RHCE習題
- 2022 年 11 月 6 日
- 筆記
RHCE習題
考試說明:
RH294系統資訊
在練習期間,您將操作下列虛擬系統:
真實機: foundation:
kiosk:redhat
root: Asimov
workstation.lab.example.com 172.25.250.9 Ansible control node
servera.lab.example.com 172.25.250.10 Ansible managed node
serverb.lab.example.com 172.25.250.11 Ansible managed node
serverc.lab.example.com 172.25.250.12 Ansible managed node
serverd.lab.example.com 172.25.250.13 Ansible managed node
bastion.lab.example.com 172.25.250.254 Ansible managed node
workstation為ansible節點
servera、serverb、serverc、serverd、bastion為受控主機
已經全部配置好ssh的基於密鑰認證
Ansible 控制節點上已創建了用戶帳戶 student。此帳戶預裝了 SSH密鑰,
允許在 Ansible 控制節點和各個 Ansible 受管節點之間進行SSH 登錄。
請勿對系統上的 student SSH 配置文件進行任何修改。
您可以從 root 帳戶使用 su 訪問此用戶帳戶
二、前提環境準備
1、
[kiosk@foundation ~]$ virt-manager
[kiosk@foundation ~]$ rht-vmctl reset all
輸入y確認重置所有主機
[kiosk@foundation ~]$ ssh -X root@workstation
[root@workstation ~]# dnf install -y ansible
[root@workstation ~]# vim /etc/sudoers.d/student
student ALL=(ALL) NOPASSWD: ALL
[root@workstation ~]# for i in server{a..d} bastion
> do scp /etc/sudoers.d/student root@$i:/etc/sudoers.d/
> done
2、更改workstation、servera、serverb、serverc、serverd、bastion
主機的/etc/hosts文件,把文件中content.example.com對應的ip改為172.25.254.250
[root@workstation ~]# for i in server{a..d} bastion
> do scp /etc/hosts root@$i:/etc/hosts
> done
3、使用xshell將考試環境需要的那些文件都上傳到/content/目錄下
4、關閉bastion的httpd服務
ssh root@bastion
systemctl stop httpd
systemctl disable httpd
正式答題1、安裝和配置Ansible
按照下方所述,在控制節點workstation.lab.example.com 上安裝和配置Ansible:
安裝所需的軟體包
創建名為/home/student/ansible/inventory的靜態清單文件, 以滿足以下需求:
servera是dev主機組的成員
serverb是test主機組的成員
serverc和serverd是prod主機組的成員
bastion是balancers主機組的成員
prod組是webservers主機組的成員
創建名為/home/student/ansible/ansible.cfg的配置文件, 以滿足以下要求:
主機清單文件為/home/student/ansible/inventory
playbook中使用的角色的位置包括/home/student/ansible/roles
解答:
[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg /home/student/ansible/
[student@workstation ansible]$ mkdir /home/student/ansible/roles
[student@workstation ansible]$ vi ansible.cfg
[defaults]
inventory = /home/student/ansible/inventory
remote_user = student
roles_path = /home/student/ansible/roles
host_key_checking = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
[student@workstation ansible]$ vim inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
bastion
[webservers:children]
prod
驗證:
[student@workstation ansible]$ ansible all -m ping
2、創建和運行Ansible臨時命令
作為系統管理員, 您需要在受管節點上安裝軟體.
請按照下方所述, 創建一個名為/home/student/ansible/adhoc.sh的shell腳本,
該腳本將使用Ansible臨時命令在各個受管節點上安裝yum存儲庫:
存儲庫1:
存儲庫的名稱為 rh294_BASE
描述為 rh294 base software
基礎URL為 //content.example.com/rhel8.0/x86_64/dvd/BaseOS
GPG簽名檢查為啟用狀態
GPG密鑰URL為 //content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存儲庫為開啟狀態
存儲庫2:
存儲庫的名稱為 rh294_STREAM
描述為 rh294 stream software
基礎URL為 //content.example.com/rhel8.0/x86_64/dvd/AppStream
GPG簽名檢查為啟用狀態
GPG密鑰URL為 //content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
存儲庫為開啟狀態
解答:
[student@workstation ansible]$ vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a "name=rh294_BASE description='rh294 base software'
file=rhel_dvd baseurl=//content.example.com/rhel8.0/x86_64/dvd/BaseOS gpgcheck=yes
gpgkey=//content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
ansible all -m yum_repository -a "name=rh294_STREAM description='rh294 stream software'
file=rhel_dvd baseurl=//content.example.com/rhel8.0/x86_64/dvd/AppStream
gpgcheck=yes gpgkey=//content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
[student@workstation ansible]$ chmod +x adhoc.sh
[student@workstation ansible]$ ./adhoc.sh
3、安裝軟體包
創建一個名為 /home/student/ansible/packages.yml的 playbook:
將 php 和 mariadb 軟體包安裝到 dev、test 和 prod 主機組中的主機上
將 RPM Development Tools 軟體包組安裝到 dev主機組中的主機上
將 dev 主機組中主機上的所有軟體包更新為最新版本
解答:
[student@workstation ansible]$ vim packages.yml
---
- name: install pkgs
hosts: dev, test, prod
tasks:
- name: install mariadb php
yum:
name:
- php
- mariadb
state: present
- name: install group pkgs
hosts: dev
tasks:
- name: install Development Tools
yum:
name: "@Development Tools"
state: present
- name: update all pkgs
hosts: dev
tasks:
- name: update pkgs
yum:
name: '*'
state: latest
[student@workstation ansible]$ ansible-playbook packages.yml
4、使用RHEL系統角色
安裝 RHEL 系統角色軟體包,並創建符合以下條件的playbook /home/student/ansible/timesync.yml:
在所有受管節點上運行
使用 timesync 角色
配置該角色,以使用當前有效的 NTP 提供商
配置該角色,以使用時間伺服器 classroom.example.com
配置該角色,以啟用 iburst 參數
解答:
[student@workstation ansible]$ sudo yum -y install rhel-system-roles
[student@workstation ansible]$ mkdir roles
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@workstation ansible]$ vim timesync.yml
---
- name: set time sync
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@workstation ansible]$ ansible-playbook timesync.yml
使用selinux角色
配置該角色,開啟所有受控節點的selinux
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux /home/student/ansible/roles/selinux
vim selinux.yml
---
- name: set selinux
hosts: all
vars:
selinux_state: enforcing
roles:
- role: selinux
become: true
[student@workstation ansible]$ ansible-playbook selinux.yml
5、使用Ansible Galaxy安裝角色
使用 Ansible Galaxy 和要求文件 /home/student/ansible/roles/requirements.yml,從以下 URL 下載角色並安裝到 /home/student/ansible/roles:
//content.example.com/haproxy.tar.gz 此角色的名稱應當為 balancer
//content.example.com/phpinfo.tar.gz 此角色的名稱應當為 phpinfo
解答:
[student@workstation ansible]$ vim roles/requirements.yml
---
- name: balancer
src: //content.example.com/ansible2.8/haproxy.tar.gz
- name: phpinfo
src: //content.example.com/ansible2.8/phpinfo.tar.gz
[student@workstation ansible]$ ansible-galaxy install -r /home/student/asnible/roles/requirements.yml -p /home/student/ansible/roles/
6、創建和使用角色
根據下列要求,在/home/student/ansible/roles中創建名為apache的角色:
httpd軟體包已安裝,設為在系統啟動時啟用並啟動
防火牆已啟用並正在運行,並使用允許訪問Web伺服器的規則
模板文件 index.html.j2 已存在,用於創建具有以下輸出的文件/var/www/html/index.html:
Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME是受管節點的完全限定域名,IPADDRESS則是受管節點的IP地址。
按照下方所述,創建一個使用此角色的playbook /home/student/ansible/newrole.yml:
該playbook在webservers主機組中的主機上運行
解答:
[student@workstation ansible]$ cd roles/
[student@workstation roles]$ ansible-galaxy init apache
[student@workstation roles]$ vim http/tasks/main.yml
---
# tasks file for http
- name: install httpd firewalld
yum:
name:
- httpd
- firewalld
state: present
- name: cp file
template:
src: index.html.j2
dest: /var/www/html/index.html
- name: start httpd
service:
name: httpd
state: started
enabled: yes
- name: restart firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: firewalld for http
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@workstation roles]$ vim http/templates/index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_enp1s0.ipv4.address}}
[student@workstation ansible]$ vim newrole.yml
---
- name: use http role
hosts: webservers
roles:
- apache
[student@workstation ansible]$ ansible-playbook newrole.yml
驗證結果:
[student@workstation ansible]$ curl //serverc
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl //serverd
Welcome to serverd.lab.example.com on 172.25.250.13
7、從Ansible Galaxy使用角色
根據下列要求,創建一個名為 /home/student/ansible/roles.yml的playbook:
playbook中包含一個play,該play在balancers主機組中的主機上運行並將使用balancer角色。
此角色配置一項服務,以在webservers主機組中的主機之間平衡Web伺服器請求的負載。
瀏覽到balancers主機組中的主機(例如//bastion.lab.example.com/ )將生成以下輸出:
Welcome to serverc.example.com on 172.25.1.12
重新載入瀏覽器將從另一Web伺服器生成輸出:
Welcome to serverd.example.com on 172.25.1.13
playbook 中包含一個 play,該 play 在 webservers主機組中的主機上運行並將使用 phpinfo 角色。
通過 URL /hello.php 瀏覽到 webservers 主機組中的主機將生成以下輸出:
Hello PHP World from FQDN
其中,FQDN是主機的完全限定名稱。
例如,瀏覽到 //serverc.lab.example.com/hello.php 會生成以下輸出:
Hello PHP World from serverc.lab.example.com
另外還有 PHP 配置的各種詳細資訊,如安裝的PHP 版本等。
同樣,瀏覽到 //serverd.lab.example.com/hello.php 會生成以下輸出:
Hello PHP World from serverd.lab.example.com
另外還有 PHP 配置的各種詳細資訊,如安裝的PHP 版本等。
解答:
[student@workstation ansible]$ vim roles.yml
---
- name: gather facts for webservers
hosts: webservers //獲取webservers的事實變數,因為你要在webservers主機組上平衡WEB伺服器的負載。
- name: balancer role
hosts: balancers
roles:
- balancer
- name: php role
hosts: webservers
roles:
- phpinfo
再來執行該playbook
[student@workstation ansible]$ ansible-playbook roles.yml
驗證:
[student@workstation ansible]$ curl //bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl //bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13
[student@workstation ansible]$ curl //serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl //serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com
8、創建和使用邏輯卷
創建一個名為/home/student/ansible/lv.yml 的playbook,它將在所有受管節點上運行以執行下列任務:
創建符合以下要求的邏輯卷:
邏輯卷創建在research卷組中
邏輯卷名稱為data
邏輯卷大小為1500MiB
使用ext4文件系統格式化邏輯卷
如果無法創建請求的邏輯卷大小,應顯示錯誤消息
Could not create logical volume of that size,並且應改為使用大小 800MiB。
如果卷組research 不存在 ,應顯示錯誤消息
Volume group does not exist。
不要以任何方式掛載邏輯卷
前期環境
首先執行lvm_pre.yml
[student@workstation ansible]$ ansible-playbook lvm_pre.yml
答題:
[student@workstation ansible]$ vim lv.yml
---
- name: create lvm
hosts: all
tasks:
- name: create lv data
block:
- name: create lv 1500M
lvol:
lv: data
vg: research
size: 1500M
rescue:
- name: output fail message
debug:
msg: Could not create logical volume of that size
- name: create lv 800M
lvol:
lv: data
vg: research
size: 800M
always:
- name: format lv
filesystem:
dev: /dev/research/data
fstype: ext4
when: "'research' in ansible_lvm.vgs"
- name: search not exists
debug:
msg: Volume group does not exist
when: "'research' not in ansible_lvm.vgs"
[student@workstation ansible]$ ansible-playbook lv.yml
創建和使用分區
創建名為partition.yml的playbook,對所有節點進行操作:
在vdb上創建一個主分區1500MiB
使用ext4文件系統進行格式化
將文件系統掛載到/newpart
如果分區大小不滿足,產生報錯資訊 could not create partition os that size
則創建分區大小變成800MiB
如果磁碟不存在,產生報錯資訊:disk does not exist
[student@workstation ansible]$ vim partition.yml
---
- name: create partition
hosts: all
tasks:
- name: create part1
block:
- name: create part 1500
parted:
device: /dev/vdb
number: 1
part_type: primary
part_start: 10MiB
part_end: 1510MiB
state: present
rescue:
- name: output fail message
debug:
msg: could not create partition os that size
- name: create part 800
parted:
device: /dev/vdb
number: 1
part_type: primary
part_start: 10MiB
part_end: 800MiB
state: present
always:
- name: format part
filesystem:
dev: /dev/vdb1
fstype: ext4
- name: create mount point
file:
path: /newpart
state: directory
- name: mount
mount:
src: /dev/vdb1
path: /newpart
fstype: ext4
state: mounted
when: "ansible_devices.vdb is defined"
- name: vdb not exist
debug:
msg: disk does not exist
when: "ansible_devices.vdb is not defined"
[student@workstation ansible]$ ansible-playbook partition.yml
由於練習環境原因,此playbook無法正常運行。
9、生成主機文件
將一個初始模板文件從//content.example.com/hosts.j2下載到/home/student/ansible
完成該模板,以便用它生成以下文件:針對每個清單主機包含一行內容,其格式與 /etc/hosts 相同
創建名為 /home/student/ansible/hosts.yml 的playbook,它將使用此模板在 dev 主機組中的主機上生成文件 /etc/myhosts。
該 playbook 運行後,dev 主機組中主機上的文件/etc/myhosts 應針對每個受管主機包含一行內容:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.24.1.6 servera.lab1.example.com servera
172.24.1.7 serverb.lab1.example.com serverb
172.24.1.8 serverc.lab1.example.com serverc
172.24.1.9 serverd.lab1.example.com serverd
172.24.1.10 bastion.lab1.example.com bastion
解答:
[student@workstation ansible]$ wget //content.example.com/hosts.j2
[student@workstation ansible]$ vim hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{{ hostvars[host].ansible_enp1s0.ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }}
{% endfor %}
[student@workstation ansible]$ vim hosts.yml
- name: get all facts
hosts: all - name: cp to myhosts
hosts: dev
tasks:- name: cp file
template:
src: /home/student/ansible/hosts.j2
dest: /etc/myhosts
- name: cp file
驗證:
[root@servera ~]# cat /etc/myhosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.10 servera.lab.example.com servera
172.25.250.11 serverb.lab.example.com serverb
172.25.250.254 bastion.lab.example.com bastion
172.25.250.12 serverc.lab.example.com serverc
172.25.250.13 serverd.lab.example.com serverd
10、修改文件內容
按照下方所述,創建一個名為 /home/student/ansible/issue.yml 的 playbook:
該 playbook 將在所有清單主機上運行
該 playbook 會將 /etc/issue 的內容替換為下方所示的一行文本:
在 dev 主機組中的主機上,這行文本顯示為:Development
在 test 主機組中的主機上,這行文本顯示為:Test
在 prod 主機組中的主機上,這行文本顯示為:Production
解答:
[student@workstation ansible]$ vim issue.yml
---
- name: modify issue
hosts: all
tasks:
- name: input to issue
copy:
content: |
{% if 'dev' in group_names %}
Development
{% elif 'test' in group_names %}
Test
{% elif 'prod' in group_names %}
Production
{% endif %}
dest: /etc/issue
[student@workstation ansible]$ ansible-playbook issue.yml
驗證:
[root@servera ~]# cat /etc/issue
Development
[root@serverb ~]# cat /etc/issue
Test
[root@serverc ~]# cat /etc/issue
Production
[root@serverd ~]# cat /etc/issue
Production
11、創建Web內容目錄
按照下方所述,創建一個名為 /home/student/ansible/webcontent.yml 的 playbook:
該 playbook 在 dev 主機組中的受管節點上運行
創建符合下列要求的目錄 /webdev:
所有者為 devops 組
具有常規許可權:owner=read+write+execute,group=read+write+execute,other=read+execute
具有特殊許可權: set group ID
用符號鏈接將 /var/www/html/webdev 鏈接到 /webdev
創建文件 /webdev/index.html,其中包含如下所示的單行文本:Development
在 dev 主機組中主機上瀏覽此目錄(例如 //servera.lab.example.com/webdev/ )將生成以下輸出:
Development
解答:
[student@workstation ansible]$ vim webcontent.yml
---
- name: web station
hosts: dev
tasks:
- name: install httpd firewalld
yum:
name:
- httpd
- firewalld
state: present
- name: create group
group:
name: devops
state: present
- name: create /webdev
file:
path: /webdev
state: directory
group: devops
mode: 2775
- name: cp
copy:
content: Development
dest: /webdev/index.html
- name: set selinux context
sefcontext:
target: /webdev(/.*)?
setype: httpd_sys_content_t
- name: shell
shell:
cmd: restorecon -Rv /webdev
- name: create link to /var/www/html/webdev
file:
src: /webdev
dest: /var/www/html/webdev
state: link
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
- name: restart firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: firewall for http
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@workstation ansible]$ ansible-playbook webcontent.yml
驗證:
[student@workstation ansible]$ curl //servera.lab.example.com/webdev/
Development
12、生成硬體報告
創建一個名為 /home/student/ansible/hwreport.yml的 playbook,它將在所有受管節點上生成含有以下資訊的輸出文件 /root/hwreport.txt:
輸出文件中的每一行含有一個 key=value 對。
您的 playbook 應當:
從 //content.example.com/hwreport.empty 下載文件,並將它保存為/root/hwreport.txt
使用正確的值修改 /root/hwreport.txt
如果硬體項不存在,相關的值應設為NONE
解答:
[student@workstation ansible]$ vim hwreport.yml
---
- name: get hwreport
hosts: all
tasks:
- name: Create report file
get_url:
url: //content.example.com/hwreport.empty
dest: /root/hwreport.txt
- name: get inventory_hostname
replace:
path: /root/hwreport.txt
regexp: 'inventoryhostname'
replace: "{{ inventory_hostname }}"
- name: get mem
replace:
path: /root/hwreport.txt
regexp: 'memory_in_MB'
replace: "{{ ansible_memtotal_mb }}"
- name: get bios
replace:
path: /root/hwreport.txt
regexp: 'BIOS_version'
replace: "{{ ansible_bios_version }}"
- name: get vda
replace:
path: /root/hwreport.txt
regexp: 'disk_vda_size'
replace: "{{ ansible_devices.vda.size if ansible_devices.vda is defined else 'NONE'}}"
- name: get vdb
replace:
path: /root/hwreport.txt
regexp: 'disk_vdb_size'
replace: "{{ ansible_devices.vdb.size if ansible_devices.vdb is defined else 'NONE'}}"
[student@workstation ansible]$ ansible-playbook hwreport.yml
13、創建密碼庫
按照下方所述,創建一個 Ansible 庫來存儲用戶密碼:
庫名稱為 /home/student/ansible/locker.yml
庫中含有兩個變數,名稱如下:
pw_developer,值為 Imadev
pw_manager,值為 Imamgr
用於加密和解密該庫的密碼為whenyouwishuponastar
密碼存儲在文件 /home/student/ansible/secret.txt中
解答:
[student@workstation ansible]$ vim locker.yml
---
pw_developer: lmadev
pw_manager: lmamgr
[student@workstation ansible]$ echo whenyouwishuponastar > secret.txt
[student@workstation ansible]$ chmod 600 secret.txt
[student@workstation ansible]$ ansible-vault encrypt locker.yml --vault-id=/home/student/ansible/secret.txt
14、創建用戶賬戶
從 //content.example.com/user_list.yml 下載要創建的用戶的列表,並將它保存到 /home/student/ansible
在本次考試中使用在其他位置創建的密碼庫 /home/student/ansible/locker.yml,創建名為/home/student/ansible/users.yml 的playbook,從而按以下所述創建用戶帳戶:
職位描述為 developer 的用戶應當:
在 dev 和 test 主機組中的受管節點上創建
從 pw_developer 變數分配密碼,密碼有效期為30天
是附加組 student 的成員
職位描述為 manager 的用戶應當:
在 prod 主機組中的受管節點上創建
從 pw_manager 變數分配密碼,密碼有效期為30天
是附加組 opsmgr 的成員
密碼應採用 SHA512 哈希格式。
您的 playbook 應能夠在本次考試中使用在其他位置創建的庫密碼文件/home/student/ansible/secret.txt 正常運行
解答:
[student@workstation ansible]$ wget //content.example.com/user_list.yml
[student@workstation ansible]$ vim users.yml
---
- name: create developer user
hosts: dev, test
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group student
group:
name: student
state: present
- name: create user in developer
user:
name: "{{ item.name }}"
groups: student
password: "{{ pw_developer | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "developer"
- name: chage
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "developer"
- name: create manager user
hosts: prod
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group opsmgr
group:
name: opsmgr
state: present
- name: create user in manager
user:
name: "{{ item.name }}"
groups: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "manager"
- name: chage1
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "manager"
[student@workstation ansible]$ ansible-playbook users.yml --vault-id secret.txt
15、更新Ansible庫的密鑰
按照下方所述,更新現有 Ansible 庫的密鑰:
從 //content.example.com/salaries.yml 下載 Ansible 庫到 /home/student/ansible
當前的庫密碼為 AAAAAAAAA
新的庫密碼為 bbe2de98389b
庫使用新密碼保持加密狀態
解答:
[student@workstation ansible]$ wget //172.25.250.250/ansible2.8/salaries.yml
[student@workstation ansible]$ ansible-vault rekey salaries.yml
輸入舊密碼
輸入新密碼
確認新密碼
16、創建⼀個名為 /home/greg/ansible/cron.yml 的 playbook ,
配置 cron 作業,該作業每隔 2 分鐘運⾏並執⾏以下命令:
logger “EX294 in progress”,以⽤戶 natasha 身份運⾏
解答:
[student@workstation ansible]$ vim cron.yml
---
- name: create cron
hosts: all
tasks:
- name: create user
user:
name: natasha
state: present
- name: create cron for all
cron:
name: cy
minute: '*/2'
job: logger "EX294 in progress"
user: natasha
[student@workstation ansible]$ ansible-playbook cron.yml