RHCE role practice questions

RHCE role practice questions

1. Use RHEL system roles

Install the RHEL system role package and create a playbook /home/student/ansible/timesync.yml with the following conditions:
run on all managed nodes
Use the timesync role
Configure the role to use the currently valid NTP provider
Configure the role to use the time server classroom.example.com
Configure the role to enable the iburst parameter

[student@ansible ansible]$ sudo dnf -y install rhel-system-roles-1.7.3-2.el8.noarch 
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/  /home/student/ansible/roles/timesync
[student@ansible ansible]$ vim timesync.yml 
---
- name: test
  hosts: all
  vars: 
    timesync_ntp_servers: 
      - hostname: classroom.example.com
        iburst: yes
  roles: 
    - timesync

[student@ansible ansible]$ ansible-playbook timesync.yml 

PLAY [test] ********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [timesync : Set version specific variables] *******************************
ok: [node3]
ok: [node1]
ok: [node2]

TASK [timesync : Populate service facts] ***************************************
ok: [node3]
ok: [node2]
ok: [node1]

TASK [Set variable `timesync_services` with filtered uniq service names] *******
ok: [node1]
ok: [node2]
ok: [node3]

TASK [Check that variable 'timesync_services' is defined] **********************
ok: [node1] => {
    "changed": false,
    "msg": "All assertions passed"
}
ok: [node2] => {
    "changed": false,
    "msg": "All assertions passed"
}
ok: [node3] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [timesync : Check if only NTP is needed] **********************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [timesync : Check if single PTP is needed] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Check if both NTP and PTP are needed] *************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Determine current NTP provider] *******************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [timesync : Select NTP provider] ******************************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [timesync : Install chrony] ***********************************************
ok: [node3]
ok: [node2]
ok: [node1]

TASK [timesync : Install ntp] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Install linuxptp] *********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Gather package facts] *****************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [timesync : Run phc_ctl on PTP interface] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Check if PTP interface supports HW timestamping] **************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate chrony.conf file] ************************************
changed: [node2]
changed: [node1]
changed: [node3]

TASK [timesync : Generate chronyd sysconfig file] ******************************
changed: [node1]
changed: [node2]
changed: [node3]

TASK [timesync : Generate ntp.conf file] ***************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate ntpd sysconfig file] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate ptp4l.conf file] *************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate ptp4l sysconfig file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate phc2sys sysconfig file] ******************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Generate timemaster.conf file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Update network sysconfig file] ********************************
changed: [node1]
changed: [node2]
changed: [node3]

TASK [timesync : Disable chronyd] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable ntpd] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable ntpdate] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable sntp] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable ptp4l] ************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable phc2sys] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Disable timemaster] *******************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Enable chronyd] ***********************************************
ok: [node3]
ok: [node1]
changed: [node2]

TASK [timesync : Enable ntpd] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Enable ptp4l] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Enable phc2sys] ***********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [timesync : Enable timemaster] ********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

RUNNING HANDLER [timesync : restart chronyd] ***********************************
changed: [node2]
changed: [node3]
changed: [node1]

PLAY RECAP *********************************************************************
node1                      : ok=15   changed=4    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   
node2                      : ok=15   changed=5    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0   
node3                      : ok=15   changed=4    unreachable=0    failed=0    skipped=23   rescued=0    ignored=0  


2. Use selinux roles

Configure this role and write a playbook of selinux.yml to enable selinux of all controlled nodes

[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/  /home/student/ansible/roles/selinux
[student@ansible ansible]$ cat selinux.yml 

---
- hosts: all
  vars:
    selinux_state: enforcing
  tasks:
    - name: selinux 
      block:
        - include_role:
            name: selinux
      rescue:
        - name: failed reason require reboot
          fail:
          when: not selinux_reboot_required
        - name: reboot
          reboot:
        - name: config selinux
          include_role:
             name: selinux

[student@ansible ansible]$ ansible-playbook selinux.yml 

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [include_role : selinux] **************************************************

TASK [selinux : Install SELinux python2 tools] *********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]

TASK [selinux : Install SELinux python3 tools] *********************************
ok: [node3]
ok: [node2]
ok: [node1]

TASK [selinux : refresh facts] *************************************************
ok: [node2]
ok: [node3]
ok: [node1]

TASK [selinux : Install SELinux tool semanage] *********************************
ok: [node2]
ok: [node3]
ok: [node1]

TASK [selinux : Set permanent SELinux state if enabled] ************************
ok: [node2]
ok: [node3]
ok: [node1]

TASK [selinux : Set permanent SELinux state if disabled] ***********************
skipping: [node3]
skipping: [node1]
skipping: [node2]

TASK [selinux : Set ansible facts if needed] ***********************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [selinux : Fail if reboot is required] ************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [selinux : debug] *********************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [selinux : Drop all local modifications] **********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]

TASK [selinux : Purge all SELinux boolean local modifications] *****************
skipping: [node2]
skipping: [node3]
skipping: [node1]

TASK [selinux : Purge all SELinux file context local modifications] ************
skipping: [node2]
skipping: [node1]
skipping: [node3]

TASK [selinux : Purge all SELinux port local modifications] ********************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [selinux : Purge all SELinux login local modifications] *******************
skipping: [node1]
skipping: [node2]
skipping: [node3]

TASK [selinux : Set SELinux booleans] ******************************************

TASK [selinux : Set SELinux file contexts] *************************************

TASK [selinux : Restore SELinux labels on filesystem tree] *********************

TASK [selinux : Restore SELinux labels on filesystem tree in check mode] *******

TASK [selinux : Set an SELinux label on a port] ********************************

TASK [selinux : Set linux user to SELinux user mapping] ************************

TASK [selinux : Get SELinux modules facts] *************************************
ok: [node2]
ok: [node3]
ok: [node1]

TASK [selinux : include_tasks] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]

PLAY RECAP *********************************************************************
node1                      : ok=7    changed=0    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0   
node2                      : ok=7    changed=0    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0   
node3                      : ok=7    changed=0    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0

//View managed host status
[root@node1 ~]# getenforce 0
Enforcing


3. Install roles using Ansible Galaxy

Using Ansible Galaxy and the requirements file /home/student/ansible/roles/requirements.yml, download roles from the following URL and install to /home/student/ansible/roles:
http://content.example.com/haproxy.tar.gz The name of this role should be balancer
http://content.example.com/phpinfo.tar.gz The name of this role should be phpinfo

//Define the path to install roles
[student@ansible ansible]$ cd roles/
[student@ansible roles]$ vim test.yml
---
- name: balancer
  src: file:///home/student/haproxy.tar.gz

- name: phpinfo
  src: file:///home/student/phpinfo.tar.gz
  
[student@ansible ansible]$ ansible-galaxy install -r /home/student/ansible/roles/test.yml  -p /home/student/ansible/roles/
- balancer is already installed, skipping.
- downloading role from file:///home/student/phpinfo.tar.gz
- extracting phpinfo to /home/student/ansible/roles/phpinfo
- phpinfo was installed successfully

[student@ansible ansible]$ cd roles/
[student@ansible roles]$ ls
balancer  selinux   timesync
phpinfo   test.yml

4. Create and use roles
Create a role named apache in /home/student/ansible/roles with the following requirements:
The httpd package is installed, set to enable and start at system boot
Firewall is enabled and running with rules that allow access to the Web server
The template file index.html.j2 already exists to create the file /var/www/html/index.html with the following output:
Welcome to HOSTNAME on IPADDRESS
where HOSTNAME is the fully qualified domain name of the managed node and IPADDRESS is the IP address of the managed node.
Create a playbook /home/student/ansible/newrole.yml that uses this role as described below:
The playbook is running on a host in the webservers host group

[student@ansible roles]$ ansible-galaxy init apache
- Role apache was created successfully
[student@ansible roles]$ ls
apache    phpinfo  test.yml
balancer  selinux  timesync

[student@ansible roles]$ cd apache/templates/
[student@ansible templates]$ vim index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_ens160.ipv4.address}}

[student@ansible apache]$ cat tasks/main.yml 
---
# tasks file for apache
- name: mount cdrom
  mount: 
    src: /dev/cdrom
    path: /mnt
    fstype: iso9660
    state: mounted

- name: repo1
  yum_repository: 
    file: server
    name: BaseOS
    description: CtenOS8
    baseurl: file:///mnt/BaseOS
    enabled: yes
    gpgcheck: no

- name: repo2
  yum_repository: 
    file: server
    name: AppStream
    description: CtenOS8
    baseurl: file:///mnt/AppStream
    enabled: yes
    gpgcheck: no

- name: install httpd
  dnf: 
   name: 
     - httpd
     - firewalld
   state: present

- name: cp file
  template: 
    src: index.html.j2
    dest: /var/www/html/index.html
  notify: 
    - restarted httpd

- name: firewalld
  firewalld: 
    service: http
    state: enabled
    permanent: yes
    immediate: yes

[student@ansible apache]$ cat handlers/main.yml 
---
# handlers file for apache
- name: restart httpd
  service: 
    name: httpd
    state: restarted
    enabled: yes


[student@ansible ansible]$ cat newrole.yml 
--- 
- name: apache
  hosts: all
  roles: 
    - apache

[student@ansible ansible]$ ansible-playbook newrole.yml 

PLAY [apache] ******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node3]
ok: [node2]
ok: [node1]

TASK [apache : mount cdrom] ****************************************************
ok: [node1]
ok: [node3]
ok: [node2]

TASK [apache : repo1] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [apache : repo2] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]

TASK [apache : install httpd] **************************************************
ok: [node2]
ok: [node3]
ok: [node1]

TASK [apache : cp file] ********************************************************
ok: [node2]
ok: [node1]
ok: [node3]

TASK [apache : firewalld] ******************************************************
ok: [node1]
ok: [node2]
ok: [node3]

PLAY RECAP *********************************************************************
node1                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node2                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node3                      : ok=7    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[student@ansible ansible]$ curl http://node1.example.com
Welcome to node1.example.com on 192.168.244.140
[student@ansible ansible]$ curl http://node2.example.com
Welcome to node2.example.com on 192.168.244.141
[student@ansible ansible]$ curl http://node3.example.com
Welcome to node3.example.com on 192.168.244.142

5. Use roles from Ansible Galaxy

Create a playbook named /home/student/ansible/roles.yml with the following requirements:
The playbook contains a play that runs on hosts in the balancers host group and will use the balancer role.
This role configures a service to balance the load of Web server requests among hosts in the webservers host group.
Browsing to a host in the balancers host group (eg http://bastion.lab.example.com/ ) will generate the following output:
Welcome to serverc.example.com on 172.25.1.12
Reloading the browser will generate output from another Web server:
Welcome to serverd.example.com on 172.25.1.13
The playbook contains a play that runs on hosts in the webservers host group and will use the phpinfo role.
Browsing to a host in the webservers host group via the URL /hello.php produces the following output:
Hello PHP World from FQDN
where FQDN is the fully qualified name of the host.
For example, browse to http://serverc.lab.example.com/hello.php produces the following output:
Hello PHP World from serverc.lab.example.com
There are also various details of the PHP configuration, such as the installed PHP version, etc.
Likewise, browse to http://serverd.lab.example.com/hello.php produces the following output:
Hello PHP World from serverd.lab.example.com
There are also various details of the PHP configuration, such as the installed PHP version, etc.

[student@ansible ansible]$ cat roles.yml 
---
- name: gather facts for webservers
  hosts: webservers
- name: balancer role
  hosts: balancers
  roles: 
    - balancer

- name: php role
  hosts: webservers
  roles: 
    - phpinfo

[student@ansible ansible]$ ansible-playbook roles.yml 

PLAY [gather facts for webservers] *********************************************

TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]
[WARNING]: Could not match supplied host pattern, ignoring: balancers

PLAY [balancer role] ***********************************************************
skipping: no hosts matched

PLAY [php role] ****************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]

TASK [phpinfo : Install Apache] ************************************************
ok: [node2]
ok: [node3]

TASK [phpinfo : Install firewalld] *********************************************
ok: [node2]
ok: [node3]

TASK [phpinfo : Start and enable firewalld] ************************************
ok: [node3]
ok: [node2]

TASK [phpinfo : Enable http in firewall] ***************************************
ok: [node2]
ok: [node3]

TASK [phpinfo : Copy the hello_ver.html.j2] ************************************
changed: [node2]
changed: [node3]

TASK [phpinfo : Start and enable httpd] ****************************************
ok: [node2]
changed: [node3]

RUNNING HANDLER [phpinfo : restart httpd] **************************************
changed: [node2]
changed: [node3]

PLAY RECAP *********************************************************************
node2                      : ok=9    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node3                      : ok=9    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   


verify:
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13


[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com


Posted by jnuneznyc on Fri, 04 Nov 2022 00:58:41 +1030