CORRECT TEXT
=====================================================================
==============
control.realmX.example.com _ workstation.lab.example.com node1.realmX.example.com _ servera.lab.example.com node2.realmX.example.com _ serverb.lab.example.com node3.realmX.example.com _ serverc.lab.example.com node4.realmX.example.com _ serverd.lab.example.com node5.realmX.example.com
- username:root, password:redhat
- username:admin, password:redhat
note1. don??t change ??root?? or ??admin?? password.
note2. no need to create ssh-keygen for access, its pre-defined
note3. SELinux is in enforcing mode and firewalld is disabled/stop on whole managed hosts.
=====================================================================
==============
Create an Ansible vault to store user passwords as follows:
* The name of the vault is valut.yml
* The vault contains two variables as follows:
- dev_pass with value wakennym
- mgr_pass with value rocky
* The password to encrypt and decrypt the vault is atenorth
* The password is stored in the file /home/admin/ansible/password.txt
Solution:
Solution as:
# pwd
/home/admin/ansible
# echo "atenorth" >password.txt
# chmod 0600 password.txt
# ansible-vault create vault.yml --vault-password-file=password.txt
---
- dev_pass: wakennym
- mgr_pass: rocky wq
# cat vault.yml
$ANSIBLE_VAULT;1.1;AES256 363838623761643164363536653437656433313934333735646137626665313130343364
38353662
3464346331346461306337633632393563643531376139610a3435313261306632666135
33633562
386234393166313064636237613439393732633331343532643338343532643439343737
65643737
3535303630626666370a6436633666343838633933386166616666323531393064363164
30616334
653861343933636431333637386561306365323464313762656130663261626434376430
64313863
6633333537303334333437646163343666666132316639376531
# ansible-vault view vault.yml password:******
---
- dev_pass: wakennym
- mgr_pass: rocky
Does this meet the goal?
Correct Answer:A
CORRECT TEXT
=====================================================================
==============
control.realmX.example.com _ workstation.lab.example.com
node1.realmX.example.com _ servera.lab.example.com
node2.realmX.example.com _ serverb.lab.example.com
node3.realmX.example.com _ serverc.lab.example.com
node4.realmX.example.com _ serverd.lab.example.com
node5.realmX.example.com
- username:root, password:redhat
- username:admin, password:redhat
note1. don??t change ??root?? or ??admin?? password.
note2. no need to create ssh-keygen for access, its pre-defined
note3. SELinux is in enforcing mode and firewalld is disabled/stop on whole managed hosts.
=====================================================================
==============
Install and configure Ansible on the control-node control.realmX.example.com as follows:
-------------------------------------------------------------------------------------------
--> Install the required packages
--> Create a static inventory file called /home/admin/ansible/inventory as follows: node1.realmX.example.com is a member of the dev host group node2.realmX.example.com is a member of the test host group node3.realmX.example.com & node4.realmX.example.com are members of the prod host group
node5.realmX.example.com is a member of the balancers host group. prod group is a member of the webservers host group
--> Create a configuration file called ansible.cfg as follows:
--> The host inventory file /home/admin/ansible/inventory is defined
--> The location of roles used in playbooks is defined as /home/admin/ansible/ roles
Solution:
Solution as:
Through physical host, login to workstation.lab.example.com with user root.
# ssh root@workstation.lab.example.com
# hostname workstation.lab.example.com
# yum install platform-python*
# su - admin
# pwd
/home/admin/
# vim .vimrc
# mkdir -p ansible/roles
# cd ansible
# vim inventory [dev]
servera.lab.example.com [test] serverb.example.com [prod] serverc.example.com
serverd.example.com [balancer] serverd.lab.example.com [webservers:children] prod
!wq
# vim ansible.cfg [defaults]
inventory = ./inventory role_path = ./roles remote_user = admin ask_pass = false [privilege_escalation] become = true become_method = sudo become_user = root become_ask_pass = false
!wq
# ansible all -–list-hosts
Does this meet the goal?
Correct Answer:A