|
|
1. 安装随机自带的role(管理红帽自身常用功能的最佳解决方案):
- [root@classroom yum.repos.d]# yum list "*role*"
- Updating Subscription Management repositories.
- Unable to read consumer identity
- This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
- 上次元数据过期检查:0:13:35 前,执行于 2020年08月17日 星期一 20时36分26秒。
- 已安装的软件包
- rhel-system-roles.noarch 1.0-5.el8 @AppStream
- 可安装的软件包
- policycoreutils-newrole.x86_64 2.8-16.1.el8 BaseOS
装到哪里:
[root@classroom yum.repos.d]# rpm -ql rhel-system-roles.noarch
/usr/share/ansible
/usr/share/ansible/roles
/usr/share/ansible/roles/linux-system-roles.kdump
/usr/share/ansible/roles/linux-system-roles.network
/usr/share/ansible/roles/linux-system-roles.postfix
/usr/share/ansible/roles/linux-system-roles.selinux
/usr/share/ansible/roles/linux-system-roles.timesync
/usr/share/ansible/roles/rhel-system-roles.kdump
/usr/share/ansible/roles/rhel-system-roles.kdump/COPYING
/usr/share/ansible/roles/rhel-system-roles.kdump/README.html
/usr/share/ansible/roles/rhel-system-roles.kdump/README.md
/usr/share/ansible/roles/rhel-system-roles.kdump/defaults
/usr/share/ansible/roles/rhel-system-roles.kdump/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/handlers
/usr/share/ansible/roles/rhel-system-roles.kdump/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/meta
/usr/share/ansible/roles/rhel-system-roles.kdump/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/semaphore
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks/ssh.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/templates
/usr/share/ansible/roles/rhel-system-roles.kdump/templates/kdump.conf.j2
/usr/share/ansible/roles/rhel-system-roles.kdump/templates/kdump.j2
/usr/share/ansible/roles/rhel-system-roles.kdump/tests
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/roles
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/roles/kdump
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/tests_ssh.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/vars
/usr/share/ansible/roles/rhel-system-roles.kdump/vars/main.yml
/usr/share/ansible/roles/rhel-system-roles.network
/usr/share/ansible/roles/rhel-system-roles.network/.travis.yml
/usr/share/ansible/roles/rhel-system-roles.network/LICENSE
/usr/share/ansible/roles/rhel-system-roles.network/README.html
/usr/share/ansible/roles/rhel-system-roles.network/README.md
/usr/share/ansible/roles/rhel-system-roles.network/defaults
/usr/share/ansible/roles/rhel-system-roles.network/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/library
/usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/meta
/usr/share/ansible/roles/rhel-system-roles.network/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/module_utils
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/__init__.py
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/argument_validator.py
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/utils.py
/usr/share/ansible/roles/rhel-system-roles.network/pylintrc
/usr/share/ansible/roles/rhel-system-roles.network/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests
/usr/share/ansible/roles/rhel-system-roles.network/tests/ansible_module_network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/covstats
/usr/share/ansible/roles/rhel-system-roles.network/tests/down-profile.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/ensure_non_running_provider.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-coverage.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-total-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/helpers
/usr/share/ansible/roles/rhel-system-roles.network/tests/helpers/ethtool
/usr/share/ansible/roles/rhel-system-roles.network/tests/merge-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/remove-profile.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/defaults
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/library
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/meta
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/module_utils
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tests/run-tasks.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-device_absent.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-device_present.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-profile_absent.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-profile_present.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/create-and-remove-interface.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/manage-test-interface.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/show-interfaces.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/test_network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_bridge.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_bridge_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_default_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_ethernet.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_ethernet_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_helpers-and-asserts.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_unit.yml
/usr/share/ansible/roles/rhel-system-roles.network/tox.ini
/usr/share/ansible/roles/rhel-system-roles.postfix
/usr/share/ansible/roles/rhel-system-roles.postfix/COPYING
/usr/share/ansible/roles/rhel-system-roles.postfix/README.html
/usr/share/ansible/roles/rhel-system-roles.postfix/README.md
/usr/share/ansible/roles/rhel-system-roles.postfix/defaults
/usr/share/ansible/roles/rhel-system-roles.postfix/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/handlers
/usr/share/ansible/roles/rhel-system-roles.postfix/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/meta
/usr/share/ansible/roles/rhel-system-roles.postfix/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/tasks
/usr/share/ansible/roles/rhel-system-roles.postfix/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux
/usr/share/ansible/roles/rhel-system-roles.selinux/COPYING
/usr/share/ansible/roles/rhel-system-roles.selinux/README.html
/usr/share/ansible/roles/rhel-system-roles.selinux/README.md
/usr/share/ansible/roles/rhel-system-roles.selinux/library
/usr/share/ansible/roles/rhel-system-roles.selinux/library/selogin.py
/usr/share/ansible/roles/rhel-system-roles.selinux/meta
/usr/share/ansible/roles/rhel-system-roles.selinux/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/semaphore
/usr/share/ansible/roles/rhel-system-roles.selinux/tasks
/usr/share/ansible/roles/rhel-system-roles.selinux/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/roles
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/roles/selinux
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux.config
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_apply_reboot.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_config_restore.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_config_save.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_test_transitions.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/set_selinux_variables.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_all_purge.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_all_transitions.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_boolean.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_fcontext.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_login.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_port.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_selinux_disabled.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/vars
/usr/share/ansible/roles/rhel-system-roles.selinux/vars/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync
/usr/share/ansible/roles/rhel-system-roles.timesync/COPYING
/usr/share/ansible/roles/rhel-system-roles.timesync/README.html
/usr/share/ansible/roles/rhel-system-roles.timesync/README.md
/usr/share/ansible/roles/rhel-system-roles.timesync/defaults
/usr/share/ansible/roles/rhel-system-roles.timesync/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/handlers
/usr/share/ansible/roles/rhel-system-roles.timesync/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/library
/usr/share/ansible/roles/rhel-system-roles.timesync/library/timesync_provider.sh
/usr/share/ansible/roles/rhel-system-roles.timesync/meta
/usr/share/ansible/roles/rhel-system-roles.timesync/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/semaphore
/usr/share/ansible/roles/rhel-system-roles.timesync/tasks
/usr/share/ansible/roles/rhel-system-roles.timesync/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/templates
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/chrony.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/chronyd.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ntp.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ntpd.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/phc2sys.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ptp4l.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ptp4l.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/timemaster.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/tests
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/roles
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/roles/timesync
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider1.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider2.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider3.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider4.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider5.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_ptp.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ptp_multi.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ptp_single.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/vars
/usr/share/ansible/roles/rhel-system-roles.timesync/vars/main.yml
/usr/share/doc/rhel-system-roles/kdump/COPYING
/usr/share/doc/rhel-system-roles/kdump/README.html
/usr/share/doc/rhel-system-roles/kdump/README.md
/usr/share/doc/rhel-system-roles/network/LICENSE
/usr/share/doc/rhel-system-roles/network/README.html
/usr/share/doc/rhel-system-roles/network/README.md
/usr/share/doc/rhel-system-roles/network/example-bond-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-bridge-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-down-profile-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-eth-simple-auto-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-eth-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-infiniband-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-inventory
/usr/share/doc/rhel-system-roles/network/example-macvlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-remove-profile-playbook.yml
/usr/share/doc/rhel-system-roles/postfix/COPYING
/usr/share/doc/rhel-system-roles/postfix/README.html
/usr/share/doc/rhel-system-roles/postfix/README.md
/usr/share/doc/rhel-system-roles/selinux/COPYING
/usr/share/doc/rhel-system-roles/selinux/README.html
/usr/share/doc/rhel-system-roles/selinux/README.md
/usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml
/usr/share/doc/rhel-system-roles/timesync/COPYING
/usr/share/doc/rhel-system-roles/timesync/README.html
/usr/share/doc/rhel-system-roles/timesync/README.md
/usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml
/usr/share/doc/rhel-system-roles/timesync/example-timesync-pool-playbook.yml
-----
ansible.cfg:
- with a maximum timeout of 10 seconds. This
- # option lets you increase or decrease that
- # timeout to something more suitable for the
- # environment.
- # gather_timeout = 10
- # Ansible facts are available inside the ansible_facts.* dictionary
- # namespace. This setting maintains the behaviour which was the default prior
- # to 2.5, duplicating these variables into the main namespace, each with a
- # prefix of 'ansible_'.
- # This variable is set to True by default for backwards compatibility. It
- # will be changed to a default of 'False' in a future release.
- # ansible_facts.
- # inject_facts_as_vars = True
- # additional paths to search for roles in, colon separated
- roles_path = ./roles:/usr/share/ansible/roles:/etc/ansible/roles
- ---
- - name: Time Synchronization Play
- hosts: srvgroup
- roles:
- - rhel-system-roles.timesync
- ---
- - name: Time Synchronization Play
- hosts: srvgroup
- vars:
- timesync_ntp_provider: chrony
- timesync_ntp_servers:
- - hostname: classroom.example.com
- iburst: yes
- v_timezone: America/Toronto
- roles:
- - rhel-system-roles.timesync
- tasks:
- - name: Set Timezone
- timezone:
- name: "{{ v_timezone }}"
- ---
- - hosts: srvgroup
- vars:
- selinux_policy: targeted
- selinux_state: enforcing
- selinux_booleans:
- - { name: 'samba_enable_home_dirs', state: 'on' }
- - { name: 'ssh_sysadm_login', state: 'on', persistent: 'yes' }
- selinux_fcontexts:
- - { target: '/tmp/test_dir(/.*)?', setype: 'user_home_dir_t', ftype: 'd' }
- selinux_restore_dirs:
- - /tmp/test_dir
- selinux_ports:
- - { ports: '22100', proto: 'tcp', setype: 'ssh_port_t', state: 'present' }
- selinux_logins:
- - { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
- # prepare prerequisites which are used in this playbook
- tasks:
- - name: Creates directory
- file:
- path: /tmp/test_dir
- state: directory
- - name: Add a Linux System Roles SELinux User
- user:
- comment: Linux System Roles SELinux User
- name: sar-user
- - name: execute the role and catch errors
- block:
- - include_role:
- name: rhel-system-roles.selinux
- rescue:
- # Fail if failed for a different reason than selinux_reboot_required.
- - name: handle errors
- fail:
- msg: "role failed"
- when: not selinux_reboot_required
- - name: restart managed host
- shell: sleep 2 && shutdown -r now "Ansible updates triggered"
- async: 1
- poll: 0
- ignore_errors: true
- - name: wait for managed host to come back
- wait_for_connection:
- delay: 10
- timeout: 300
- - name: reapply the role
- include_role:
- name: rhel-system-roles.selinux
- ---
- - name: Selinux Role
- hosts: srvgroup
- tasks:
- - name: execute the role and catch errors
- block:
- - include_role:
- name: rhel-system-roles.selinux
- rescue:
- # Fail if failed for a different reason than selinux_reboot_required.
- - name: handle errors
- fail:
- when: not selinux_reboot_required
- - name: Restart the Machines
- reboot:
- - name: reapply the role
- include_role:
- name: rhel-system-roles.selinux
- ---
- - name: SELinux Testing
- hosts: server3.example.com
- tasks:
- - name: SELinux State
- selinux:
- policy: targeted
- state: enforcing
- - name: SEbool
- seboolean:
- name: httpd_enable_homedirs
- state: yes
- persistent: yes
- - name: Create File
- copy:
- content: "Hello World"
- dest: /srv/helloworld.txt
- - name: test
- sefcontext:
- target: /srv/helloworld.txt
- setype: samba_share_t
- state: present
- - name: Apply new SELinux file context to filesystem
- command: restorecon -irv /srv/helloworld.txt
- - name: Set Port
- seport:
- ports: 8888
- proto: tcp
- setype: http_port_t
- state: present
|
|
发表于 2020-8-17 20:54:31
