Question 61:
Create a role called apache in "/home/admin/ansible/roles" with the following
requirements:
--> The httpd package is installed, enabled on boot, and started.
--> The firewall is enabled and running with a rule to allow access to the web server.
--> template file index.html.j2 is used to create the file /var/www/html/index.html
with the output:
Welcome to HOSTNAME on IPADDRESS
--> Where HOSTNAME is the fqdn of the managed node and IPADDRESS is the IP- Address of
the managed node.
note: you have to create index.html.j2 file.
--> Create a playbook called httpd.yml that uses this role and the playbook runs on
hosts in the webservers host group.
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as:
# pwd /home/admin/ansible/roles/ # ansible-galaxy init apache # vim apache/vars/main.yml
# vars file for apache http_pkg: httpd firewall_pkg: firewalld http_srv: httpd firewall_srv: firewalld rule: http webpage: /var/www/html/index.html template: index.html.j2 wq! # vim apache/tasks/package.yml
-name: Installing packages
yum:
name:
-"{{http_pkg}}"
-"{{firewall_pkg}}"
state: latest
wq!
# vim apache/tasks/service.yml
-
name: start and enable http service
service:
name: "{{http_srv}}"
enabled: true
state: started
-
name: start and enable firewall service
service:
name: "{{firewall_srv}}"
enabled: true
state: started wq! # vim apache/tasks/firewall.yml
-
name: Adding http service to firewall firewalld: service: "{{rule}}" state: enabled permanent: true immediate: true wq! # vim apache/tasks/webpage.yml
-
name: creating template file template: src: "{{template}}" dest: "{{webpage}}" notify: restart_httpd !wq # vim apache/tasks/main.yml # tasks file for apache
-
import_tasks: package.yml
-
import_tasks: service.yml
-
import_tasks: firewall.yml
-
import_tasks: webpage.yml wq! # vim apache/templates/index.html.j2 Welcome to {{ ansible_facts.fqdn }} on {{ ansible_facts.default_ipv4.address }} # vim apache/handlers/main.yml
# handlers file for apache
-
name: restart_httpd service: name: httpd state: restarted wq! # cd .. # pwd /home/admin/ansible/ # vim httpd.yml
-
name: Including apache role
hosts: webservers
pre_tasks:
-
name: pretask message
debug:
msg: 'Ensure webserver configuration'
roles:
-./roles/apache
post_tasks:
-name: Check webserver
uri:
url: "http://{{ ansible_facts.default_ipv4.address }}" return_content: yes
status_code: 200
wq!
# ansible-playbook httpd.yml ?syntax-check
# ansible-playbook httpd.yml
# curl http://serverx
Question 62:
Generate a hosts file:
* Download an initial template file hosts.j2 from http://classroom.example.com/
hosts.j2 to
/home/admin/ansible/ Complete the template so that it can be used to generate a file
with a line for each inventory host in the same format as /etc/hosts:
172.25.250.9 workstation.lab.example.com workstation
*
Create a playbook called gen_hosts.yml that uses this template to generate the file
/etc/myhosts on hosts in the dev host group.
*
When completed, the file /etc/myhosts on hosts in the dev host group should have a
line for
each managed host:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.10 serevra.lab.example.com servera
172.25.250.11 serevrb.lab.example.com serverb
172.25.250.12 serevrc.lab.example.com serverc
172.25.250.13 serevrd.lab.example.com serverd
while practising you to create these file hear. But in exam have to download as per
questation.
hosts.j2 file consists.
localhost localhost.localdomain localhost4 localhost4.localdomain4
::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd /home/admin/ansible # wget http://classroom.example.com/hosts.j2 # vim hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 {% for host in groups['all'] %} {{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host] ['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['hostname'] }} {% endfor %}
wq! # vim gen_hosts.yml
-name: collecting all host information hosts: all tasks:
-name: template: src: hosts.j2 dest: /etc/myhosts when: inventory_hostname in groups['dev'] wq # ansible-playbook gen_hosts.yml -–syntax-check # ansible-playbook gen_hosts.yml
Question 63:
Install and configure Ansible on the control-node control.realmX.example.com as
follows:
--> Install the required packages
--> Create a static inventory file called /home/admin/ansible/inventory as follows:
node1.realmX.example.com is a member of the dev host group
node2.realmX.example.com is a member of the test host group
node3.realmX.example.com and node4.realmX.example.com are members of the prod
host group
node5.realmX.example.com is a member of the balancers host group.
prod group is a member of the webservers host group
--> Create a configuration file called ansible.cfg as follows:
--> The host inventory file /home/admin/ansible/inventory is defined
--> The location of roles used in playbooks is defined as /home/admin/ansible/ roles
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: Through physical host, login to workstation.lab.example.com with user root. # ssh [email protected] # hostname workstation.lab.example.com # yum install platform-python* # su - admin # pwd /home/admin/ # vim .vimrc # mkdir -p ansible/roles # cd ansible # vim inventory [dev] servera.lab.example.com [test] serverb.example.com [prod] serverc.example.com
serverd.example.com [balancer] serverd.lab.example.com [webservers:children] prod !wq # vim ansible.cfg [defaults] inventory = ./inventory role_path = ./roles remote_user = admin ask_pass = false [privilege_escalation] become = true become_method = sudo become_user = root become_ask_pass = false !wq # ansible all -–list-hosts
Question 64:
Create an Ansible vault to store user passwords as follows:
*
The name of the vault is valut.yml
*
The vault contains two variables as follows:
-dev_pass with value wakennym
-mgr_pass with value rocky
*
The password to encrypt and decrypt the vault is atenorth
*
The password is stored in the file /home/admin/ansible/password.txt
A.
Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd /home/admin/ansible # echo "atenorth" >password.txt # chmod 0600 password.txt # ansible-vault create vault.yml --vault-password-file=password.txt --
-dev_pass: wakennym
-mgr_pass: rocky wq # cat vault.yml $ANSIBLE_VAULT;1.1;AES256 363838623761643164363536653437656433313934333735646137626665313130343364 38353662 3464346331346461306337633632393563643531376139610a3435313261306632666135 33633562 386234393166313064636237613439393732633331343532643338343532643439343737 65643737 3535303630626666370a6436633666343838633933386166616666323531393064363164 30616334 653861343933636431333637386561306365323464313762656130663261626434376430 64313863 6633333537303334333437646163343666666132316639376531 # ansible-vault view vault.yml password:******
-dev_pass: wakennym
-mgr_pass: rocky
Question 65:
Create a playbook called hwreport.yml that produces an output file called /root/
hwreport.txt on all managed nodes with the following information:
--> Inventory host name
--> Total memory in MB
--> BIOS version
--> Size of disk device vda
--> Size of disk device vdb
Each line of the output file contains a single key-value pair.
* Your playbook should:
--> Download the file hwreport.empty from the URL http://classroom.example.com/
hwreport.empty and
save it as /root/hwreport.txt --> Modify with the correct values.
note: If a hardware item does not exist, the associated value should be set to NONE
while practising you to create these file hear. But in exam have to download as per
questation.
hwreport.txt file consists.
my_sys=hostname
my_BIOS=biosversion
my_MEMORY=memory
my_vda=vdasize
my_vdb=vdbsize
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd /home/admin/ansible # vim hwreport.yml
-name:
hosts: all
ignore_errors: yes
tasks:
-
name: download file
get_url:
url: http://classroom.example.com/content/ex407/hwreport.empty dest: /root/hwreport.txt
-
name: vdasize
replace:
regexp: "vdasize"
replace: "{{ ansible_facts.devices.vda.size }}"
dest: /root/hwreport.txt
register: op1
-debug:
var: op1
-
name: none
replace:
regexp: "vdasize"
replace: NONE
dest: /root/hwreport.txt
when:
op1.failed == true
-
name: vdbsize
replace:
regexp: "vdbsize"
replace: "{{ ansible_facts.devices.vdb.size }}"
dest: /root/hwreport.txt
register: op2
-debug:
var: op2
-
name: none
replace:
regexp: "vdbsize"
replace: NONE
dest: /root/hwreport.txt
when:
op2.failed == true
-
name: sysinfo
replace:
regexp: "{{item.src}}"
replace: "{{item.dest}}"
dest: /root/hwreport.txt
loop:
-
src: "hostname"
dest: "{{ ansible_facts.fqdn }}"
-
src: "biosversion"
dest: "{{ ansible_facts.bios_version }}"
-
src: "memory"
dest: "{{ ansible_facts.memtotal_mb }}"
wq!
# ansible-playbook hwreport.yml -–syntax-check
# ansible-playbook hwreport.yml
Question 66:
Modify file content.
Create a playbook called /home/admin/ansible/modify.yml as follows:
*
The playbook runs on all inventory hosts
*
The playbook replaces the contents of /etc/issue with a single line of text as
follows:
--> On hosts in the dev host group, the line reads: "Development"
--> On hosts in the test host group, the line reads: "Test"
--> On hosts in the prod host group, the line reads: "Production"
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd /home/admin/ansible # vim modify.yml
-name:
hosts: all
tasks:
-
name:
copy:
content: "Development"
dest: /etc/issue
when: inventory_hostname in groups['dev']
-
name:
copy:
content: "Test"
dest: /etc/issue
when: inventory_hostname in groups['test']
-
name:
copy:
content: "Production"
dest: /etc/issue
when: inventory_hostname in groups['prod']
wq
# ansible-playbook modify.yml ?syntax-check
# ansible-playbook modify.yml
Question 67:
Create a playbook called packages.yml that:
--> Installs the php and mariadb packages on hosts in the dev, test, and prod host groups.
--> Installs the Development Tools package group on hosts in the dev host group.
--> Updates all packages to the latest version on hosts in the dev host group.
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as:
# pwd
home/admin/ansible/
# vim packages.yml
-name: Install the packages
hosts: dev,test,prod
vars:
-php_pkg: php
-mariadb_pkg: mariadb
tasks:
-name: install the packages
yum:
name:
-
"{{ php_pkg }}"
-
"{{ mariadb_pkg }}"
state: latest
-
name: install the devops tool packages
hosts: dev
tasks:
-
name: install devepment tools
yum:
name: "@Development Tools"
state: latest
-
name: upgrade all the packages
yum:
name: "*"
state: latest
exclude: kernel*
!wq # ansible-playbook package.yml –-syntax-check # ansible-playbook package.yml
Question 68:
Create and run an Ansible ad-hoc command.
--> As a system administrator, you will need to install software on the managed
nodes.
--> Create a shell script called yum-pack.sh that runs an Ansible ad-hoc command to
create yum-repository on each of the managed nodes as follows:
--> repository1
1.
The name of the repository is EX407
2.
The description is "Ex407 Description"
3.
The base URL is http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/
4.
GPG signature checking is enabled
5.
The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG- KEYredhat
release
6.
The repository is enabled
--> repository2
1.
The name of the repository is EXX407
2.
The description is "Exx407 Description"
3.
The base URL is http://content.example.com/rhel8.0/x86_64/dvd/AppStream/
4.
GPG signature checking is enabled
5.
The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/ RPM-GPG- KEYredhat
release
6.
The repository is enabled
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd /home/admin/ansible # vim yum-pack.sh #!/bin/bash ansible all -m yum_repository -a 'name=EX407 description="Ex407 Description" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/ gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEYredhat-release enabled=yes'
ansible all -m yum_repository -a 'name=EXX407 description="Exx407 Description" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream/ gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEYredhat-release enabled=yes' !wq # chmod +x yum-pack.sh # bash yum-pack.sh # ansible all -m command -a 'yum repolist all'
Question 69:
Use Ansible Galaxy with a requirements file called /home/admin/ansible/roles/
install.yml to download and install roles to /home/admin/ansible/roles from the
following URLs:
http:// classroom.example.com /role1.tar.gz The name of this role should be balancer
http:// classroom.example.com /role2.tar.gz The name of this role should be phphello
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as: # pwd
/home/admin/ansible/roles # vim install.yml
-
src: http://classroom.example.com/role1.tar.gz name: balancer
-
src: http://classroom.example.com/role2.tar.gz name: phphello wq! # pwd /home/admin/ansible # ansible-galaxy install -r roles/install.yml -p roles
Question 70:
Install the RHEL system roles package and create a playbook called timesync.yml that: --> Runs over all managed hosts.
--> Uses the timesync role.
--> Configures the role to use the time server 192.168.10.254 ( Hear in redhat lab
use "classroom.example.com" )
--> Configures the role to set the iburst parameter as enabled.
A. Answer: See the for complete Solution below.
Correct Answer: A
Solution as:
# pwd
home/admin/ansible/
# sudo yum install rhel-system-roles.noarch -y
# cd roles/
# ansible-galaxy list
# cp -r /usr/share/ansible/roles/rhelsystem-roles.timesync .
# vim timesync.yml
-name: timesynchronization hosts: all vars: timesync_ntp_provider: chrony timesync_ntp_servers:
-hostname: classroom.example.com _ in exam its ip-address iburst: yes timezone: Asia/Kolkata roles:
-rhel-system-roles.timesync
tasks:
-name: set timezone
timezone:
name: "{{ timezone }}"
wq!
timedatectl list-timezones | grep india
# ansible-playbook timesync.yml --syntax-check
# ansible-playbook timesync.yml
# ansible all -m shell -a 'chronyc sources -v'
# ansible all -m shell -a 'timedatectl'
# ansible all -m shell -a 'systemctl is-enabled chronyd'