-roles
2、复制timesync
powershell
[student@master ansible]$ cd /usr/share/ansible/roles/
[student@master roles]$ cp -r rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@master roles]$ cd -
/home/student/ansible
[student@master ansible]$ ls
ansible.cfg collections inventory jihua.yml roles tools.yml yum.yml
[student@master ansible]$ cd roles/
[student@master roles]$ ls
timesync
3、编写timesync.yml并运行测试
powershell
[student@master ansible]$ vim timesync.yml
[student@master ansible]$ ansible-playbook timesync.yml
[student@master ansible]$ ansible test01 -m shell -a 'chronyc sources'
node1 | CHANGED | rc=0 >>
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ansible.example.com 0 7 0 - +0ns[ +0ns] +/- 0ns
powershell
---
- name: timesync
hosts: test01
vars:
timesync_ntp_servers:
- hostname: ansible.example.com
iburst: yes
roles:
- timesync
六、通过 galaxy 安装角色与 collection
创建剧本/home/student/ansible/roles/down.yml,用来从以下 URL 下载角色,
并安装到/home/student/ansible/roles 目录下:
http://ansible.example.com/roles/haproxy.tar 此角色名为 haproxy
http://ansible.example.com/roles/myphp.tar 此角色名为 myphp
powershell
[student@master ansible]$ vim roles/down.yml
[student@master ansible]$ ansible-galaxy install -r roles/down.yml -p roles/
Starting galaxy role install process
- downloading role from http://ansible.example.com/roles/haproxy.tar
- extracting haproxy to /home/student/ansible/roles/haproxy
- haproxy was installed successfully
- downloading role from http://ansible.example.com/roles/myphp.tar
- extracting myphp to /home/student/ansible/roles/myphp
- myphp was installed successfully
[student@master ansible]$ ls roles/
down.yml haproxy myphp timesync
powershell
---
- name: haproxy
src: http://ansible.example.com/roles/haproxy.tar
- name: myphp
src: http://ansible.example.com/roles/myphp.tar
从 http://ansible.example.com/materials/下载如下 collection 并安装到
/home/student/ansible/collections 目录下:
ansible-posix-1.5.1.tar.gz
community-general-6.3.0.tar.gz
powershell
[student@master ansible]$ ansible-galaxy collection install http://ansible.example.com/materials/ansible-posix-1.5.1.tar.gz -p collections/
Downloading http://ansible.example.com/materials/ansible-posix-1.5.1.tar.gz to /home/student/.ansible/tmp/ansible-local-1702g_oap558/tmposng8z3m/ansible-posix-1.5.1-6g8pa25c
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'ansible.posix:1.5.1' to '/home/student/ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.5.1 was installed successfully
[student@master ansible]$ ansible-galaxy collection install http://ansible.example.com/materials/community-general-6.3.0.tar.gz -p collections/
Downloading http://ansible.example.com/materials/community-general-6.3.0.tar.gz to /home/student/.ansible/tmp/ansible-local-1706yl5wyhpe/tmpj9pd_e1e/community-general-6.3.0-qk65cw7a
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'community.general:6.3.0' to '/home/student/ansible/collections/ansible_collections/community/general'
community.general:6.3.0 was installed successfully
[student@master ansible]$ ls collections/
ansible_collections
[student@master ansible]$ cd collections/ansible_collections/
[student@master ansible_collections]$ ls
ansible community
七、创建及使用自定义角色
根据下列要求,在/home/student/ansible/roles 中创建名为 httpd 的角色:
1)安装 httpd 软件,并能够开机自动运行
2)开启防火墙,并允许 httpd 通过
3)使用模板 index.html.j2,用来创建/var/www/html/index.html 网页,
内容如下(HOSTNAME 是受管理节点的完全域名,IPADDRESS 是 IP 地址):
Welcome to HOSTNAME on IPADDRESS
然后创建剧本 /home/student/ansible/myrole.yml,为 webtest 主机组启用 httpd 角色。
1、手动生成一个角色(httpd)
powershell
[student@master ansible]$ cd roles/
[student@master roles]$ ls
down.yml haproxy myphp timesync
[student@master roles]$ ansible-galaxy init httpd
- Role httpd was created successfully
[student@master roles]$ ls
down.yml haproxy httpd myphp timesync
2、编写模版文件
powershell
[student@master roles]$ cd httpd/
[student@master httpd]$ ls
defaults files handlers meta README.md tasks templates tests vars
[student@master httpd]$ vim templates/index.html.j2
[student@master httpd]$ cat templates/index.html.j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
3、编写任务
powershell
[student@master httpd]$ vim tasks/main.yml
powershell
---
# tasks file for httpd
- name: install pkg
yum:
name:
- httpd
- firewalld
state: present
- name: cp html
template:
src: index.html.j2
dest: /var/www/html/index.html
- name: restarted service
service:
name: "{{ item }}"
state: restarted
enabled: yes
loop:
- httpd
- firewalld
- name: set firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
4、编写myrole.yml并运行测试
powershell
[student@master ansible]$ vim myrole.yml
[student@master ansible]$ ansible-playbook myrole.yml
[student@master ansible]$ curl http://node3
Welcome to node3.example.com on 192.168.122.30
[student@master ansible]$ curl http://node4
Welcome to node4.example.com on 192.168.122.40
powershell
---
- name: use httpd role
hosts: webtest
roles:
- httpd
八、使用之前通过 galaxy 下载的角色
创建剧本/home/student/ansible/web.yml,满足下列需求:
1)该剧本中包含一个 play,可以在 test05 主机组运行 haproxy 角色
(此角色已经配置好网站的负载均衡服务)
2)多次访问 http://node5.example.com 可以输出不同主机的欢迎页面
3)该剧本中包含另一个 play,可以在 webtest 主机组运行 myphp 角色
(此角色已经配置好网站的 php 页面)
4)多次访问 http://node5.example.com/index.php 也输出不同主机的欢迎页面
powershell
[student@master ansible]$ vim web.yml
[student@master ansible]$ ansible-playbook web.yml
[student@master ansible]$ curl http://node5.example.com
Welcome to node3.example.com on 192.168.122.30
[student@master ansible]$ curl http://node5.example.com
Welcome to node4.example.com on 192.168.122.40
[student@master ansible]$ curl http://node5.example.com/index.php
hello php world from node3.example.com
[student@master ansible]$ curl http://node5.example.com/index.php
hello php world from node4.example.com
powershell
---
- name: get fact
hosts: webtest
- name: use haproxy role
hosts: test05
roles:
- haproxy
- name: use myphp role
hosts: webtest
roles:
- myphp
九、编写剧本远程管理逻辑卷
创建剧本 /home/student/ansible/lvm.yml,用来为所有受管机完成以下部署:
1)在卷组 search 中创建名为 mylv 的逻辑卷,大小为 1000MiB
2)使用 ext4 文件系统格式化该逻辑卷
3)如果无法创建要求的大小,应显示错误信息 insufficient free space,
并改为 500MiB
4)如果卷组 search 不存在,应显示错误信息 VG not found
5)不需要挂载逻辑卷
powershell
[student@master ansible]$ vim lvm.yml
[student@master ansible]$ ansible-playbook lvm.yml
PLAY [create lv] ******************************************************************************
TASK [Gathering Facts] ************************************************************************
ok: [node4]
ok: [node5]
ok: [node3]
ok: [node1]
ok: [node2]
TASK [create 1000 lv] *************************************************************************
skipping: [node2]
fatal: [node5]: FAILED! => {"changed": false, "err": " Volume group \"search\" has insufficient free space (199 extents): 250 required.\n", "msg": "Creating logical volume 'mylv' failed", "rc": 5}
changed: [node4]
changed: [node1]
changed: [node3]
TASK [output message1] ************************************************************************
ok: [node5] => {
"msg": "insufficient free space"
}
TASK [create 500 lv] **************************************************************************
changed: [node5]
TASK [mkfs] ***********************************************************************************
skipping: [node2]
changed: [node4]
changed: [node3]
changed: [node5]
changed: [node1]
TASK [output message2] ************************************************************************
skipping: [node1]
skipping: [node5]
ok: [node2] => {
"msg": "VG not found"
}
skipping: [node3]
skipping: [node4]
PLAY RECAP ************************************************************************************
node1 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
node3 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node4 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node5 : ok=4 changed=2 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0
powershell
---
- name: create lv
hosts: all
tasks:
- name: create lv1
block:
- name: create 1000 lv
lvol:
lv: mylv
vg: search
size: 1000
rescue:
- name: output message1
debug:
msg: insufficient free space
- name: create 500 lv
lvol:
lv: mylv
vg: search
size: 500
always:
- name: mkfs
filesystem:
dev: /dev/search/mylv
fstype: ext4
when: "'search' in ansible_lvm.vgs"
- name: output message2
debug:
msg: VG not found
when: "'search' not in ansible_lvm.vgs"
十、根据模板部署主机文件
从 http://ansible.example.com/materials/newhosts.j2 下载模板文件
完成该模板文件,用来生成新主机清单(主机的显示顺序没有要求),结构如下:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.10 node1.example.com node1
192.168.122.20 node2.example.com node2
192.168.122.30 node3.example.com node3
192.168.122.40 node4.example.com node4
192.168.122.50 node5.example.com node5
创建剧本/home/student/ansible/newhosts.yml,它将使用上述模板在 test01 主机组的主机上
生成文件/etc/newhosts。
1、下载模版,编辑模版
powershell
[student@master ansible]$ curl -O http://ansible.example.com/materials/newhosts.j2
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 158 100 158 0 0 22571 0 --:--:-- --:--:-- --:--:-- 22571
[student@master ansible]$ vim newhosts.j2
[student@master ansible]$ cat newhosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for i in groups.all %}
{{hostvars[i].ansible_default_ipv4.address }} {{ hostvars[i].ansible_fqdn }} {{ hostvars[i].ansible_hostname }}
{% endfor %}
2、编写newhosts.yml并运行测试
powershell
[student@master ansible]$ vim newhosts.yml
[student@master ansible]$ ansible-playbook newhosts.yml
[student@master ansible]$ ansible test01 -m shell -a 'cat /etc/newhosts'
node1 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.10 node1.example.com node1
192.168.122.20 node2.example.com node2
192.168.122.50 node5.example.com node5
192.168.122.30 node3.example.com node3
192.168.122.40 node4.example.com node4
powershell
---
- name: get fact
hosts: all
- name: get file
hosts: test01
tasks:
- name: get file1
template:
src: /home/student/ansible/newhosts.j2
dest: /etc/newhosts
十一、编写剧本修改远程文件内容
创建剧本 /home/student/ansible/newissue.yml,满足下列要求:
1)在所有清单主机上运行,替换/etc/issue 的内容
2)对于 test01 主机组中的主机,/etc/issue 文件内容为 test01
3)对于 test02 主机组中的主机,/etc/issue 文件内容为 test02
4)对于 web 主机组中的主机,/etc/issue 文件内容为 Webserver
powershell
[student@master ansible]$ vim newissue.yml
[student@master ansible]$ ansible-playbook newissue.yml
[student@master ansible]$ ansible all -m shell -a 'cat /etc/issue'
node4 | CHANGED | rc=0 >>
Webserver
node1 | CHANGED | rc=0 >>
test01
node3 | CHANGED | rc=0 >>
Webserver
node2 | CHANGED | rc=0 >>
test02
node5 | CHANGED | rc=0 >>
powershell
---
- name: replace
hosts: all
tasks:
- name: replace1
copy:
content: |
{% if 'test01' in group_names %}
test01
{% elif 'test02' in group_names %}
test02
{% elif 'web' in group_names %}
Webserver
{% endif %}
dest: /etc/issue
十二、编写剧本部署远程 Web 目录
创建剧本/home/student/ansible/webdev.yml,满足下列要求:
1)在 test01 主机组运行
2)创建目录/webdev,属于 webdev 组,权限为 rwxrwxr-x,具有 SetGID 特殊权限
3)使用符号链接/var/www/html/webdev 链接到/webdev 目录
4)创建文件/webdev/index.html,内容是 It's works!
5)查看 test01 主机组的 web 页面 http://node1/webdev/将显示 It's works!
powershell
[student@master ansible]$ vim webdev.yml
[student@master ansible]$ ansible-playbook webdev.yml
[student@master ansible]$ curl http://node1/webdev/
It's works!
powershell
---
- name: web
hosts: test01
tasks:
- name: install httpd
yum:
name:
- httpd
- firewalld
state: present
- name: create group
group:
name: webdev
state: present
- name: mkdir /webdev
file:
path: /webdev
group: webdev
mode: 2775
state: directory
setype: httpd_sys_content_t
- name: touch index.html
copy:
content: "It's works!\n"
dest: /webdev/index.html
setype: httpd_sys_content_t
- name: link
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: restarted httpd firewalld
service:
name: "{{ item }}"
state: restarted
enabled: yes
loop:
- httpd
- firewalld
- name: set filewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
十三、编写剧本为受管机生成硬件报告
创建名为/home/student/ansible/hardware.yml 的 playbook,满足下列要求:
1)使所有受管理节点从以下 URL 下载文件:
http://ansible.example.com/materials/hardware.empty
2)并用来生成以下硬件报告信息,存储在各自的/root/hardware.txt 文件中
清单主机名称 inventory_hostname
以 MB 表示的总内存大小 ansible_memtotal_mb
BIOS 版本 ansible_bios_version
硬盘 vda 的大小 ansible_devices.vda.size
硬盘 vdb 的大小ansible_devices.vdb.size
如果这些硬件信息不存在的话,则改成NONE字符串
1、下载文件
powershell
[student@master ansible]$ curl -O http://ansible.example.com/materials/hardware.empty
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 3312 0 --:--:-- --:--:-- --:--:-- 3533
[student@master ansible]$ cat hardware.empty
hostname=inventoryhostname
mem=memory_in_MB
bios=BIOS_version
vdasize=disk_vda_size
vdbsize=disk_vdb_size
2、编写hardware.yml并运行测试
powershell
[student@master ansible]$ vim hardware.yml
[student@master ansible]$ ansible-playbook hardware.yml
[student@master ansible]$ ansible all -m shell -a 'cat /root/hardware.txt'
node2 | CHANGED | rc=0 >>
hostname=node2
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=1.50 GB
node5 | CHANGED | rc=0 >>
hostname=node5
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node4 | CHANGED | rc=0 >>
hostname=node4
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node1 | CHANGED | rc=0 >>
hostname=node1
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node3 | CHANGED | rc=0 >>
hostname=node3
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
powershell
---
- name: test
hosts: all
tasks:
- name: get file
get_url:
url: http://ansible.example.com/materials/hardware.empty
dest: /root/hardware.txt
- name: hostname
replace:
path: /root/hardware.txt
regexp: inventoryhostname
replace: "{{ inventory_hostname }}"
- name: mem
replace:
path: /root/hardware.txt
regexp: memory_in_MB
replace: "{{ ansible_memtotal_mb }}"
- name: bios
replace:
path: /root/hardware.txt
regexp: BIOS_version
replace: "{{ ansible_bios_version }}"
- name: vda
replace:
path: /root/hardware.txt
regexp: disk_vda_size
replace: "{{ ansible_devices.vda.size if ansible_devices.vda is defined else 'NONE' }}"
- name: vdb
replace:
path: /root/hardware.txt
regexp: disk_vdb_size
replace: "{{ ansible_devices.vdb.size if ansible_devices.vdb is defined else 'NONE' }}"
十四、创建保险库文件
创建 ansible 保险库 /home/student/ansible/passdb.yml,其中有 2 个变量:
1)pw_dev,值为 ab1234
2)pw_man,值为 cd5678
加密和解密该库的密码是 pwd@1234,密码存在/home/student/ansible/secret.txt 中
powershell
[student@master ansible]$ vim passdb.yml
[student@master ansible]$ cat passdb.yml
---
pw_dev: ab1234
pw_man: cd5678
[student@master ansible]$ vim secret.txt
[student@master ansible]$ cat secret.txt
pwd@1234
[student@master ansible]$ ansible-vault encrypt passdb.yml --vault-id secret.txt
Encryption successful
十五、编写剧本为受管机批量创建用户
从以下 URL 下载用户列表,保存到/home/student/ansible 目录下:
http://ansible.example.com/materials/name_list.yml
创建剧本/home/student/ansible/users.yml 的 playbook,满足下列要求:
1)使用之前题目中的 passdb.yml 保险库文件提供的密码做用户密码
2)职位描述为 dev 的用户应在 test01、test02 主机组的受管机上创建,
使用 pw_dev 变量分配密码,是补充组 devops 的成员
3)职位描述为 man 的用户应在 web 主机组的受管机上创建,
使用 pw_man 变量分配密码,是补充组 opsmgr 的成员
4)密码应采用 SHA512 哈希格式,这几个用户的密码最大有效时间为30天
5)该 playbook 可以使用之前题目创建的 secret.txt 密码文件运行
1、下载用户列表
powershell
[student@master ansible]$ curl -O http://ansible.example.com/materials/name_list.yml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 141 100 141 0 0 2350 0 --:--:-- --:--:-- --:--:-- 2431
[student@master ansible]$ cat name_list.yml
users:
- name: tom
job: dev
- name: jerry
job: man
2、编写users.yml并运行
powershell
[student@master ansible]$ vim users.yml
[student@master ansible]$ ansible-playbook users.yml --vault-id secret.txt
powershell
---
- name: create user for dev
hosts: test01,test02
vars_files:
- /home/student/ansible/passdb.yml
- /home/student/ansible/name_list.yml
tasks:
- name: create group
group:
name: devops
state: present
- name: create user
user:
name: "{{ item.name }}"
group: devops
password: "{{ pw_dev | password_hash('sha512') }}"
state: present
password_expire_max: 30
loop: "{{ users }}"
when: item.job == 'dev'
- name: create user for man
hosts: web
vars_files:
- /home/student/ansible/passdb.yml
- /home/student/ansible/name_list.yml
tasks:
- name: create group1
group:
name: opsmgr
state: present
- name: create user
user:
name: "{{ item.name }}"
group: opsmgr
password: "{{ pw_man | password_hash('sha512') }}"
state: present
password_expire_max: 30
loop: "{{ users }}"
when: item.job == 'man'
十六、重设保险库密码
从以下 URL 下载保险库文件到/home/student/ansible 目录:
http://ansible.example.com/materials/topsec.yml
当前的库密码是 banana,新密码是 big_banana,请更新该库密码
powershell
[student@master ansible]$ curl -O http://ansible.example.com/materials/topsec.yml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 419 100 419 0 0 22052 0 --:--:-- --:--:-- --:--:-- 23277
[student@master ansible]$ ansible-vault rekey topsec.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
[student@master ansible]$ ansible-vault view topsec.yml
Vault password:
---
- I love banana.