Red hat RHCE exam afternoon - RHCE (RH294)
RH294 mission overview
- The examination time is 4 hours, 6 virtual machines and 15 questions
- The problems originally done through scripts or clusters now need to be implemented by playbook
- There are about 6 virtual servers in the exam, all of which have made mutual secret free
- The problem is done in the ansible control node workstation, but it needs to be verified by other virtual servers
- During the examination, you need to start all 6 virtual servers in the examination environment, and click the button on the left of the physical machine interface to start
- During the exam, all Ansible playbook s are placed in the ordinary user directory and executed by ordinary users
- Note: during the exam, please put the playbook in the designated user's home directory and log in with the designated user to do the questions!
- Note: the scoring method of the test is to remotely execute the playbook or script under the specified directory through ordinary users. If you use root to do the test, you will get zero if you don't have permission
11. Create Web content directory with playbook
- Create a playbook named / home / student / adaptive / webcontent.yml as described below:
- The playbook runs on managed nodes in the dev host group
Task requirements
- Create a directory / webdev that meets the following requirements: the owner is the devops group and has general permissions:
owner=read+write+execute,group=read+write+execute, other=read+execute - With special permission: set group ID
- Link / var/www/html/webdev to / webdev with symbolic links
- Create the file / webdev/index.html, which contains a single line of text as follows: Development
- Browse this directory on the host in the dev host group (for example http://servera.lab.example.com/webdev/ )The following output will be generated: Development
be careful:
Prepare a job
- You don't need to do it during the exam
ansible-doc file ## View file module
Complete step
- Install the httpd service first, because it may not be installed
- Then set the httpd service to startup, because it may not be set
- You also need to configure a firewall to access it, because it may not be enabled
- This is the official start to create the weight requirements directory. Remember to set httpd with setype_ sys_ content_ t
- Then create the soft link required in the question
- Finally, create the access content file required in the question, and remember to set httpd with setype_ sys_ content_ t
[student@workstation ansible]$ vim webcontent.yml --- - hosts: dev tasks: ## Since it is uncertain whether the httpd service has been enabled on dev, install httpd first - name: yum: name: httpd state: present - name: service: name: httpd state: started enabled: yes ## If the firewall test is OK, you can also do without setting it - name: firewalld: service: http permanent: yes state: enabled immediate: yes - name: create dir file: path: /webdev group: devops state: directory mode: 2775 setype: httpd_sys_content_t - name: createlink file: src: /webdev dest: /var/www/html/webdev state: link - name: create a file copy: content: "Development\n" dest: /webdev/index.html setype: httpd_sys_content_t [student@workstation ansible]$ ansible-playbook webcontent.yml
-
Verification still needs to be done
curl http://servera.lab.example.com/webdev/ -
This problem is so easy that it may not work out the result
In selinux, if the content value is incorrect, you may not be able to access it,
When generating the directory, change the value of the folder directly through setype
When generating the page file, you should also change setype at the same time
Note: use ll -Z to view the content value of files and folders. If you don't know what it should be, drag it back to the upper html directory to create a file to see the value
The file can be accessed normally by specifying the type value of se
cd /var/www/html touch a.log ll -Z a.log
Knowledge points of investigation
ansible file module
- Functions: setting file properties, creating soft links, etc
ansible-doc file - Common parameters of file module
path Path to managed file state ## Status common parameters: absent Delete target file touch If the target file does not exist, create a file; If present, change the timestamp of the target file directory Create directory hard Create a hard link to the target file (and src (used together) link Create a soft link to the target file (and src (used together) setype Set target file security context properties owner The master of the device object file group Set the group to which the target file belongs mode Set file permissions mode Common format: File: 0644 Catalog: 0755 Or use quotation marks: File:'0644' catalog:'0755' Also start specifying symbol mode: mode: u+rwx perhaps mode: u=r,g=w,o=x Or: mode: u+r,g+w,o+x src Specifies the path to the linked file dest Specify the directory where the requested file will be saved
#Create an empty file ansible all -m file -a 'path=/data/test.txt state=touch' ansible all -m file -a 'path=/data/test.txt state=absent' ansible all -m file -a "path=/root/test.sh owner=wang mode=755" #Create directory ansible all -m file -a "path=/data/mysql state=directory owner=mysql group=mysql" #Create soft link ansible all -m file -a 'src=/data/testfile path|dest|name=/data/testfile-link state=link' #Create directory ansible all -m file -a 'path=/data/testdir state=directory' #Modify directory properties recursively, but not to subdirectories ansible all -m file -a "path=/data/mysql state=directory owner=mysql group=mysql" #Recursively modify the properties of directories and subdirectories ansible all -m file -a "path=/data/mysql state=directory owner=mysql group=mysql recurse=yes"
Modify the default security context.
- When selinux is enabled, the security context of directories and files needs to be set to httpd_sys_content_t. apahce's httpd can only be accessed
[root@localhost ~]# mkdir /www #Create a new / www / directory. You plan to use this directory as the main directory of apache Web pages instead of / var/www/html / [root@localhost ~]# ls -Zd /www/ drwxr-xr-x.root root unconfined_u: object_r: default_t: s0 /www/ #The security context type of this directory is default_t. Then, of course, apache processes cannot access and use the / www / directory
- This directory is created manually and is not the system default directory. Therefore, there is no default security context and we need to set it manually
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t "/www(/.*)?" #This command will set the default security context type for the / www / directory and all contents in the directory as httpd_sys_content_t [root@localhost ~# semanage fcontext -l | grep "/www" #... omit some output /www(/.*)? all files system_u: object_r: httpd_sys_content_t: s0 #/The default security context for the www / directory appears
- Restore the security context of the directory itself to the reset default value
[root@localhost ~]# ls -Zd /www/ drwxr-xr-x.root root unconfined_u: object_r: default_t: s0 /www/ #However, the query found that the security context of the / www / directory was not modified because we only modified the default security context, not the current security context of the directory [root@localhost ~]# restorecon -Rv /www/ restorecon reset /www context unconfined_u: object_r: default_t: s0->unconfined_u: object_r: httpd_sys_content_t: s0 #Restore the default security context of the / www / directory and find that the type has been changed to httpd_sys_content_t