Create a playbook /home/student/ansible/selinux.yml that runs on hosts in the webservers host group and does the following:
- Uses the selinux RHEL system role.
- Enables httpd_can_network_connect SELinux boolean.
- The change must survive system reboot.
【題前說明】
練習的時候沒有出現這題,我猜可能是舊題目,額外在網路上爬到的,因為在練習時有背這題。實際上做法跟第五題一樣,大概是因為過程相同,所以正式考試時只保留其中一題的關係,不過既然都練習過且也有紀錄了,這邊就把它放上來保留著。流程也跟第五題的Roles使用方式一樣,先將mycollection裡面的selinux複製到指定的roles路徑底下,然後寫一個selinux.yml腳本,內容是部署webservers群組內node的selinux config設定為enforcing,也就是強制啟用selinux功能。
一.解題過程:
1.建立selinux.yml
[student@workstation ansible]$ touch selinux.yml
[student@workstation ansible]$ cd roles/
[student@workstation ansible]$ cd roles/
2.複製collections裡面的selinux到家目錄下剛新建的的roles裡面,並開始編輯
[student@workstation ansible]$ cp -r /home/student/ansible/mycollections/ansible_collections/fedora/linux_system_roles/roles/selinux .\\把mycollections內的角色複製到roles下面準備使用
[student@workstation ansible]$ ll
[student@workstation ansible]$ vim selinux.yml
[student@workstation ansible]$ vim selinux.yml
---
- name: config selinux
hosts: webservers
vars:
selinux_policy: targeted
selinux_state: enforcing
roles:
- selinux
二.驗證結果
[student@workstation ansible]$ ansible-playbook -C selinux.yml
 |
| 試跑看到大量的訊息是因為roles裡面的腳本非常多 |
[student@workstation ansible]$ ansible-playbook selinux.yml
[student@workstation ansible]$ ansible all -m shell -a 'grep "^SELINUX=" /etc/selinux/config'
 |
| 症常跑完後,就用指令檢查每台node的selinux狀態 |
三.恢復解題前的環境
[student@workstation ansible]$ vim 18-lab-selinux-stop.yml
---
- name: set selinux
hosts: webservers
vars:
selinux_state: disabled
roles:
- role: selinux
become: true
- name: remove roles selinux
hosts: 127.0.0.1
tasks:
- name: remove roles selinux
shell: ansible-galaxy remove selinux
- name: remove selinux roles file and dir
hosts: 127.0.0.1
tasks:
- name: remove selinux roles dir
file:
path: /home/student/roles/selinux
state: absent
- name: remove selinux.yml
file:
path: /home/student/ansible/selinux.yml
state: absent
[student@workstation ansible]$ ansible-playbook 18-lab-selinux-stop.yml
沒有留言:
張貼留言