CORRECT TEXT
Install and configure ansible
User sandy has been created on your control node with the appropriate permissions already, do not change or modify ssh keys. Install the necessary packages to run ansible on the control node. Configure ansible.cfg to be in folder /home/sandy/ansible/ansible.cfg and configure to access remote machines via the sandy user. All roles should be in the path /home/sandy/ansible/roles. The inventory path should be in
/home/sandy/ansible/invenlory.
You will have access to 5 nodes.
node1.example.com node2.example.com node3.example.com node4.example.com node5.example.com
Configure these nodes to be in an inventory file where node I is a member of group dev. nodc2 is a member of group test, node3 is a member of group proxy, nodc4 and node 5 are members of group prod. Also, prod is a member of group webservers.
Solution:
In/home/sandy/ansible/ansible.cfg [defaults] inventory=/home/sandy/ansible/inventory roles_path=/home/sandy/ansible/roles remote_user= sandy host_key_checking=false [privilegeescalation]
become=true become_user=root become_method=sudo become_ask_pass=false
In /home/sandy/ansible/inventory
[dev]
node 1 .example.com [test] node2.example.com [proxy]
node3 .example.com [prod] node4.example.com node5 .example.com [webservers:children]
prod
Does this meet the goal?
Correct Answer:
A
CORRECT TEXT
Create an empty encrypted file called myvault.yml in /home/sandy/ansible and set the password to notsafepw. Rekey the password to iwejfj2221.
Solution:
ansible-vault create myvault.yml
Create new password: notsafepw Confirm password: notsafepw ansible-vault rekey myvault.yml
Current password: notsafepw New password: iwejfj2221 Confirm password: iwejfj2221
Does this meet the goal?
Correct Answer:
A
CORRECT TEXT
=====================================================================
==============
control.realmX.example.com _ workstation.lab.example.com
node1.realmX.example.com _ servera.lab.example.com
node2.realmX.example.com _ serverb.lab.example.com
node3.realmX.example.com _ serverc.lab.example.com
node4.realmX.example.com _ serverd.lab.example.com
node5.realmX.example.com
- username:root, password:redhat
- username:admin, password:redhat
note1. don??t change ??root?? or ??admin?? password.
note2. no need to create ssh-keygen for access, its pre-defined
note3. SELinux is in enforcing mode and firewalld is disabled/stop on whole managed hosts.
=====================================================================
==============
Create and run an Ansible ad-hoc command.
--> As a system administrator, you will need to install software on the managed nodes.
--> Create a shell script called yum-pack.sh that runs an Ansible ad-hoc command to create yum-repository on each of the managed nodes as follows:
--> repository1
-----------
* 1. The name of the repository is EX407
* 2. The description is "Ex407 Description"
* 3. The base URL is http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/
* 4. GPG signature checking is enabled
* 5. The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG- KEYredhat- release
* 6. The repository is enabled
--> repository2
-----------
* 1. The name of the repository is EXX407
* 2. The description is "Exx407 Description"
* 3. The base URL is http://content.example.com/rhel8.0/x86_64/dvd/AppStream/
* 4. GPG signature checking is enabled
* 5. The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/ RPM-GPG- KEYredhat-
release
* 6. The repository is enabled
Solution:
Solution as:
# pwd
/home/admin/ansible
# vim yum-pack.sh
#!/bin/bash
ansible all -m yum_repository -a 'name=EX407 description="Ex407 Description" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/ gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
ansible all -m yum_repository -a 'name=EXX407 description="Exx407 Description" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream/ gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
!wq
# chmod +x yum-pack.sh
# bash yum-pack.sh
# ansible all -m command -a 'yum repolist all'
Does this meet the goal?
Correct Answer:
A
CORRECT TEXT
Create a playbook that changes the default target on all nodes to multi-user tarqet. Do this in playbook file called target.yml in /home/sandy/ansible
Solution:
- name: change default target hosts: all
tasks:
- name: change target file:
src: /usr/lib/systemd/system/multi-user.target dest: /etc/systemd/system/default.target state: link
Does this meet the goal?
Correct Answer:
A
CORRECT TEXT
Create a file called packages.yml in /home/sandy/ansible to install some packages for the following hosts. On dev, prod and webservers install packages httpd, mod_ssl, and mariadb. On dev only install the development tools package. Also, on dev host update all the packages to the latest.
Solution:
Solution as:
** NOTE 1 a more acceptable answer is likely 'present' since it's not asking to install the latest
state: present
** NOTE 2 need to update the development node
- name: update all packages on development node yum:
name: '*' state: latest
Does this meet the goal?
Correct Answer:
A