-
-
Save DevSecOpsGuy/2dff28f79ff093dbfa4e589a9f78d801 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4.A Use the RHEL system role (NEW) | |
| Using RHEL system roles | |
| Install the RHEL system role package and create a playbook that meets the following conditions /home/student/ansible/selinux.yml: | |
| - run on all managed nodes | |
| - use the selinux role | |
| - To configure this role, configure the selinux of the managed node as enforcing mode. | |
| ———————————————— | |
| --- | |
| - hosts: all | |
| vars: | |
| selinux_policy: targeted | |
| selinux_state: enforcing | |
| # prepare prerequisites which are used in this playbook | |
| tasks: | |
| - name: execute the role and catch errors | |
| block: | |
| - include_role: | |
| name: rhel-system-roles.selinux | |
| rescue: | |
| # Fail if failed for a different reason than selinux_reboot_required. | |
| - name: handle errors | |
| fail: | |
| msg: "role failed" | |
| when: not selinux_reboot_required | |
| - name: restart managed host | |
| shell: sleep 2 && shutdown -r now "Ansible updates triggered" | |
| async: 1 | |
| poll: 0 | |
| ignore_errors: true | |
| - name: wait for managed host to come back | |
| wait_for_connection: | |
| delay: 10 | |
| timeout: 300 | |
| - name: reapply the role | |
| include_role: | |
| name: rhel-system-roles.selinux | |
| ... | |
| ------------------------------------------------------------------------------------------- | |
| 8.A Create and use partitions (NEW) | |
| Create and use partitions | |
| Create /home/student/ansible/partition.yml, which will create partitions on managed nodes: | |
| - After vdb creating a 1500M primary partition, partition number 1, and format ext4 | |
| - prod group to permanently mount the partition to/data | |
| - If there is not enough disk space, give prompt information | |
| "Could not create partition of that size" | |
| - create 800M partition | |
| - If vdb does not exist, a prompt message will be given | |
| "this disk is not exist" | |
| ———————————————— | |
| --- | |
| - name: Create and use partitions | |
| hosts: all | |
| tasks: | |
| - name: Handle the error | |
| block: | |
| - name: Create a new primary partition | |
| parted: | |
| device: /dev/vdb | |
| number: 1 | |
| state: present | |
| part_end: 1500MiB | |
| - name: Create a ext4 filesystem | |
| filesystem: | |
| fstype: ext4 | |
| dev: /dev/vdb1 | |
| - name: Mount | |
| mount: | |
| path: /data | |
| src: /dev/vdb1 | |
| fstype: ext4 | |
| state: mounted | |
| when: inventory_hostname in groups.prod | |
| rescue: | |
| - debug: | |
| msg: Could not create partition of that size | |
| - name: Create a new primary partition | |
| parted: | |
| device: /dev/vdb | |
| number: 1 | |
| state: present | |
| part_end: 800MiB | |
| when: ansible_devices.vdb is defined | |
| - debug: | |
| msg: this disk is not exist | |
| when: ansible_devices.vdb is undefined | |
| ... | |
| ---------------------------------------------------------------------------------------------------- | |
| 16. Configure cron job (increase) | |
| Configure cron jobs | |
| Create /home/greg/ansible/cron.yml | |
| This playbook runs on managed nodes in the hostgroup | |
| configure cronjob , which runs every 2 minutes and executes the following commands: | |
| logger "EX294 exam in progress" and run as user natasha | |
| ———————————————— | |
| --- | |
| - name: cron | |
| hosts: test | |
| tasks: | |
| - name: Create user natasha | |
| user: | |
| name: natasha | |
| state: present | |
| - name: Ensure a job | |
| cron: | |
| name: "check dirs" | |
| minute: "*/2" | |
| job: 'logger "EX294 exam in progress"' | |
| user: natasha | |
| ... | |
| $ ansible all -a 'crontab -l -u bob' | |
| -------------------------------------------------------------------------------------------------------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment