RHCE role practice questions
1. Use RHEL system roles
Install the RHEL system role package and create a playbook /home/student/ansible/timesync.yml with the following conditions:
run on all managed nodes
Use the timesync role
Configure the role to use the currently valid NTP provider
Configure the role to use the time server classroom.example.com
Configure the role to enable the iburst parameter
[student@ansible ansible]$ sudo dnf -y install rhel-system-roles-1.7.3-2.el8.noarch
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@ansible ansible]$ vim timesync.yml
---
- name: test
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@ansible ansible]$ ansible-playbook timesync.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Set version specific variables] *******************************
ok: [node3]
ok: [node1]
ok: [node2]
TASK [timesync : Populate service facts] ***************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [Set variable `timesync_services` with filtered uniq service names] *******
ok: [node1]
ok: [node2]
ok: [node3]
TASK [Check that variable 'timesync_services' is defined] **********************
ok: [node1] => {
"changed": false,
"msg": "All assertions passed"
}
ok: [node2] => {
"changed": false,
"msg": "All assertions passed"
}
ok: [node3] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [timesync : Check if only NTP is needed] **********************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [timesync : Check if single PTP is needed] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Check if both NTP and PTP are needed] *************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Determine current NTP provider] *******************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Select NTP provider] ******************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [timesync : Install chrony] ***********************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [timesync : Install ntp] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Install linuxptp] *********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Gather package facts] *****************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [timesync : Run phc_ctl on PTP interface] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Check if PTP interface supports HW timestamping] **************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate chrony.conf file] ************************************
changed: [node2]
changed: [node1]
changed: [node3]
TASK [timesync : Generate chronyd sysconfig file] ******************************
changed: [node1]
changed: [node2]
changed: [node3]
TASK [timesync : Generate ntp.conf file] ***************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ntpd sysconfig file] *********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ptp4l.conf file] *************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate ptp4l sysconfig file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate phc2sys sysconfig file] ******************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Generate timemaster.conf file] ********************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Update network sysconfig file] ********************************
changed: [node1]
changed: [node2]
changed: [node3]
TASK [timesync : Disable chronyd] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ntpd] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ntpdate] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable sntp] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable ptp4l] ************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable phc2sys] **********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Disable timemaster] *******************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable chronyd] ***********************************************
ok: [node3]
ok: [node1]
changed: [node2]
TASK [timesync : Enable ntpd] **************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable ptp4l] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable phc2sys] ***********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [timesync : Enable timemaster] ********************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
RUNNING HANDLER [timesync : restart chronyd] ***********************************
changed: [node2]
changed: [node3]
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=15 changed=4 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
node2 : ok=15 changed=5 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
node3 : ok=15 changed=4 unreachable=0 failed=0 skipped=23 rescued=0 ignored=0
2. Use selinux roles
Configure this role and write a playbook of selinux.yml to enable selinux of all controlled nodes
[student@ansible ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ /home/student/ansible/roles/selinux
[student@ansible ansible]$ cat selinux.yml
---
- hosts: all
vars:
selinux_state: enforcing
tasks:
- name: selinux
block:
- include_role:
name: selinux
rescue:
- name: failed reason require reboot
fail:
when: not selinux_reboot_required
- name: reboot
reboot:
- name: config selinux
include_role:
name: selinux
[student@ansible ansible]$ ansible-playbook selinux.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [include_role : selinux] **************************************************
TASK [selinux : Install SELinux python2 tools] *********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Install SELinux python3 tools] *********************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [selinux : refresh facts] *************************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Install SELinux tool semanage] *********************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Set permanent SELinux state if enabled] ************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : Set permanent SELinux state if disabled] ***********************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Set ansible facts if needed] ***********************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [selinux : Fail if reboot is required] ************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : debug] *********************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Drop all local modifications] **********************************
skipping: [node3]
skipping: [node1]
skipping: [node2]
TASK [selinux : Purge all SELinux boolean local modifications] *****************
skipping: [node2]
skipping: [node3]
skipping: [node1]
TASK [selinux : Purge all SELinux file context local modifications] ************
skipping: [node2]
skipping: [node1]
skipping: [node3]
TASK [selinux : Purge all SELinux port local modifications] ********************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Purge all SELinux login local modifications] *******************
skipping: [node1]
skipping: [node2]
skipping: [node3]
TASK [selinux : Set SELinux booleans] ******************************************
TASK [selinux : Set SELinux file contexts] *************************************
TASK [selinux : Restore SELinux labels on filesystem tree] *********************
TASK [selinux : Restore SELinux labels on filesystem tree in check mode] *******
TASK [selinux : Set an SELinux label on a port] ********************************
TASK [selinux : Set linux user to SELinux user mapping] ************************
TASK [selinux : Get SELinux modules facts] *************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [selinux : include_tasks] *************************************************
skipping: [node1]
skipping: [node2]
skipping: [node3]
PLAY RECAP *********************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
node2 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
node3 : ok=7 changed=0 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0
//View managed host status
[root@node1 ~]# getenforce 0
Enforcing
3. Install roles using Ansible Galaxy
Using Ansible Galaxy and the requirements file /home/student/ansible/roles/requirements.yml, download roles from the following URL and install to /home/student/ansible/roles:
http://content.example.com/haproxy.tar.gz The name of this role should be balancer
http://content.example.com/phpinfo.tar.gz The name of this role should be phpinfo
//Define the path to install roles [student@ansible ansible]$ cd roles/ [student@ansible roles]$ vim test.yml --- - name: balancer src: file:///home/student/haproxy.tar.gz - name: phpinfo src: file:///home/student/phpinfo.tar.gz [student@ansible ansible]$ ansible-galaxy install -r /home/student/ansible/roles/test.yml -p /home/student/ansible/roles/ - balancer is already installed, skipping. - downloading role from file:///home/student/phpinfo.tar.gz - extracting phpinfo to /home/student/ansible/roles/phpinfo - phpinfo was installed successfully [student@ansible ansible]$ cd roles/ [student@ansible roles]$ ls balancer selinux timesync phpinfo test.yml
4. Create and use roles
Create a role named apache in /home/student/ansible/roles with the following requirements:
The httpd package is installed, set to enable and start at system boot
Firewall is enabled and running with rules that allow access to the Web server
The template file index.html.j2 already exists to create the file /var/www/html/index.html with the following output:
Welcome to HOSTNAME on IPADDRESS
where HOSTNAME is the fully qualified domain name of the managed node and IPADDRESS is the IP address of the managed node.
Create a playbook /home/student/ansible/newrole.yml that uses this role as described below:
The playbook is running on a host in the webservers host group
[student@ansible roles]$ ansible-galaxy init apache
- Role apache was created successfully
[student@ansible roles]$ ls
apache phpinfo test.yml
balancer selinux timesync
[student@ansible roles]$ cd apache/templates/
[student@ansible templates]$ vim index.html.j2
Welcome to {{ansible_fqdn}} on {{ansible_ens160.ipv4.address}}
[student@ansible apache]$ cat tasks/main.yml
---
# tasks file for apache
- name: mount cdrom
mount:
src: /dev/cdrom
path: /mnt
fstype: iso9660
state: mounted
- name: repo1
yum_repository:
file: server
name: BaseOS
description: CtenOS8
baseurl: file:///mnt/BaseOS
enabled: yes
gpgcheck: no
- name: repo2
yum_repository:
file: server
name: AppStream
description: CtenOS8
baseurl: file:///mnt/AppStream
enabled: yes
gpgcheck: no
- name: install httpd
dnf:
name:
- httpd
- firewalld
state: present
- name: cp file
template:
src: index.html.j2
dest: /var/www/html/index.html
notify:
- restarted httpd
- name: firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
[student@ansible apache]$ cat handlers/main.yml
---
# handlers file for apache
- name: restart httpd
service:
name: httpd
state: restarted
enabled: yes
[student@ansible ansible]$ cat newrole.yml
---
- name: apache
hosts: all
roles:
- apache
[student@ansible ansible]$ ansible-playbook newrole.yml
PLAY [apache] ******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node3]
ok: [node2]
ok: [node1]
TASK [apache : mount cdrom] ****************************************************
ok: [node1]
ok: [node3]
ok: [node2]
TASK [apache : repo1] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [apache : repo2] **********************************************************
ok: [node1]
ok: [node2]
ok: [node3]
TASK [apache : install httpd] **************************************************
ok: [node2]
ok: [node3]
ok: [node1]
TASK [apache : cp file] ********************************************************
ok: [node2]
ok: [node1]
ok: [node3]
TASK [apache : firewalld] ******************************************************
ok: [node1]
ok: [node2]
ok: [node3]
PLAY RECAP *********************************************************************
node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@ansible ansible]$ curl http://node1.example.com
Welcome to node1.example.com on 192.168.244.140
[student@ansible ansible]$ curl http://node2.example.com
Welcome to node2.example.com on 192.168.244.141
[student@ansible ansible]$ curl http://node3.example.com
Welcome to node3.example.com on 192.168.244.142
5. Use roles from Ansible Galaxy
Create a playbook named /home/student/ansible/roles.yml with the following requirements:
The playbook contains a play that runs on hosts in the balancers host group and will use the balancer role.
This role configures a service to balance the load of Web server requests among hosts in the webservers host group.
Browsing to a host in the balancers host group (eg http://bastion.lab.example.com/ ) will generate the following output:
Welcome to serverc.example.com on 172.25.1.12
Reloading the browser will generate output from another Web server:
Welcome to serverd.example.com on 172.25.1.13
The playbook contains a play that runs on hosts in the webservers host group and will use the phpinfo role.
Browsing to a host in the webservers host group via the URL /hello.php produces the following output:
Hello PHP World from FQDN
where FQDN is the fully qualified name of the host.
For example, browse to http://serverc.lab.example.com/hello.php produces the following output:
Hello PHP World from serverc.lab.example.com
There are also various details of the PHP configuration, such as the installed PHP version, etc.
Likewise, browse to http://serverd.lab.example.com/hello.php produces the following output:
Hello PHP World from serverd.lab.example.com
There are also various details of the PHP configuration, such as the installed PHP version, etc.
[student@ansible ansible]$ cat roles.yml
---
- name: gather facts for webservers
hosts: webservers
- name: balancer role
hosts: balancers
roles:
- balancer
- name: php role
hosts: webservers
roles:
- phpinfo
[student@ansible ansible]$ ansible-playbook roles.yml
PLAY [gather facts for webservers] *********************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]
[WARNING]: Could not match supplied host pattern, ignoring: balancers
PLAY [balancer role] ***********************************************************
skipping: no hosts matched
PLAY [php role] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Install Apache] ************************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Install firewalld] *********************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Start and enable firewalld] ************************************
ok: [node3]
ok: [node2]
TASK [phpinfo : Enable http in firewall] ***************************************
ok: [node2]
ok: [node3]
TASK [phpinfo : Copy the hello_ver.html.j2] ************************************
changed: [node2]
changed: [node3]
TASK [phpinfo : Start and enable httpd] ****************************************
ok: [node2]
changed: [node3]
RUNNING HANDLER [phpinfo : restart httpd] **************************************
changed: [node2]
changed: [node3]
PLAY RECAP *********************************************************************
node2 : ok=9 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=9 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
verify:
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl http://bastion.lab.example.com
Welcome to serverd.lab.example.com on 172.25.250.13
[student@workstation ansible]$ curl http://serverc.lab.example.com/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl http://serverd.lab.example.com/hello.php
Hello PHP World form serverd.lab.example.com