资讯

展开

Linux-Ansible管理变量和事实 ansible定义变量的方式

作者:快盘下载 人气:

Linux-Ansible管理变量和事实 ansible定义变量的方式

个人主页;;wei_shuo的个人主页

; Hello World ;;


管理变量和事实

1.删除仓库;自己写仓库
前提准备
[devops;workstation ansible]$ ansible all -m shell -a ;rm -rf /etc/yum.repos.d/*;
[devops;workstation ansible]$ ansible all -a ;ls /etc/yum.repos.d/;

//仓库已经被挂载到f0上
[kiosk;foundation0 ~]$ df -h
/dev/loop0      6.7G  6.7G     0 100% /content/rhel8.0/x86_64/dvd

通过firefox浏览器访问content/即可看到仓库
写仓库的playbook
[devops;workstation ansible]$ vim yumrepo.yml
  1 ---
  2 - name: yumrepo
  3   hosts: all
  4   tasks:
  5   - name: Add multiple repositories
  6     yum_repository:
  7       name: baseOS
  8       description: baseOS YUM repo
  9       baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
 10       gpgcheck: yes
 11       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 12       enabled: yes
 13   - name: Add multiple repositories
 14     yum_repository:
 15       name: app
 16       description: app YUM repo
 17       baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
 18       gpgcheck: yes
 19       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 20       enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
验证
[devops;workstation ansible]$ ansible all -a ;yum install -y FTP;
[devops;workstation ansible]$ ansible all -a ;rpm -q ftp;
vars
[devops;workstation ansible]$ vim yumrepo.yml
  1 ---
  2 - name: yumrepo
  3   hosts: all
  4   vars:
  5     repo_name1: baseOS
  6     repo_name2: app
  7   tasks:
  8   - name: Add multiple repositories
  9     yum_repository:
 10       name: ;{{ repo_name1 }};
 11       description: baseOS YUM repo
 12       baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
 13       gpgcheck: yes
 14       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 15       enabled: yes
 16   - name: Add multiple repositories
 17     yum_repository:
 18       name: hh {{ repo_name2 }}
 19       description: app YUM repo
 20       baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
 21       gpgcheck: yes
 22       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 23       enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
vars_files
[devops;workstation ansible]$  mkdir test
[devops;workstation ansible]$ cat  test/vfs.yml
repo_name1: baseOS
repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
  1 ---
  2 - name: yumrepo
  3   hosts: all
  4   vars_files:
  5   - test/vfs.yml
  6   tasks:
  7   - name: Add multiple repositories
  8     yum_repository:
  9       name: ;{{ repo_name1 }};
 10       description: baseOS YUM repo
 11       baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
 12       gpgcheck: yes
 13       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 14       enabled: yes
 15   - name: Add multiple repositories
 16     yum_repository:
 17       name: ;{{ repo_name2 }};
 18       description: app YUM repo
 19       baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
 20       gpgcheck: yes
 21       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 22       enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
group_vars
[devops;workstation ansible]$ mkdir group_vars
[devops;workstation ansible]$ ansible-inventory --graph
;all:
  |--;QQ:
  |  |--servera
  |--;ungrouped:
  |--;webservers:
  |  |--;wx:
  |  |  |--bastion
[devops;workstation ansible]$ vim group_vars/qq.yml
qq必须是存在的主机组
  1 repo_name1: baseOS
  2 repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
 1 ---
  2 - name: yumrepo
  3   hosts: all
  4   vars_files:
  5   - group_vars/qq.yml
  6   tasks:
  7   - name: Add multiple repositories
  8     yum_repository:
  9       name: ;{{ repo_name1 }};
 10       description: baseOS YUM repo
 11       baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
 12       gpgcheck: yes
 13       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 14       enabled: yes
 15   - name: Add multiple repositories
 16     yum_repository:
 17       name: ;{{ repo_name2 }};
 18       description: app YUM repo
 19       baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
 20       gpgcheck: yes
 21       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 22       enabled: yes                   
host_vars
[devops;workstation ansible]$ mkdir  host_vars
[devops;workstation ansible]$ ansible-inventory --graph
;all:
  |--;qq:
  |  |--servera
  |--;ungrouped:
  |--;webservers:
  |  |--;wx:
  |  |  |--bastion
[devops;workstation ansible]$ vim host_vars/servera.yml
servera必须是存在的主机
  1 repo_name1: baseOS
  2 repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
  2 - name: yumrepo
  3   hosts: all
  4   vars_files:
  5   - host_vars/servera.yml
  6   tasks:
  7   - name: Add multiple repositories
  8     yum_repository:
  9       name: ;{{ repo_name1 }};
 10       description: baseOS YUM repo
 11       baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
 12       gpgcheck: yes
 13       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 14       enabled: yes
 15   - name: Add multiple repositories
 16     yum_repository:
 17       name: ;{{ repo_name2 }};
 18       description: app YUM repo
 19       baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
 20       gpgcheck: yes
 21       gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
 22       enabled: yes
数组
[devops;workstation ansible]$ cat test/user.yml 
users:
  bob:
    first_name: bob1
    last_name: user1
    home_dir: /home/bob
  tom:
    first_name: tom1
    last_name: user2
    home_dir: /home/tom
[devops;workstation ansible]$ vim users.yml
1 ---
  2 - name: users
  3   hosts: qq
  4   vars_files:
  5   - test/user.yml
  6   tasks:
  7   - debug:
  8       msg: ;{{ users.bob.home_dir }};       //散列写法
  9   - debug:
 10       msg: ;{{ users[;tom;][;first_name;] }};   //字典写法
[devops;workstation ansible]$ ansible-playbook users.yml

PLAY [users] *****************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************
ok: [servera]

TASK [debug] *****************************************************************************************************************
ok: [servera] => {
    ;msg;: ;/home/bob;
}

TASK [debug] *****************************************************************************************************************
ok: [servera] => {
    ;msg;: ;tom1;
}

PLAY RECAP *******************************************************************************************************************
servera                    : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
vault
[devops;workstation ansible]$ ansible-vault -h
create;创建加密文件
[devops;workstation ansible]$ ansible-vault create 1.txt
New Vault password: 123456
Confirm New Vault password: 123456
redhat
view;查看加密文件内容
[devops;workstation ansible]$ cat 1.txt
$ANSIBLE_VAULT;1.1;AES256
38353961383739633238653434653035333130323065373865396464383332343834343837666164
3432316436633662316161343938636431396236633237380a386632343632306666646632313933
37366162623832643035353661323062636462613433623635643530613063303165613562623033
3639656661636262380a303838343230616534643539663332356263393236653863633564356666
3562
[devops;workstation ansible]$ ansible-vault view 1.txt 
Vault password: 
redhat
edit;编辑加密文件内容
[devops;workstation ansible]$ ansible-vault edit 1.txt 
Vault password: 
[devops;workstation ansible]$ ansible-vault view 1.txt 
Vault password: 
redhat
flectrag
rekey;重置密码
[devops;workstation ansible]$ ansible-vault rekey 1.txt 
Vault password: 123456
New Vault password: qaz
Confirm New Vault password: qaz
Rekey successful
decrypt;解密文件
[devops;workstation ansible]$ ansible-vault decrypt 1.txt 
Vault password: 
Decryption successful
[devops;workstation ansible]$ cat 1.txt 
redhat
flectrag
facts事实变量;系统存在的事实;可以用setup提取出来的变量
临时命令;setup模块
[devops;workstation ansible]$ ansible qq -m setup |grep bios
[devops;workstation ansible]$ ansible qq -m setup -a ;filter=*bios*;
playbook;debug模块
[devops;workstation ansible]$ vim users.yml
 1 ---
  2 - name: users
  3   hosts: qq
  4   vars_files:
  5   - test/user.yml
  6   tasks:
  7   - debug:
  8       msg: ;{{ users.bob.home_dir }};
  9   - debug:
 10       msg: ;{{ users[;tom;][;first_name;] }};
 11   - debug:
 12       var: ansible_facts[;hostname;]     //ansible_facts是固定写法
magic魔法变量;系统存在但用setup取不出来的变量
用debug模块提取
[devops;workstation ansible]$ ansible qq -m debug -a ;var=inventory_hostname;
servera | SUCCESS => {
    ;inventory_hostname;: ;servera;
}
关闭事实变量
关闭之前
[devops;workstation ansible]$ vim users.yml
  1 ---
  2 - name: users
  3   hosts: qq
  4   vars_files:
  5   - test/user.yml
  6   tasks:
  7   - debug:
  8       msg: ;{{ users.bob.home_dir }};
  9   - debug: 
 10       msg: ;{{ users[;tom;][;first_name;] }};
 11   - debug: 
 12       var: ansible_facts[;hostname;]
[devops;workstation ansible]$ ansible-playbook users.yml

PLAY [users] *************************************************************************

TASK [Gathering Facts] ***************************************************************
ok: [servera]

TASK [debug] *************************************************************************
ok: [servera] => {
    ;msg;: ;/home/bob;
}

TASK [debug] *************************************************************************
ok: [servera] => {
    ;msg;: ;tom1;
}

TASK [debug] *************************************************************************
ok: [servera] => {
    ;ansible_facts[;hostname;];: ;servera;
}
关闭之后
[devops;workstation ansible]$ vim users.yml
  1 ---
  2 - name: users
  3   hosts: qq
  4   gather_facts: no
  5   vars_files:
  6   - test/user.yml
  7   tasks:
  8   - debug: 
  9       msg: ;{{ users.bob.home_dir }};
 10   - debug: 
 11       msg: ;{{ users[;tom;][;first_name;] }};
 12   - debug: 
 13       var: ansible_facts[;hostname;]
[devops;workstation ansible]$ ansible-playbook users.yml

PLAY [users] *************************************************************************

TASK [debug] *************************************************************************
ok: [servera] => {
    ;msg;: ;/home/bob;
}

TASK [debug] *************************************************************************
ok: [servera] => {
    ;msg;: ;tom1;
}

TASK [debug] *************************************************************************
ok: [servera] => {
    ;ansible_facts[;hostname;];: ;VARIABLE IS NOT DEFINED!;

区别

[greg;control ansible]$ ansible dev -m setup -a ;filter=*bios*;
node1 | SUCCESS => {
    ;ansible_facts;: {
        ;ansible_bios_date;: ;04/01/2014;,
        ;ansible_bios_version;: ;1.11.1-3.module;el8;2529;a9686a4d;,
        ;discovered_interpreter_python;: ;/usr/libexec/platform-python;
    },
    ;changed;: false
}
[greg;control ansible]$ vim vars.yml
  1 ---
  2 - name: vars
  3   hosts: dev
  4   tasks:
  5   - debug:
  6       var: ansible_facts[;nodename;]
  7   - debug:
  8       var: ansible_facts[;ansible_bios_version;]
  9   - debug:
 10       var: ansible_facts[;bios_version;]
[greg;control ansible]$ ansible-playbook vars.yml

PLAY [vars] ********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node1]

TASK [debug] *******************************************************************
ok: [node1] => {
    ;ansible_facts[;nodename;];: ;node1.lab.example.com;
}

TASK [debug] *******************************************************************
ok: [node1] => {
    ;ansible_facts[;ansible_bios_version;];: ;VARIABLE IS NOT DEFINED!;
}

TASK [debug] *******************************************************************
ok: [node1] => {
    ;ansible_facts[;bios_version;];: ;1.11.1-3.module;el8;2529;a9686a4d;
}

PLAY RECAP *********************************************************************
node1                      : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
loop
不做循环
[greg;control ansible]$ vim useradd.yml
  1 ---
  2 - name: useradd user
  3   hosts: dev
  4   tasks:
  5   - name: Add the user
  6     user:
  7       name: user1
  8   - name: Add the user 
  9     user: 
 10       name: user2
 11   - name: Add the user 
 12     user:
 13       name: user3
[greg;control ansible]$ ansible-playbook useradd.yml -C
用loop循环
[greg;control ansible]$ vim useradd.yml
  1 ---
  2 - name: useradd user
  3   hosts: dev
  4   tasks:
  5   - name: Add the user
  6     user:
  7       name: ;{{ item }};
  8     loop:
  9     - user1
 10     - user2
 11     - user3
[greg;control ansible]$ ansible-playbook useradd.yml
验证
[greg;control ansible]$ ansible dev -m shell -a ;id user1 ; id user2 ; id user3;
[greg;control ansible]$ vim yum.yml
 1 ---
  2 - name: install
  3   hosts: dev
  4   vars:
  5     packages:
  6       - httpd
  7       - php
  8   tasks:
  9   - name: install the latest version of Apache
 10     yum:
 11       name: ;{{ item }};
 12     loop: ;{{ packages }};
[greg;control ansible]$ ansible-playbook yum.yml -C
item.name/item.groups/item.uid
[greg;control ansible]$ vim useradd.yml
  1 ---
  2 - name: useradd user
  3   hosts: dev
  4   tasks:
  5   - name: Add the user
  6     user:
  7       name: ;{{ item }};
  8     loop:
  9     - user1
 10     - user2
 11     - user3
 12   - name: Ensure group ;somegroup; exists
 13     group:
 14       name: ;{{ item }};
 15     loop:
 16     - group1
 17     - group2
 18     - group3
 19     - group4

[greg;control ansible]$ vim useradd.yml
  1 ---
  2 - name: useradd user
  3   hosts: dev
  4   tasks:
  5   - name: Add the user
  6     user:
  7       name: ;{{ item.name }};
  8       uid: ;{{ item.uid }};
  9       groups:  ;{{ item.groups }};
 10     loop:
 11     - name: user10
 12       uid: 1100
 13       groups: group1
 14     - name: user11
 15       uid: 1120
 16       groups: group2
[greg;control ansible]$ ansible-playbook useradd.yml

PLAY [useradd user] *************************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [node1]

TASK [Add the user] *************************************************************************************
changed: [node1] => (item={;name;: ;user10;, ;uid;: 1100, ;groups;: ;group1;})
changed: [node1] => (item={;name;: ;user11;, ;uid;: 1120, ;groups;: ;group2;})

PLAY RECAP **********************************************************************************************
node1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
when:条件限定
when: inventory_hostname in groups.dev
ignore_errors
[greg;control ansible]$ vim test.yml
  1 ---
  2 - name: error
  3   hosts: dev
  4   tasks:
  5   - name: Execute the command in remote she>
  6     shell:  
  7       mkdir a/b/c
  8     ignore_errors: yes 
  9   - name: Add the user ;johnd; with a speci>
 10     user:
 11       name:  user15
[greg;control ansible]$ ansible-playbook test.yml -C

PLAY [error] *******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [node1]

TASK [Execute the command in remote she>] **************************************
skipping: [node1]

TASK [Add the user ;johnd; with a speci>] **************************************
changed: [node1]

PLAY RECAP *********************************************************************
node1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
考题;第14题
[greg;control ansible]$ vim /home/greg/ansible/users.yml
 1 ---
  2 - name: 创建用户帐户
  3   hosts: dev,test
  4   vars_files:
  5   - /home/greg/ansible/locker.yml
  6   - /home/greg/ansible/user_list.yml
  7   tasks:
  8   - name: Ensure group ;somegroup; exists
  9     group:
 10       name: devops
 11       state: present
 12   - name: Add the user
 13     user:
 14       name: ;{{ item.name }};
 15       groups: devops
 16       password: ;{{ pw_developer | password_hash(;sha512;) }};
 17       append: yes
 18     loop: ;{{ users }};
 19     when: item.job == ;developer;
 20 
 21 - name: 创建用户帐户
 22   hosts: prod
 23   vars_files:
 24   - /home/greg/ansible/locker.yml
 25   - /home/greg/ansible/user_list.yml
 26   tasks:
 27   - name: Ensure group ;somegroup; exists
 28     group:
 29       name: opsmgr
 30       state: present
 31   - name: Add the user
 32     user:
 33       name: ;{{ item.name }};
 34       groups: opsmgr
 35       password: ;{{ pw_manager | password_hash(;sha512;) }};
 36       append: yes
 37     loop: ;{{ users }};
 38     when: item.job == ;manager;                                  
[greg;control ansible]$ ansible-playbook /home/greg/ansible/users.yml
验证
[greg;control ansible]$ ansible test,dev -m shell -a ;id bob; id sally; id fred;
node2 | CHANGED | rc=0 >>

uid=1003(bob) gid=1003(bob) groups=1003(bob),1001(devops)
uid=1004(fred) gid=1004(fred) groups=1004(fred),1001(devops)
id: ‘sally’: no such user

node1 | CHANGED | rc=0 >>
uid=1121(bob) gid=1121(bob) groups=1121(bob),1001(devops)
uid=1122(fred) gid=1122(fred) groups=1122(fred),1001(devops)
id: ‘sally’: no such user

[greg;control ansible]$ ansible prod -m shell -a ;id bob; id sally; id fred;

node3 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code

node4 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code

[greg;control ansible]$ ansible-inventory --graph
;all:
  |--;balancers:
  |  |--node5
  |--;dev:
  |  |--node1
  |--;test:
  |  |--node2
  |--;ungrouped:
  |--;webservers:
  |  |--;prod:
  |  |  |--node3
  |  |  |--node4
[greg;control ansible]$ ssh bob;node1
bob;node1;s password: Imadev

[greg;control ansible]$ ssh sally;node3
sally;node3;s password: Imamgr
copy模块
[greg;control ansible]$ vim cp.yml
  1 ---
  2 - name: copy
  3   hosts: dev
  4   tasks:
  5   - name: Copy file with owner and permissions
  6     copy:
  7       src: /etc/fstab
  8       dest: /var
  9       owner: fred
 10       group: bob
 11       mode: ;0744;
[greg;control ansible]$ ansible-playbook cp.yml
验证
[greg;control ansible]$ ansible dev -a ;ls -ld /var/fstab;
node1 | CHANGED | rc=0 >>
-rwxr--r--. 1 fred bob 142 Jul  8 11:43 /var/fstab
content分支
[greg;control ansible]$ vim cpy1.yml
执行playbook之前文件内容
[greg;control ansible]$ ansible dev -a ;cat /tmp/fstab;
node1 | CHANGED | rc=0 >>
UUID=d47ead13-ec24-428e-9175-46aefa764b26	/	xfs	defaults00
UUID=7B77-95E7	/boot/efi	vfat	defaults,uid=0,gid=0,umask=077,shortname=winnt	0	2
  1 ---
  2 - name: copy1
  3   hosts: dev
  4   tasks:
  5   - name: Copy using inline content
  6     copy:
  7       content: ;qqqqqqqq;
  8       dest: /tmp/fstab
[greg;control ansible]$ ansible-playbook cpy1.yml
验证
[greg;control ansible]$ ansible dev -a ;cat /tmp/fstab;
node1 | CHANGED | rc=0 >>
qqqqqqqq
考题;第10题
[greg;control ansible]$ vim /home/greg/ansible/issue.yml
  1 ---
  2 - name: 修改文件内容
  3   hosts: all
  4   tasks:
  5   - name: Copy using inline content
  6     copy:
  7       content: ;Development;
  8       dest: /etc/issue
  9     when: inventory_hostname in groups.dev
 10 - name: 修改文件内容
 11   hosts: all
 12   tasks:
 13   - name: Copy using inline content
 14     copy:
 15       content: ;Test;
 16       dest: /etc/issue
 17     when: inventory_hostname in groups.test
 18 - name: 修改文件内容
 19   hosts: all
 20   tasks:
 21   - name: Copy using inline content
 22     copy:
 23       content: ;Production;
 24       dest: /etc/issue
 25     when: inventory_hostname in groups.prod
[greg;control ansible]$ ansible-playbook /home/greg/ansible/issue.yml
[greg;control ansible]$ ansible all -a ;cat /etc/issue;
node4 | CHANGED | rc=0 >>
Production
node5 | CHANGED | rc=0 >>
S
Kernel 
 on an m
node3 | CHANGED | rc=0 >>
Production
node2 | CHANGED | rc=0 >>
Test
node1 | CHANGED | rc=0 >>
Development
file
所属;权限
[greg;control ansible]$ vim file.yml
  1 ---
  2 - name: file
  3   hosts: dev
  4   tasks:
  5   - name: Change file ownership, group and permissions
  6     file:
  7       path: /etc/foo.conf
  8       state: touch
  9       owner: bob
 10       group: bob
 11       mode: ;0644;
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -l /etc/foo.conf;
node1 | CHANGED | rc=0 >>
-rw-r--r--. 1 bob bob 0 Jul  9 04:05 /etc/foo.conf
[greg;control ansible]$ vim file.yml
  1 ---
  2 - name: file
  3   hosts: dev
  4   tasks:
  5   - name: Change file ownership, group and permissions
  6     file:
  7       path: /etc/foo.conf1
  8       state: touch
  9       owner: bob
 10       group: bob
 11       mode: 644
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -l /etc/foo.conf1;
node1 | CHANGED | rc=0 >>
--w---xrwt. 1 bob bob 0 Jul  9 04:06 /etc/foo.conf1
selinux上下文
[greg;control ansible]$ vim file.yml
  1 ---
  2 - name: file
  3   hosts: dev
  4   tasks:
  5   - name: Change file ownership, group and permissions
  6     file:
  7       path: /etc/foo.conf4
  8       state: touch
  9       owner: bob
 10       group: bob
 11       mode: 644
 12       setype: httpd_sys_content_t
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -lZ /etc/foo.conf4;
node1 | CHANGED | rc=0 >>
-rw-rw-rw-. 1 bob bob unconfined_u:object_r:httpd_sys_content_t:s0 0 Jul  9 04:13 /etc/foo.conf4

考题;第10题

[greg;control ansible]$ vim /home/greg/ansible/webcontent.yml
  1 ---
  2 - name: 创建 Web 内容目录
  3   hosts: dev
  4   tasks:
  5   - name: Change file
  6     file:
  7       path: /webdev
  8       state: directory
  9       group: webdev
 10       mode: ;2775;
 11   - name: Create a symbolic link
 12     file:
 13       src: /webdev
 14       dest: /var/www/html/webdev
 15       state: link
 16   - name: Copy using inline content
 17     copy:
 18       content: ;Development;
 19       dest: /webdev/index.html
 20       setype: httpd_sys_content_t
 21   - name: Start service httpd, if not started
 22     service:
 23       name: httpd
 24       state: started
 25       enabled: yes                    
[greg;control ansible]$ ansible-playbook /home/greg/ansible/webcontent.yml

lineinfile模块

  1 ---
  2 - name: line
  3   hosts: dev
  4   tasks:
  5   - name: Ensure SELinux is set to enforcing mode
  6     lineinfile:
  7       path: /etc/selinux/config
  8       regexp: ;^SELINUX=;
  9       line: SELINUX=disabled
  1 ---
  2 - name: line
  3   hosts: dev
  4   tasks:
  5   - name: Ensure SELinux is set to enforcing mode
  6     lineinfile:
  7       path: /etc/httpd/conf/httpd.conf
  8       regexp: ;^Listen;
  9       line: Listen 82

[greg;control ansible]$ vim line.yml
  1 ---
  2 - name: line
  3   hosts: dev
  4   tasks:
  5   - name: Ensure the default Apache port is 8080
  6     lineinfile:
  7       path: /etc/httpd/conf/httpd.conf
  8       regexp: ;^Listen ;
  9       insertafter: ;^#Listen ;
 10       line: Listen 8080

源文件

[root;node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 80
[greg;control ansible]$ ansible-playbook line.yml
[root;node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080

删除行

[greg;control ansible]$ vim line.yml
  1 ---
  2 - name: line
  3   hosts: dev
  4   tasks:
  5   - name: Make sure group wheel is not in the sudoers>
  6     lineinfile:
  7       path: /etc/test
  8       state: absent
  9       regexp: ;Listen 8080;

源文件

[root;node1 ~]# vim /etc/test
  1 123
  2 qwer
  3 iqwe
  4 ee
  5 rr
  6 Listen 8080
  7 Listen 80
[greg;control ansible]$ ansible-playbook line.yml
[root;node1 ~]# vim /etc/test
  1 123
  2 qwer
  3 iqwe
  4 ee
  5 rr
  6 Listen 80

template;复制模板

[greg;control ansible]$ vim template.yml
[greg;control ansible]$ sudo cp /etc/hosts /etc/hosts.j2
  1 ---
  2 - name: template
  3   hosts: dev
  4   tasks:
  5   - name: Template a file to /etc/files.conf
  6     template:
  7       src: /etc/hosts.j2
  8       dest: /tmp
  9       owner: bin
 10       group: wheel
 11       mode: ;0644;
[greg;control ansible]$ ansible-playbook template.yml
[root;node1 ~]# cat /tmp/hosts.j2 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.254	classroom.example.com classroom
172.25.254.254	content.example.com content
172.25.254.254	materials.example.com materials
10.30.0.10	satellite-dle.ole.redhat.com satellite-dle
### rht-vm-hosts file listing the entries to be appended to /etc/hosts

172.25.250.254 control.lab.example.com control
172.25.250.9   node1.lab.example.com node1
172.25.250.10  node2.lab.example.com node2
172.25.250.11  node3.lab.example.com node3
172.25.250.12  node4.lab.example.com node4
172.25.250.13  node5.lab.example.com node5
sefcontext
[greg;control ansible]$ vim selinux.yml
  1 ---
  2 - name:
  3   hosts: dev
  4   tasks:
  5   - name: Allow apache to modify files in /srv/git_repos
  6     sefcontext:
  7       target: ;/etc/test(/.*)?;
  8       setype: httpd_sys_content_t
  9       state: present
 10   - name: Apply new SELinux file context to filesystem
 11     command: restorecon -irv /etc/test
[greg;control ansible]$ ansible-playbook selinux.yml
执行playbook之前及之后结果对比
[root;node1 ~]# ls -ldZ /etc/test 
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 30 Jul  9 08:39 /etc/test
[root;node1 ~]# ls -ldZ /etc/test 
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 30 Jul  9 08:39 /etc/test
jinja2模板文件

考题第9题

[greg;control ansible]$ wget http://materials/hosts.j2
[greg;control ansible]$ vim /home/greg/ansible/hosts.yml
  1 ---
  2 - name: 生成主机文件
  3   hosts: all
  4   tasks:
  5   - name: Template a file to /etc/files.conf
  6     template:
  7       src: hosts.j2
  8       dest: /etc/myhosts
  9     when: inventory_hostname in groups.dev
[greg;control ansible]$ vim hosts.j2 
取变量
[greg;control ansible]$ ansible dev -m setup -a ;filter=*ipv4*;
[greg;control ansible]$ ansible dev -m setup -a ;filter=*name*;
写法一;散列形式
  1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca    ldomain4
  2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai    n6
  3 
  4 {% for host in groups[;all;] %}
  5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].    ansible_nodename }} {{ hostvars[host].ansible_hostname }}
  6 {% endfor %}
写法二;字典形式
  1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca    ldomain4
  2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai    n6
  3 
  4 {% for host in groups[;all;] %}
  5 {{ hostvars[host][;ansible_facts;][;default_ipv4;][;address;] }} {{ hostvars[host][;ansible_facts;][;nodename;] }} {{ hostvars[host][;ansible_facts;][;hostname;] }}
  6 {% endfor %}
[greg;control ansible]$ ansible-playbook /home/greg/ansible/hosts.yml
[greg;control ansible]$ ansible dev -a ;cat /etc/myhosts;
node1 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.250.9 node1.lab.example.com node1
172.25.250.10 node2.lab.example.com node2
172.25.250.13 node5.lab.example.com node5
172.25.250.11 node3.lab.example.com node3
172.25.250.12 node4.lab.example.com node4

管理大项目

[devops;workstation ansible]$ ansible-inventory --graph
[devops;workstation ansible]$ ansible --list-hosts webs,dev   //列出webs和dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts server*    //列出以server开头的主机
[devops;workstation ansible]$ ansible --list-hosts test,dev   //列出test和dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,&dev;  //列出dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,!dev;  //列出test主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;!test,webs;  //列出webs主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,!webs;  //列出test主机组中主机

动态主机清单

[greg;control ansible]$ wget http://materials/dynamic/binventory.py
此链接去考题中的链接复制
[greg;control ansible]$ ls -ld binventory.py 
-rw-rw-r--. 1 greg greg 643 Aug 12  2021 binventory.py
[greg;control ansible]$ chmod ;x binventory.py
[greg;control ansible]$ pwd
/home/greg/ansible
[greg;control ansible]$ /home/greg/ansible/binventory.py 
/usr/bin/env: ‘python’: No such file or directory
[greg;control ansible]$ python3 /home/greg/ansible/binventory.py  --list
{;internetweb;: {;hosts;: [], ;vars;: {}}}

cron

[greg;control ansible]$ vim /home/greg/ansible/cron.yml
  1 ---
  2 - name: 配置 cron 作业;增加;
  3   hosts: test
  4   tasks:
  5   - name: Ensure a job
  6     cron:
  7       name: ;check dirs;
  8       minute: ;*/2;
  9       job: ;logger ;EX200 in progress;;
  10       user: bob
[greg;control ansible]$ ansible-playbook /home/greg/ansible/cron.yml
验证
[greg;control ansible]$ ansible test -a ;crontab -l -u bob;
node2 | CHANGED | rc=0 >>
#Ansible: check dirs
*/2 * * * * logger ;EX200 in progress;

配置并行

方法一;修改主配置文件

[greg;control ansible]$ ansible --version
ansible 2.9.15
  config file = /home/greg/ansible/ansible.cfg
  
[greg;control ansible]$ vim ansible.cfg
 21 forks          = 10
 22 #forks          = 5

方法二;执行playbook

[greg;control ansible]$ vim forks.yml
  1 ---
  2 - name: forks
  3   hosts: dev
  4   tasks:
  5   - name: Ensure group ;somegroup; exists
  6     group:
  7       name: qqwx
  8       state: present
[greg;control ansible]$ ansible-playbook forks.yml -f 5
[greg;control ansible]$ ansible-playbook forks.yml --forks 5
serial;滚动更新
[greg;control ansible]$ vim user1.yml
  1 ---
  2 - name: useradd user
  3   hosts: prod
  4   tasks:
  5   - name: Add the user
  6     user: 
  7       name: user10
  8   - name: Add the user
  9     user: 
 10       name: user20
[greg;control ansible]$ ansible-playbook user1.yml

PLAY [useradd user] ******************************************************************

TASK [Gathering Facts] ***************************************************************
ok: [node4]
ok: [node3]

TASK [Add the user] ******************************************************************
changed: [node4]
changed: [node3]

TASK [Add the user] ******************************************************************
changed: [node3]
changed: [node4]

PLAY RECAP ***************************************************************************
node3                      : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node4                      : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

serial:
[greg;control ansible]$ vim user1.yml
  1 ---
  2 - name: useradd user
  3   hosts: prod
  4   serial: 1
  5   tasks:
  6   - name: Add the user
  7     user:
  8       name: user11
  9   - name: Add the user
 10     user:
 11       name: user22
[greg;control ansible]$ ansible-playbook user1.yml

PLAY [useradd user] ******************************************************************

TASK [Gathering Facts] ***************************************************************
ok: [node3]

TASK [Add the user] ******************************************************************
ok: [node3]

TASK [Add the user] ******************************************************************
ok: [node3]

PLAY [useradd user] ******************************************************************

TASK [Gathering Facts] ***************************************************************
ok: [node4]

TASK [Add the user] ******************************************************************
ok: [node4]

TASK [Add the user] ******************************************************************
changed: [node4]

PLAY RECAP ***************************************************************************
node3                      : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node4                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
import
[greg;control ansible]$ ansible-doc -l | grep -e import -e include
[greg;control ansible]$ ansible-doc import_playbook
[greg;control ansible]$ vim import.yml
  1 - name: Include a play after another play
  2   import_playbook: httpd_service.yml
[greg;control ansible]$ vim httpd_service.yml
  1 ---
  2 - name: httpd_service
  3   hosts: dev
  4   tasks:
  5   - name: install the latest version of Apache
  6     yum:
  7       name: httpd
  8       state: latest
  9   - name: Start service httpd, if not started
 10     service:
 11       name: httpd
 12       state: started
[greg;control ansible]$ ansible-playbook httpd_service.yml
include
[greg;control ansible]$ ansible-doc -l | grep -e import -e include
[greg;control ansible]$ ansible-doc include
[greg;control ansible]$ vim include.yml
  1 - name: Include a play after another play
  2   include: mariadb_service.yml
[greg;control ansible]$ vim mariadb_service.yml
  1 ---
  2 - name: service
  3   hosts: dev
  4   tasks:
  5   - name: Start service httpd, if not started
  6     service:
  7       name: httpd
  8       state: started
[greg;control ansible]$ ansible-playbook mariadb_service.yml
roles
[greg;control ansible]$ cd roles/

[greg;control roles]$ ansible-galaxy init apache
- Role apache was created successfully

[greg;control roles]$ cd ..
[greg;control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
写tasks
[greg;control ansible]$ tree roles/apache/
[greg;control ansible]$ cd roles/
[greg;control roles]$ vim apache/tasks/main.yml 
  1 ---
  2 - name: Start service httpd, if not started
  3   service:
  4     name: httpd
  5     state: started
  6     enabled: yes
  7 - name: Start service httpd, if not started
  8   service:
  9     name: firewalld
 10     state: started
 11     enabled: yes
 12 - firewalld:
 13     service: http
 14     permanent: yes
 15     state: enabled
 16     immediate: yes
 17 - name: Template a file to /etc/files.conf
 18   template:
 19     src: index.html.j2
 20     dest: /var/www/html/index.html
写模板
[greg;control roles]$ vim apache/templates/index.html.j2
 1 Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }}
写palybook
[greg;control roles]$ vim /home/greg/ansible/apache.yml
  1 ---
  2 - name: 创建和使用角色
  3   hosts: webservers
  4   roles:
  5   - apache
[greg;control ansible]$ ansible-playbook /home/greg/ansible/apache.yml
验证
[greg;control ansible]$ curl node3
Welcome to node3.lab.example.com on 172.25.250.11
[greg;control ansible]$ curl node4
Welcome to node4.lab.example.com on 172.25.250.12
parted、filesystem、mount
[greg;control ansible]$ vim part.yml
  1 ---
  2 - name: parter
  3   hosts: test
  4   tasks:
  5   - name: Create a new primary partition with a size of 1GiB
  6     parted:
  7       device: /dev/vdb
  8       number: 1
  9       state: present
 10       part_end: 100MiB
 11   - name: Create a ext2 filesystem on /dev/sdb1
 12     filesystem:
 13       fstype: ext3
 14       dev: /dev/vdb1
 15   - name: Mount DVD read-only
 16     mount:
 17       path: /mnt
 18       src: /dev/vdb1
 19       fstype: ext3
 20       state: present
[greg;control ansible]$ ansible-playbook part.yml
验证
[greg;control ansible]$ ansible test -a ;lsblk;
[greg;control ansible]$ ansible test -a ;blkid;
[greg;control ansible]$ ansible test -a ;grep mnt /etc/fstab;
[greg;control ansible]$ vim /home/greg/ansible/partition.yml
  1 ---
  2 - name: 创建和使用分区;NEW;
  3   hosts: all
  4   tasks:
  5   - block:
  6     - name: Create a new primary partition
  7       parted:
  8         device: /dev/vdb
  9         number: 1
 10         state: present
 11         part_end: 1500MiB
 12     - name: Create a ext2 filesystem on /dev/sdb1
 13       filesystem:
 14         fstype: ext4
 15         dev: /dev/vdb1
 16     - name: Mount DVD read-only
 17       mount:
 18         path: /data
 19         src: /dev/vdb1
 20         fstype: ext4
 21         state: mounted
 22       when: inventory_hostname in groups.prod
 23     rescue:
 24     - debug:
 25         msg: Could not create partition of that size
 26     - name: Create a new primary partition
 27       parted:
 28         device: /dev/vdb
 29         number: 1
 30         state: present
 31         part_end: 800MiB
 32       when: ansible_devices.vdb is defined
 33   - debug:
 34       msg: this disk is not exist
 35     when: ansible_devices.vdb is not defined                                         

lv

[greg;control ansible]$ vim vg.yml
  1 ---
  2 - name: vg
  3   hosts: test
  4   tasks:
  5   - name: Create a volume group
  6     lvg:
  7       vg: vg.services
  8       pvs: /dev/vdb2
  9       pesize: 32
 10   - name: Create a logical volume of 512m
 11     lvol:
 12       vg: vg.services
 13       lv: test
 14       size: 10
[greg;control ansible]$ ansible-playbook vg.yml
验证;
查看卷组信息
[greg;control ansible]$ ansible test -a ;vgs;
[greg;control ansible]$ ansible test -a ;vgdisable;
查看逻辑卷信息
[greg;control ansible]$ ansible test -a ;lvs;
[greg;control ansible]$ ansible test -a ;lvdisable;

lvm

[greg;control ansible]$ vim /home/greg/ansible/lv.yml
 1 ---
  2 - name:  创建和使用逻辑卷;OLD;
  3   hosts: all
  4   tasks:
  5   - block:
  6     - name: Create a logical volume
  7       lvol:
  8         vg: research
  9         lv: data
 10         size: 1500
 11     - name: Create a ext4
 12       filesystem:
 13         fstype: ext4
 14         dev: /dev/research/data
 15     rescue:
 16     - debug:
 17         msg: Could not create logical volume of that size
 18     - name: Create a logical volume
 19       lvol:
 20         vg: research
 21         lv: data
 22         size: 800
 23       when:  ansible_lvm.vgs.research is defined
 24   - debug:
 25       msg: Volume group done not exist
 26     when: ansible_lvm.vgs.research is not defined
[greg;control ansible]$ ansible-playbook /home/greg/ansible/lv.yml
[greg;control ansible]$ ansible all -a ;lvs;
[greg;control ansible]$ ansible all -a ;blkid /dev/research/data; 
node3 | FAILED | rc=2 >>
non-zero return code
node2 | CHANGED | rc=0 >>
/dev/research/data: UUID=;019eb44b-4b8d-4fd6-87fd-8e4fe16af97a; BLOCK_SIZE=;4096; TYPE=;ext4;
node5 | CHANGED | rc=0 >>
/dev/research/data: UUID=;01a56d6e-3f6c-4432-91df-a148b52f9f8f; BLOCK_SIZE=;4096; TYPE=;ext4;
node4 | CHANGED | rc=0 >>
/dev/research/data: UUID=;9f04e0a8-22e7-4dfe-9a51-eff54d6d45d2; BLOCK_SIZE=;4096; TYPE=;ext4;
node1 | FAILED | rc=2 >>
non-zero return code

9.排除错误

[devops;workstation ~]$ mkdir ansible
[devops;workstation ~]$ cd ansible/

[devops;workstation ansible]$ cp /etc/ansible/ansible.cfg .
[devops;workstation ansible]$ ansible --version
ansible 2.9.21
  config file = /home/devops/ansible/ansible.cfg
  
[devops;workstation ansible]$ vim ansible.cfg 
14 inventory      = /home/devops/ansible/inventory
15 #inventory      = /etc/ansible/hosts

[devops;workstation ansible]$ vim inventory
[devops;workstation ansible]$ ansible-inventory --graph
;all:
  |--;dev:
  |  |--servera
  |--;test:
  |  |--serverb
  |--;ungrouped:
[devops;workstation ansible]$ ansible-config dump | grep -i log
DEFAULT_LOG_PATH(default) = None

[devops;workstation ansible]$ vim ansible.cfg 
112 log_path = /var/log/ansible.log
113 #log_path = /var/log/ansible.log

[devops;workstation ansible]$ ls -ld /var/log/ansible.log
ls: cannot access ;/var/log/ansible.log;: No such file or directory

[devops;workstation ansible]$ sudo chown devops:devops /var/log/
[devops;workstation ansible]$ ansible all -m setup -a ;filter=*name*;
servera | SUCCESS => {
    ;ansible_facts;: {
        ;ansible_hostname;: ;servera;,
        ;ansible_nodename;: ;servera.lab.example.com;,
        ;ansible_product_name;: ;KVM;,
        ;discovered_interpreter_python;: ;/usr/libexec/platform-python;

[devops;workstation ansible]$ cat  /var/log/ansible.log 
2022-07-13 06:47:29,958 p=2913 u=devops n=ansible | servera | SUCCESS => {
    ;ansible_facts;: {
        ;ansible_hostname;: ;servera;,
        ;ansible_nodename;: ;servera.lab.example.com;,
        ;ansible_product_name;: ;KVM;,
        ;discovered_interpreter_python;: ;/usr/libexec/platform-python;
    },
    ;changed;: false

lab

[root;workstation ~]# lab troubleshoot-playbook  
[root;workstation ~]# su - student
Last login: Wed Jul 13 06:50:12 EDT 2022 from 172.25.250.250 on pts/0
[student;workstation ~]$ ls
troubleshoot-playbook

报错信息
第一步;没有配置文件
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:

解决方法
[student;workstation troubleshoot-playbook]$ cp /etc/ansible/ansible.cfg .
[student;workstation troubleshoot-playbook]$ ls
ansible.cfg  inventory  samba.conf.j2  samba.yml

第二步;
报错信息
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  mapping values are not allowed in this context

The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 8, column 30, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

    install_state: installed
    random_var: This is colon: test
                             ^ here
                     
解决办法
  8     random_var: This is colon: test
  9     random_var: ;This is colon: test;
  
第三步;
报错原因;

[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  did not find expected key

The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


   - name: deliver samba config
   ^ here

解决方法
 47        #src: samba.j2
 48        src: samba.conf.j2

第四步;
报错原因
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  did not find expected key

The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


   - name: deliver samba config
   ^ here
解决方法;
缩进

第五步;
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  found unacceptable key (unhashable type: ;AnsibleMapping;)

The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 15, column 15, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

      name: samba
      state: {{ install_state }}
              ^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:

    with_items:
      - {{ foo }}

Should be written as:

    with_items:
      - ;{{ foo }};
解决方法;
 15       state: ;{{ install_state }};
 16       #state: {{ install_state }}

第六步;
原因
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml 

PLAY [Install a samba server] ************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************
fatal: [servera.lab.exammple.com]: UNREACHABLE! => {;changed;: false, ;msg;: ;Failed to connect to the host via ssh: ssh: Could not resolve hostname servera.lab.exammple.com: Name or service not known;, ;unreachable;: true}

PLAY RECAP *******************************************************************************************************************
servera.lab.exammple.com   : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0 

解决方法;
[student;workstation troubleshoot-playbook]$ vim inventory
  1 [samba_servers]
  2 servera.lab.example.com
  3 #servera.lab.exammple.com
  
  执行成功
[root;workstation ~]# lab troubleshoot-review  start 

Starting troubleshoot-review exercise.

 · Verifying Ansible installation..............................  SUCCESS
 · Creating working directory..................................  SUCCESS
 · Deploying ansible.cfg.......................................  SUCCESS
 · Deploying Ansible inventory.................................  SUCCESS
 · Downloading additional lab files
   · secure-web.yml............................................  SUCCESS
   · vhosts.conf...............................................  SUCCESS
   · html/index.html...........................................  SUCCESS
 · Removing web server packages on serverb.....................  SUCCESS
 · Configuring HTTP/HTTPS access to serverb....................  SUCCESS


第一步;
[student;workstation troubleshoot-review]$ ansible-playbook  secure-web.yml 
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  mapping values are not allowed in this context

The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 7, column 30, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  vars:
    random_var: This is colon: test
                             ^ here
解决方法
7     #random_var: This is colon: test
8     random_var: ;This is colon: test;


第二步;
报错原因
[student;workstation troubleshoot-review]$ ansible-playbook  secure-web.yml 
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  did not find expected ;-; indicator

The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 39, column 10, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


         - name: start and enable web services
         ^ here

解决方法
缩进

第二步;
报错原因
[student;workstation troubleshoot-review]$ ansible-playbook  secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)

Syntax Error while loading YAML.
  found unacceptable key (unhashable type: ;AnsibleMapping;)

The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 14, column 20, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

          yum:
            name: {{ item }}
                   ^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:

    with_items:
      - {{ foo }}

Should be written as:

    with_items:
      - ;{{ foo }};
解决方法
 14             name: ;{{ item }};
 15             #name: {{ item }}


第四步;
报错原因
解决方法
[root;serverc ~]# su - students
su: user students does not exist
[root;serverc ~]# vim /etc/passwd
[root;serverc ~]# grep studen /etc/passwd
student:x:1000:1000:Student User:/home/student:/bin/bash

  5   #remote_user: students
  6   remote_user: student

第五步;
报错原因
解决方法
[student;workstation troubleshoot-review]$ ssh student;serverb
Warning: Permanently added ;serverb,172.25.250.11; (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

[student;serverb ~]$ ssh student;serverc
The authenticity of host ;serverc (172.25.250.12); can;t be established.
ECDSA key fingerprint is SHA256:NJAyJMx8B2AeIYHRnVLAuJ1XZwblomyOKowyfTwGrTY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

TASK [install web server packages] *******************************************************************************************
failed: [serverb.lab.example.com] (item=httpd) => {;ansible_loop_var;: ;item;, ;changed;: false, ;item;: ;httpd;, ;msg;: ;This command has to be run under the root user.;, ;results;: []}
failed: [serverb.lab.example.com] (item=mod_ssl) => {;ansible_loop_var;: ;item;, ;changed;: false, ;item;: ;mod_ssl;, ;msg;: ;This command has to be run under the root user.;, ;results;: []}

TASK [recover original httpd config] *****************************************************************************************
ok: [serverb.lab.example.com]

TASK [email notification of httpd config status] *****************************************************************************
fatal: [serverb.lab.example.com]: FAILED! => {;msg;: ;The conditional check ;httpd_conf_syntax.stdout != ;Syntax OK;; failed. The error was: error while evaluating conditional (httpd_conf_syntax.stdout != ;Syntax OK;): ;httpd_conf_syntax; is undefined

The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 75, column 11, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


        - name: email notification of httpd config status
          ^ here
;}

PLAY RECAP *******************************************************************************************************************
serverb.lab.example.com    : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=1    ignored=0 

解决方法;
[student;workstation troubleshoot-review]$ vim inventory
  1 [webservers]
  2 serverb.lab.example.com ansible_host=serverc.lab.example.com ansible_become_user=root ansible_become_password=student ansi    ble_become=yes

加载全部内容

相关教程
猜你喜欢
用户评论
快盘暂不提供评论功能!