ansible阶段练习题
ansible阶段练习题
一、安装和配置 ansible 环境
1)安装所需软件包
2)在/home/student/ansible/inventory 文件中设置主机清单,要求:
node1 属于 test01 主机组
node2 属于 test02 主机组
node3 和 node4 属于 web 主机组
node5 属于 test05 主机组
web 组属于 webtest 主机组
3)在/home/student/ansible 目录中创建 ansible.cfg,满足以下需求:
主机清单文件为/home/student/ansible/inventory
playbook 中角色位置为/home/student/ansible/roles
collection 位置为/home/student/ansible/collections
1、编辑主机清单,创建两个目录(roles、collections),下载配置文件ansible.cfg
[student@master ~]$ mkdir ansible
[student@master ~]$ ls
ansible
[student@master ~]$ cd ansible/
[student@master ansible]$ ls
[student@master ansible]$ vim inventory
[student@master ansible]$ cat inventory
[test01]
node1[test02]
node2[web]
node3
node4[test05]
node5[webtest:children]
web
[student@master ansible]$ mkdir roles
[student@master ansible]$ mkdir collections
[student@master ansible]$ sudo vim /etc/ansible/ansible.cfg
[student@master ansible]$ ansible-config init --disabled > ansible.cfg
[student@master ansible]$ ls
ansible.cfg collections inventory roles
2、更改配置文件ansible.cfg
(1)inventory=/home/student/ansible/inventory
(2)roles_path=/home/student/ansible/roles
(3)collections_path=/home/student/ansible/collections
(4)remote_user=student
(5)host_key_checking=False
(6)privilege:
become=True
become_ask_pass=False
become_method=sudo
become_user=root
3、测试是否更改成功
[student@master ansible]$ ansible all -m ping
node5 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
node1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
node2 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
node4 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
node3 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
二、创建和运行 Ansible 任务
编写脚本/home/student/ansible/yum.yml,为所有受管机配置 yum 仓库。
仓库 1:
名称为 BASEOS,描述为 software base
URL 为 http://ansible.example.com/rhel9/BaseOS
GPG 签名启用
GPG 密钥 URL 为 http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
仓库为启用状态
仓库 2:
名称为 APPSTREAM,描述为 software stream
URL 为 http://ansible.example.com/rhel9/AppStream
GPG 签名启用
GPG 密钥 URL 为 http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
仓库为启用状态
[student@master ansible]$ vim yum.yml
[student@master ansible]$ ansible-playbook yum.yml
[student@master ansible]$ ansible node1 -m shell -a 'ls /etc/yum.repos.d'
node1 | CHANGED | rc=0 >>
APPSTREAM.repo
BASEOS.repo
redhat.repo
---
- name: repohosts: alltasks:- name: repo1yum_repository:name: BASEOSdescription: software basebaseurl: http://ansible.example.com/rhel9/BaseOSenabled: yesgpgcheck: yesgpgkey: http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release- name: repo2yum_repository:name: APPSTREAMdescription: software streambaseurl: http://ansible.example.com/rhel9/AppStreamenabled: yesgpgcheck: yesgpgkey: http://ansible.example.com/rhel9/RPM-GPG-KEY-redhat-release
三、编写剧本远程安装软件
创建名为/home/student/ansible/tools.yml 的 playbook,能够实现以下目的:
1)将 php 和 tftp 软件包安装到 test01、test02 和 web 主机组中的主机上
2)将 RPM Development Tools 软件包组安装到 test01 主机组中的主机上
3)将 test01 主机组中的主机上所有软件包升级到最新版本
[student@master ansible]$ vim tools.yml
[student@master ansible]$ ansible-playbook tools.yml
---
- name: install php tftphosts: test01,test02,webtasks:- name: php tftpyum:name:- php- tftpstate: present- name: install RPM Development Toolshosts: test01tasks:- name: RPM Development Toolsyum:name: "@RPM Development Tools"state: present- name: updateyum:name: '*'state: latest
四、配置计划任务
编写剧本/home/student/ansible/jihua.yml
1)在 test02 组中的被管理主机运行
2)为用户 student 创建计划任务: student 用户每隔 5 分钟执行 echo “hello tarena”
[student@master ansible]$ vim jihua.yml
[student@master ansible]$ ansible-playbook jihua.yml
[student@master ansible]$ ansible node2 -m shell -a 'crontab -l -u student'
node2 | CHANGED | rc=0 >>
#Ansible: cron1
*/5 * * * * echo "hello tarena"
---
- name: cronhosts: test02tasks:- name: testcron:name: cron1user: studentminute: '*/5'job: echo "hello tarena"
五、安装并使用系统角色(timesync)
安装 RHEL 角色软件包,并创建剧本/home/student/ansible/timesync.yml,满足以下要求:
1)在 test01 组中的被管理主机运行
2)使用 timesync 角色
3)配置该角色,使用时间服务器 ansible.example.com,并启用 iburst 参数
1、安装软件包(sudo yum -y install )
[student@master ansible]$ sudo yum -y install rhel-system-roles
2、复制timesync
[student@master ansible]$ cd /usr/share/ansible/roles/
[student@master roles]$ cp -r rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@master roles]$ cd -
/home/student/ansible
[student@master ansible]$ ls
ansible.cfg collections inventory jihua.yml roles tools.yml yum.yml
[student@master ansible]$ cd roles/
[student@master roles]$ ls
timesync
3、编写timesync.yml并运行测试
[student@master ansible]$ vim timesync.yml
[student@master ansible]$ ansible-playbook timesync.yml
[student@master ansible]$ ansible test01 -m shell -a 'chronyc sources'
node1 | CHANGED | rc=0 >>
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ansible.example.com 0 7 0 - +0ns[ +0ns] +/- 0ns
---
- name: timesynchosts: test01vars:timesync_ntp_servers:- hostname: ansible.example.comiburst: yesroles:- timesync
六、通过 galaxy 安装角色与 collection
创建剧本/home/student/ansible/roles/down.yml,用来从以下 URL 下载角色,
并安装到/home/student/ansible/roles 目录下:
http://ansible.example.com/roles/haproxy.tar 此角色名为 haproxy
http://ansible.example.com/roles/myphp.tar 此角色名为 myphp
[student@master ansible]$ vim roles/down.yml
[student@master ansible]$ ansible-galaxy install -r roles/down.yml -p roles/
Starting galaxy role install process
- downloading role from http://ansible.example.com/roles/haproxy.tar
- extracting haproxy to /home/student/ansible/roles/haproxy
- haproxy was installed successfully
- downloading role from http://ansible.example.com/roles/myphp.tar
- extracting myphp to /home/student/ansible/roles/myphp
- myphp was installed successfully
[student@master ansible]$ ls roles/
down.yml haproxy myphp timesync
---
- name: haproxysrc: http://ansible.example.com/roles/haproxy.tar- name: myphpsrc: http://ansible.example.com/roles/myphp.tar
从 http://ansible.example.com/materials/下载如下 collection 并安装到
/home/student/ansible/collections 目录下:
ansible-posix-1.5.1.tar.gz
community-general-6.3.0.tar.gz
[student@master ansible]$ ansible-galaxy collection install http://ansible.example.com/materials/ansible-posix-1.5.1.tar.gz -p collections/Downloading http://ansible.example.com/materials/ansible-posix-1.5.1.tar.gz to /home/student/.ansible/tmp/ansible-local-1702g_oap558/tmposng8z3m/ansible-posix-1.5.1-6g8pa25c
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'ansible.posix:1.5.1' to '/home/student/ansible/collections/ansible_collections/ansible/posix'
ansible.posix:1.5.1 was installed successfully[student@master ansible]$ ansible-galaxy collection install http://ansible.example.com/materials/community-general-6.3.0.tar.gz -p collections/Downloading http://ansible.example.com/materials/community-general-6.3.0.tar.gz to /home/student/.ansible/tmp/ansible-local-1706yl5wyhpe/tmpj9pd_e1e/community-general-6.3.0-qk65cw7a
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Installing 'community.general:6.3.0' to '/home/student/ansible/collections/ansible_collections/community/general'
community.general:6.3.0 was installed successfully[student@master ansible]$ ls collections/
ansible_collections
[student@master ansible]$ cd collections/ansible_collections/
[student@master ansible_collections]$ ls
ansible community
七、创建及使用自定义角色
根据下列要求,在/home/student/ansible/roles 中创建名为 httpd 的角色:
1)安装 httpd 软件,并能够开机自动运行
2)开启防火墙,并允许 httpd 通过
3)使用模板 index.html.j2,用来创建/var/www/html/index.html 网页,
内容如下(HOSTNAME 是受管理节点的完全域名,IPADDRESS 是 IP 地址):
Welcome to HOSTNAME on IPADDRESS
然后创建剧本 /home/student/ansible/myrole.yml,为 webtest 主机组启用 httpd 角色。
1、手动生成一个角色(httpd)
[student@master ansible]$ cd roles/
[student@master roles]$ ls
down.yml haproxy myphp timesync
[student@master roles]$ ansible-galaxy init httpd
- Role httpd was created successfully
[student@master roles]$ ls
down.yml haproxy httpd myphp timesync
2、编写模版文件
[student@master roles]$ cd httpd/
[student@master httpd]$ ls
defaults files handlers meta README.md tasks templates tests vars
[student@master httpd]$ vim templates/index.html.j2
[student@master httpd]$ cat templates/index.html.j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
3、编写任务
[student@master httpd]$ vim tasks/main.yml
---
# tasks file for httpd
- name: install pkgyum:name:- httpd- firewalldstate: present- name: cp htmltemplate:src: index.html.j2dest: /var/www/html/index.html- name: restarted serviceservice:name: "{{ item }}"state: restartedenabled: yesloop:- httpd- firewalld- name: set firewalldfirewalld:service: httpstate: enabledpermanent: yesimmediate: yes
4、编写myrole.yml并运行测试
[student@master ansible]$ vim myrole.yml
[student@master ansible]$ ansible-playbook myrole.yml
[student@master ansible]$ curl http://node3
Welcome to node3.example.com on 192.168.122.30
[student@master ansible]$ curl http://node4
Welcome to node4.example.com on 192.168.122.40
---
- name: use httpd rolehosts: webtestroles:- httpd
八、使用之前通过 galaxy 下载的角色
创建剧本/home/student/ansible/web.yml,满足下列需求:
1)该剧本中包含一个 play,可以在 test05 主机组运行 haproxy 角色
(此角色已经配置好网站的负载均衡服务)
2)多次访问 http://node5.example.com 可以输出不同主机的欢迎页面
3)该剧本中包含另一个 play,可以在 webtest 主机组运行 myphp 角色
(此角色已经配置好网站的 php 页面)
4)多次访问 http://node5.example.com/index.php 也输出不同主机的欢迎页面
[student@master ansible]$ vim web.yml
[student@master ansible]$ ansible-playbook web.yml
[student@master ansible]$ curl http://node5.example.com
Welcome to node3.example.com on 192.168.122.30
[student@master ansible]$ curl http://node5.example.com
Welcome to node4.example.com on 192.168.122.40
[student@master ansible]$ curl http://node5.example.com/index.php
hello php world from node3.example.com
[student@master ansible]$ curl http://node5.example.com/index.php
hello php world from node4.example.com
---
- name: get facthosts: webtest
- name: use haproxy rolehosts: test05roles:- haproxy- name: use myphp rolehosts: webtestroles:- myphp
九、编写剧本远程管理逻辑卷
创建剧本 /home/student/ansible/lvm.yml,用来为所有受管机完成以下部署:
1)在卷组 search 中创建名为 mylv 的逻辑卷,大小为 1000MiB
2)使用 ext4 文件系统格式化该逻辑卷
3)如果无法创建要求的大小,应显示错误信息 insufficient free space,
并改为 500MiB
4)如果卷组 search 不存在,应显示错误信息 VG not found
5)不需要挂载逻辑卷
[student@master ansible]$ vim lvm.yml
[student@master ansible]$ ansible-playbook lvm.yml PLAY [create lv] ******************************************************************************TASK [Gathering Facts] ************************************************************************
ok: [node4]
ok: [node5]
ok: [node3]
ok: [node1]
ok: [node2]TASK [create 1000 lv] *************************************************************************
skipping: [node2]
fatal: [node5]: FAILED! => {"changed": false, "err": " Volume group \"search\" has insufficient free space (199 extents): 250 required.\n", "msg": "Creating logical volume 'mylv' failed", "rc": 5}
changed: [node4]
changed: [node1]
changed: [node3]TASK [output message1] ************************************************************************
ok: [node5] => {"msg": "insufficient free space"
}TASK [create 500 lv] **************************************************************************
changed: [node5]TASK [mkfs] ***********************************************************************************
skipping: [node2]
changed: [node4]
changed: [node3]
changed: [node5]
changed: [node1]TASK [output message2] ************************************************************************
skipping: [node1]
skipping: [node5]
ok: [node2] => {"msg": "VG not found"
}
skipping: [node3]
skipping: [node4]PLAY RECAP ************************************************************************************
node1 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
node3 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node4 : ok=3 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
node5 : ok=4 changed=2 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0
---
- name: create lvhosts: alltasks:- name: create lv1block:- name: create 1000 lvlvol:lv: mylvvg: searchsize: 1000rescue:- name: output message1debug:msg: insufficient free space- name: create 500 lvlvol:lv: mylvvg: searchsize: 500always:- name: mkfsfilesystem:dev: /dev/search/mylvfstype: ext4when: "'search' in ansible_lvm.vgs"- name: output message2debug:msg: VG not foundwhen: "'search' not in ansible_lvm.vgs"
十、根据模板部署主机文件
从 http://ansible.example.com/materials/newhosts.j2 下载模板文件
完成该模板文件,用来生成新主机清单(主机的显示顺序没有要求),结构如下:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.10 node1.example.com node1
192.168.122.20 node2.example.com node2
192.168.122.30 node3.example.com node3
192.168.122.40 node4.example.com node4
192.168.122.50 node5.example.com node5
创建剧本/home/student/ansible/newhosts.yml,它将使用上述模板在 test01 主机组的主机上
生成文件/etc/newhosts。
1、下载模版,编辑模版
[student@master ansible]$ curl -O http://ansible.example.com/materials/newhosts.j2% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed
100 158 100 158 0 0 22571 0 --:--:-- --:--:-- --:--:-- 22571
[student@master ansible]$ vim newhosts.j2
[student@master ansible]$ cat newhosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for i in groups.all %}
{{hostvars[i].ansible_default_ipv4.address }} {{ hostvars[i].ansible_fqdn }} {{ hostvars[i].ansible_hostname }}
{% endfor %}
2、编写newhosts.yml并运行测试
[student@master ansible]$ vim newhosts.yml
[student@master ansible]$ ansible-playbook newhosts.yml
[student@master ansible]$ ansible test01 -m shell -a 'cat /etc/newhosts'
node1 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.10 node1.example.com node1
192.168.122.20 node2.example.com node2
192.168.122.50 node5.example.com node5
192.168.122.30 node3.example.com node3
192.168.122.40 node4.example.com node4
---
- name: get facthosts: all
- name: get filehosts: test01tasks:- name: get file1template:src: /home/student/ansible/newhosts.j2dest: /etc/newhosts
十一、编写剧本修改远程文件内容
创建剧本 /home/student/ansible/newissue.yml,满足下列要求:
1)在所有清单主机上运行,替换/etc/issue 的内容
2)对于 test01 主机组中的主机,/etc/issue 文件内容为 test01
3)对于 test02 主机组中的主机,/etc/issue 文件内容为 test02
4)对于 web 主机组中的主机,/etc/issue 文件内容为 Webserver
[student@master ansible]$ vim newissue.yml
[student@master ansible]$ ansible-playbook newissue.yml
[student@master ansible]$ ansible all -m shell -a 'cat /etc/issue'
node4 | CHANGED | rc=0 >>
Webserver
node1 | CHANGED | rc=0 >>
test01
node3 | CHANGED | rc=0 >>
Webserver
node2 | CHANGED | rc=0 >>
test02
node5 | CHANGED | rc=0 >>
---
- name: replacehosts: alltasks:- name: replace1copy:content: |{% if 'test01' in group_names %}test01{% elif 'test02' in group_names %}test02{% elif 'web' in group_names %}Webserver{% endif %}dest: /etc/issue
十二、编写剧本部署远程 Web 目录
创建剧本/home/student/ansible/webdev.yml,满足下列要求:
1)在 test01 主机组运行
2)创建目录/webdev,属于 webdev 组,权限为 rwxrwxr-x,具有 SetGID 特殊权限
3)使用符号链接/var/www/html/webdev 链接到/webdev 目录
4)创建文件/webdev/index.html,内容是 It’s works!
5)查看 test01 主机组的 web 页面 http://node1/webdev/将显示 It’s works!
[student@master ansible]$ vim webdev.yml
[student@master ansible]$ ansible-playbook webdev.yml
[student@master ansible]$ curl http://node1/webdev/
It's works!
---
- name: webhosts: test01tasks:- name: install httpdyum:name:- httpd- firewalldstate: present- name: create groupgroup:name: webdevstate: present- name: mkdir /webdevfile:path: /webdevgroup: webdevmode: 2775state: directorysetype: httpd_sys_content_t- name: touch index.htmlcopy:content: "It's works!\n"dest: /webdev/index.htmlsetype: httpd_sys_content_t- name: linkfile:src: /webdevdest: /var/www/html/webdevstate: link- name: restarted httpd firewalldservice:name: "{{ item }}"state: restartedenabled: yesloop:- httpd- firewalld- name: set filewalldfirewalld:service: httpstate: enabledpermanent: yesimmediate: yes
十三、编写剧本为受管机生成硬件报告
创建名为/home/student/ansible/hardware.yml 的 playbook,满足下列要求:
1)使所有受管理节点从以下 URL 下载文件:
http://ansible.example.com/materials/hardware.empty
2)并用来生成以下硬件报告信息,存储在各自的/root/hardware.txt 文件中
清单主机名称 inventory_hostname
以 MB 表示的总内存大小 ansible_memtotal_mb
BIOS 版本 ansible_bios_version
硬盘 vda 的大小 ansible_devices.vda.size
硬盘 vdb 的大小ansible_devices.vdb.size
如果这些硬件信息不存在的话,则改成NONE字符串
1、下载文件
[student@master ansible]$ curl -O http://ansible.example.com/materials/hardware.empty% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed
100 106 100 106 0 0 3312 0 --:--:-- --:--:-- --:--:-- 3533
[student@master ansible]$ cat hardware.empty
hostname=inventoryhostname
mem=memory_in_MB
bios=BIOS_version
vdasize=disk_vda_size
vdbsize=disk_vdb_size
2、编写hardware.yml并运行测试
[student@master ansible]$ vim hardware.yml
[student@master ansible]$ ansible-playbook hardware.yml
[student@master ansible]$ ansible all -m shell -a 'cat /root/hardware.txt'
node2 | CHANGED | rc=0 >>
hostname=node2
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=1.50 GB
node5 | CHANGED | rc=0 >>
hostname=node5
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node4 | CHANGED | rc=0 >>
hostname=node4
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node1 | CHANGED | rc=0 >>
hostname=node1
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
node3 | CHANGED | rc=0 >>
hostname=node3
mem=1962
bios=1.16.0-4.el9
vdasize=8.00 GB
vdbsize=5.00 GB
---
- name: testhosts: alltasks:- name: get fileget_url:url: http://ansible.example.com/materials/hardware.emptydest: /root/hardware.txt- name: hostnamereplace:path: /root/hardware.txtregexp: inventoryhostnamereplace: "{{ inventory_hostname }}"- name: memreplace:path: /root/hardware.txtregexp: memory_in_MBreplace: "{{ ansible_memtotal_mb }}"- name: biosreplace:path: /root/hardware.txtregexp: BIOS_versionreplace: "{{ ansible_bios_version }}"- name: vdareplace:path: /root/hardware.txtregexp: disk_vda_sizereplace: "{{ ansible_devices.vda.size if ansible_devices.vda is defined else 'NONE' }}"- name: vdbreplace:path: /root/hardware.txtregexp: disk_vdb_sizereplace: "{{ ansible_devices.vdb.size if ansible_devices.vdb is defined else 'NONE' }}"
十四、创建保险库文件
创建 ansible 保险库 /home/student/ansible/passdb.yml,其中有 2 个变量:
1)pw_dev,值为 ab1234
2)pw_man,值为 cd5678
加密和解密该库的密码是 pwd@1234,密码存在/home/student/ansible/secret.txt 中
[student@master ansible]$ vim passdb.yml
[student@master ansible]$ cat passdb.yml
---
pw_dev: ab1234
pw_man: cd5678
[student@master ansible]$ vim secret.txt
[student@master ansible]$ cat secret.txt
pwd@1234
[student@master ansible]$ ansible-vault encrypt passdb.yml --vault-id secret.txt
Encryption successful
十五、编写剧本为受管机批量创建用户
从以下 URL 下载用户列表,保存到/home/student/ansible 目录下:
http://ansible.example.com/materials/name_list.yml
创建剧本/home/student/ansible/users.yml 的 playbook,满足下列要求:
1)使用之前题目中的 passdb.yml 保险库文件提供的密码做用户密码
2)职位描述为 dev 的用户应在 test01、test02 主机组的受管机上创建,
使用 pw_dev 变量分配密码,是补充组 devops 的成员
3)职位描述为 man 的用户应在 web 主机组的受管机上创建,
使用 pw_man 变量分配密码,是补充组 opsmgr 的成员
4)密码应采用 SHA512 哈希格式,这几个用户的密码最大有效时间为30天
5)该 playbook 可以使用之前题目创建的 secret.txt 密码文件运行
1、下载用户列表
[student@master ansible]$ curl -O http://ansible.example.com/materials/name_list.yml% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed
100 141 100 141 0 0 2350 0 --:--:-- --:--:-- --:--:-- 2431
[student@master ansible]$ cat name_list.yml
users:- name: tomjob: dev- name: jerryjob: man
2、编写users.yml并运行
[student@master ansible]$ vim users.yml
[student@master ansible]$ ansible-playbook users.yml --vault-id secret.txt
---
- name: create user for devhosts: test01,test02vars_files:- /home/student/ansible/passdb.yml- /home/student/ansible/name_list.ymltasks:- name: create groupgroup:name: devopsstate: present- name: create useruser:name: "{{ item.name }}"group: devopspassword: "{{ pw_dev | password_hash('sha512') }}"state: presentpassword_expire_max: 30loop: "{{ users }}"when: item.job == 'dev'- name: create user for manhosts: webvars_files:- /home/student/ansible/passdb.yml- /home/student/ansible/name_list.ymltasks:- name: create group1group:name: opsmgrstate: present- name: create useruser:name: "{{ item.name }}"group: opsmgrpassword: "{{ pw_man | password_hash('sha512') }}"state: presentpassword_expire_max: 30loop: "{{ users }}"when: item.job == 'man'
十六、重设保险库密码
从以下 URL 下载保险库文件到/home/student/ansible 目录:
http://ansible.example.com/materials/topsec.yml
当前的库密码是 banana,新密码是 big_banana,请更新该库密码
[student@master ansible]$ curl -O http://ansible.example.com/materials/topsec.yml% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed
100 419 100 419 0 0 22052 0 --:--:-- --:--:-- --:--:-- 23277
[student@master ansible]$ ansible-vault rekey topsec.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
[student@master ansible]$ ansible-vault view topsec.yml
Vault password:
---
- I love banana.