The Red Hat Certified Engineer, or
EX 294, exam is one of the most highly-regarded exams in the Linux world. The
skills learned while preparing for the exam will not only get you ready to pass
the exam itself, but also give you a chance to perform real-world activities in
a real production environment. Instead of a multiple-choice test, the exam
takes place in a real environment. This makes the RHCE an extremely desirable
certification. This hands-on lab will walk you through similar scenarios to
those you may find on the exam and will provide insight to the preparations you
need to make to pass the exam. This practice exam should not necessarily be
used as a study guide, but as a readiness indicator.
This lab is similar to the one you’ll face in the actual RHCE exam. While the tasks here are not identical, many of the skills practiced here will be used in that exam. This final review will launch 4 servers: Host, WebServer1, DBServer1, and AdminServer1. As there’s no DNS in this environment, /etc/hosts has been configured for you. References to “all servers” don’t include the Ansible host. The ansible user's password is the same as the one for cloud_user.
Below are the tasks you'll
need to complete in order to prepare for the exam:
- Set up an Ansible inventory.
- Set up SSH keys.
- Set up sudoers.
- Write a playbook to install httpd only
on WebServer1. Make sure the service is started and enabled.
- Use an ad-hoc command to install tcpdump on
AdminServer1
- Use the LVM module in a playbook to set up the disk attached to DBServer1
(/dev/xvdg), then make sure it's formatted with XFS and mounted
persistently on /mnt/dbdata. The disk's size should be 10G.
- Create the users adam, john, sara, and sam on all servers.
- Write a Bash script that queries each server for its
Ansible facts, and outputs that information to a file in /tmp;
there should be one file for each server name.
- Using the ssh.tmpl sample file in /root on the Ansible Host to write a template and playbook that
will deploy the file on all hosts in the environment. It should turn off
Password Authentication on all servers, and ensure X11 forwarding is on
for administrative servers only.
- Create two custom roles: web and database.
- In the database role, create a password file that will be copied into
the dba user's home directory. Encrypt the file. Ensure the database
role is deployed correctly.
- For the web role, ensure that /var/www/html/index.html contains the Ansible hostname of the server and all IP addresses connected to that server. Ensure that httpd is running and enabled, and that the role deploys correctly.
1. Set up up an Ansible inventory
Edit /etc/ansible/hosts with Vim or whatever editor is handy and comfortable. We'll
use Vim here:
[root@server1
]# vi /etc/ansible/hosts
Your inventory file should look
something like this when you're done:
[dbservers]
dbserver1
[webservers]
webserver1
[admins]
adminserver1
2. Set up SSH Keys
The first step in setting SSH key up is generating a key:
[root@server1 ]# ssh-keygen
Then you can copy it over to webserver1 with the command:
[root@server1 ]# ssh-copy-id ansible@dbserver1
Repeat this with the other two servers, using the cloud_user password for the ansible user:
[root@server1 ]# ssh-copy-id ansible@webserver1
[root@server1 ]# ssh-copy-id ansible@adminserver1
Test by logging into one of the servers:
[root@server1 ]# ssh ansible@dbserver1
3. Set up Sudeors
Log into webserver1 as cloud_user:
[root@server1
]# cloud_user@webserver1
Now gain root privileges:
[cloud_user@webserver1
]$ sudo -i
Run visudo and add the following line to the end of the file:
ansible
ALL=(ALL) NOPASSWD: ALL
Run logout to get out of this server, so that we're back in server1, and then repeat the process for dbserver1 and adminserver1.
Once that's done, test (from server1 with:
[root@server1
]# ssh ansible@webserver1
Once you're in, try a sudo command:
4. Write
a Playbook to Install httpd, but Only on Web Servers
Write your playbook . When we're done writing the playbook, it should look something like this:
|
[root@server1 ]# vi httpd.yml [root@server1 ]# cat httpd.yml --- -
name: Install httpd on webservers hosts: webservers # This encompasses everything in the
webservers group. # We can also just have a single host name
here, like webserver1. become: yes
tasks: - yum: name: httpd state: present
- service: name: httpd state: started enabled: yes
|
Now run it:
[root@server1
]# ansible-playbook httpd.yml
Run it again, just to make sure
nothing changes. Refer the below Video for better understand
5 .Use an Ad Hoc Command to Install tcpdump on Adminserver1
The simplest ad hoc command here
would be:
|
[root@server1 ]#
ansible -m yum -a "name=tcpdump state=present" adminserver1
--become |
6 . Use the LVM module in a playbook to set up the disk attached to DBServer1 (/dev/xvdg), then make sure it's formatted with XFS and mounted persistently on /mnt/dbdata. The disk's size should be 10G.
We're going to create a new yml file, Your playbook,
disk.yml, should
look similar to the following:
|
[root@server1 ]#
vim disk.yml --- - name: Review Task
6 hosts: dbserver1 become: yes tasks: - name: LVG create lvg: vg: RHCE pvs: /dev/xvdg - name: Logical Volume Setup lvol: lv: AppDB2 vg: RHCE size: 10G pvs: /dev/xvdg state: present - name: Format the disk filesystem: dev: /dev/RHCE/AppDB2 fstype: xfs - name: Mount the disk mount: fstype: xfs src: /dev/RHCE/AppDB2 state: mounted path: /mnt/dbdata |
Save it and quit, then run it:
[root@server1
]# ansible-playbook disk.yml
7 . Create Multiple Users on All Servers
|
[root@server1 ]#
vim users.yml [root@server1 ]# cat
users.yml --- - name: Review Task
7 hosts: all become: yes
tasks: - name: Create users user: name: "{{ item }}" with_items: - john - sara - adam - sam
|
Save it and quit, then run it:
[root@server1 ]# ansible-playbook users.yml
8 . Write a Bash script that queries each server for its Ansible facts, and outputs that information to a file in /tmp; there should be one file for each server name.
We want to get each host's Ansible
facts and dump the information into respective text files. So you've got to
write a script, facts.sh, that will query each one and put its relevant info into a
text file. Create the script:
[root@server1 ]# vim facts.sh [root@server1 ]# cat facts.sh #!/bin/bash for i in webserver1 dbserver1 adminserver1 do ansible -m setup $1 > /tmp/$i\_facts done [root@server1 ]# |
Make the script executable:
[root@server1
]# chmod +x facts.sh
Now and run it:
[root@server1
]# ./facts.sh
Now, to check, run ls
/tmp, which should show a file that
corresponds to each of those three hosts (dbserver1_facts, adminserver1_facts, and webserver1_facts).
9 . Create an SSH Configuration File and Distribute It
Currently, there is a file sitting
in /root called ssh.tmpl. Open that for editing:
[root@server1
]# vim ssh.tmpl
We need to alter two lines (starting
with PasswordAuthentication
and X11Forwarding).
There are a few lines separating them. They should look similar to these:
PasswordAuthentication
{{ PAanswer }}
...
...
X11Forwarding
{{ X11Answer }}
Now we need to write a playbook to
deploy all that. Create the file:
[root@server1
]# vim ssh.yml
To apply the template, the playbook
needs to look like this:
---
-
name: Review Task 9
hosts: all:!admins
become: yes
vars:
PAanswer: "no"
X11Answer: "no"
tasks:
- name: Apply Template
template:
src: /root/ssh.tmpl
dest: /etc/ssh/sshd_config
validate: /sbin/sshd -t -f %s
- name: Restart SSHD
service:
name: sshd
state: restarted
-
name: Review Task 9b
hosts: admins
become: yes
vars:
PAanswer: "no"
X11Answer: "yes"
tasks:
- name: Apply template
template:
src: /root/ssh.tmpl
dest: /etc/ssh/sshd_config
validate: /sbin/sshd -t -f %s
- name: Restart SSHD
service:
name: sshd
state: restarted
Now run it:
[root@server1
]# ansible-playbook ssh.yml
10. Create the Two Roles
The commands to create custom roles
are:
[root@server1
]# ansible-galaxy init web
[root@server1
]# ansible-galaxy init database
Just to check, run ls on each of the directories that just got created (ansible and database).
11. Configure the database Role and Encrypt the Password File
First, get into the files subdirectory of the database directory:
[root@server1
]# cd database/files
Create a password file:
[root@server1
]# vim password
Put something like this in there:
This
is a password
Encrypt it with this:
[root@server1
]# ansible-vault encrypt password
Enter a password that you won't
forget. To check your work, run cat password and make sure that the file is in fact encrypted.
Now get into the tasks directory:
[root@server1
]# cd ../tasks
Edit main.yml:
[root@server1
]# vim main.yml
It should look like this when you're
done:
---
#
tasks file for database
-
name: Ensure user is created
user:
name: dba
-
name: Copy password file
copy:
src: password
dest: /home/dba
Now go back to your home directory:
[root@server1
]# cd
Now create db.yml
[root@server1
]# vim db.yml
It should look like this when you're
done:
---
-
hosts: dbservers
roles:
- database
Now run the playbook:
[root@server1
]# ansible-playbook db.yml --become --ask-vault-pass`
Enter the password you set in the ansible-vault
encrypt password command you ran earlier, and this
should work.
12. Configure the Web Role and Ensure It Deploys Correctly
Get into the web directory:
[root@server1
]# cd web
Now open the main.yml file in the tasks directory:
[root@server1
]# vim tasks/main.yml
In the file, paste the following:
---
#
tasks file for web
#
-
name: Populate index.html
lineinfile:
path: /var/www/html/index.html
create: yes
line: "{{ inventory_hostname }}
{{ansible_facts['all_ipv4_addresses'] }}"
-
name: Install httpd
yum:
name: httpd
state: present
-
name: Start httpd
service:
name:
httpd
state: started
enabled: yes
Now go back to your home directory:
[root@server1
]# cd
Here, let's write a new and write a
quick role deployment routine. Create the file:
[root@server1
]# vim web.yml
It should look like this:
---
-
hosts: webservers
roles:
- web
Run the playbook:
[root@server1
]# ansible-playbook web.yml --become
0 Comments