Red Hat RHCE Examination Afternoon-RHCE (RH294)

Overview of RH294 Tasks

• Test time 4 hours, 6 virtual machines, 15 questions
• Questions originally done through scripts or clusters now need to be implemented using playbook
• There are about six virtual servers in the exam, all of which are already secret-free from each other
• This is done in the ansible control node workstation, but it needs to be validated on another virtual server
• All 6 virtual servers need to be turned on during the exam. Physical Machine Interface starts by clicking the left button
• Ansible All playbook s are placed in the normal user directory and executed as normal users during the exam

1. Note: Pay attention to playbook in the home directory of the specified user and login the specified user to do the test!
2. Note: The exam is scored by playbook or script executed remotely from the specified directory by an ordinary user. If you use root for the test, no permission is zero.

4.Creating Configuration Time Roles Using the RHEL System Role Package

• Install the RHEL System Role package and create a playbook that meets the following criteria

Task Requirements

• Write/home/student/ansible/timesync.yml
• Run on all managed nodes

1. Using the timesync role
2. Configure this role to use the currently valid NTP provider
3. Configure this role to use time server class.example.com
4. Configure the role to enable the iburst parameter
   Be careful:

Prepare a job

• Don't need to do it during the exam

Complete steps

• Cut to root to install RHEL role packages rhel-system-roles first
• Suddeo can also be installed

[root@workstation ~]# dnf -y install rhel-system-roles
[root@workstation ~]# su - student 

• Remember to switch back to student user after loading
• Create a directory and copy role templates to the exam directory

[student@workstation ansible]$ mkdir roles
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/sutdent/ansible/roles/timesync

Note: When copying, use the -r parameter to copy all files and folders in the directory, but do not use the -a parameter, otherwise the permissions will be confused

• Locate role timesync role description file
  /home/student/ansible/roles/timesync/README.md
  Note: This file is both a description file and contains templates
• A sample yaml was found in the description file

- hosts: targets
  vars:
  No more no more

• Create role yml files as required
• Copy what you found above and change it

[student@workstation ansible]$ vim timesync.yml
---
- name: set time sync
    hosts: all
        vars:
        timesync_ntp_servers:
            - hostname: classroom.example.com
              iburst: yes
        roles:
            - timesync
[student@workstation ansible]$ ansible-playbook timesync.yml

Note: The role name has been changed

• Another scenario is to use the selinux system role, configure it, and turn on selinux for all controlled nodes, the same routine

1. Go to the system roles directory and find the required system roles in the title
2. Copy and rename the specified directory as required in the question
3. Look at the description document redame.md copied into the role directory and find the instance field
4. Take it and change it according to the requirements of the title. Remember that you must change it to the same requirements in the title.

[student@workstation ansible]$ vim selinux.yml
---
- name: set selinux
    hosts: all
        vars:
        selinux_policy: targeted
        selinux_state: enforcing
        roles:
            - role: selinux
              become: ture
[student@workstation ansible]$ ansible-playbook timesync.yml

Inspection Points of Knowledge

Ansible roles role

• Roles are a new feature introduced by ansible since version 1.2 to organize playbook s hierarchically and structurally.
• roles can automatically load variable files, tasks, handlers, and so on, depending on the hierarchy.
• To use roles, you only need to use the include directive in playbook.
• Simply put, roles is a mechanism for easily including variables, files, tasks, templates, and processors in separate directories.
• Roles are typically used in scenarios where services are built on hosts, but they can also be used in scenarios such as building daemons.

Default roles store path

/root/.ansible/roles
/usr/share/ansible/roles
/etc/ansible/roles

playbook calls roles

• Call role method 1:

---
- hosts: websrvs
  remote_user: root
  roles:
    - mysql
    - memcached
    - nginx

• Call role method 2: the key role is used to specify the role name, and subsequent k/v is used to pass variables to the role

---
- hosts: all
  remote_user: root
  roles:
    - role: mysql
      username: mysql
    - { role: nginx, username: nginx }

• Calling role method 3: Role calls can also be implemented based on conditional tests

---
- hosts: all
  remote_user: root
  roles:
    - { role: nginx, username: nginx, when: ansible_distribution_major_version =='7' }

Introduction to RHEL System Roles

• RHEL system roles are a collection of Ansible roles and modules. RHEL system roles provide a configuration interface for remotely managing multiple RHEL systems. This interface allows management system configuration between multiple RHEL versions, as well as handling new major release versions.

• In Red Hat Enterprise Linux 8, the interface currently consists of the following roles:

    kdump ## Kernel Crash Dump Mechanism
    network ## Network correlation
    selinux ## Safety Rules for selinux Anaian
    storage ## storage
    certificate ## Certificate Related
    kernel_settings ## Ha Ha Set Kernel
    logging ## Log Configuration
    metrics ## Aggregator for cluster core monitoring data
    nbde_client and nbde_server ## Network-bound Disk Encryption
    timesync ## time synchronization
    tlog  ## Lightweight distributed log marker tracking artifact

• All these roles are provided by the rhel-system-roles package available in the AppStream repository.