安装RHEL
[root@localhost ~]# yum install rhel-system-roles.noarch
时间同步
[root@localhost ~]# tree date/
date/
├── ansible.cfg
├── inventory
├── main.yml
└── timesync
├── ansible_pytest_extra_requirements.txt
├── COPYING
├── custom_requirements.txt
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── library
│ └── timesync_provider.sh
├── meta
│ └── main.yml
├── molecule_extra_requirements.txt
├── pylint_extra_requirements.txt
├── pylintrc
├── pytest_extra_requirements.txt
├── README.html
├── README.md
├── tasks
│ ├── main.yml
│ └── set_vars.yml
├── templates
│ ├── chrony.conf.j2
│ ├── chronyd.sysconfig.j2
│ ├── ntp.conf.j2
│ ├── ntpd.sysconfig.j2
│ ├── phc2sys.sysconfig.j2
│ ├── ptp4l.conf.j2
│ ├── ptp4l.sysconfig.j2
│ └── timemaster.conf.j2
├── tests
│ ├── inventory.yaml.j2
│ ├── provision.fmf
│ ├── roles
│ ├── setup-snapshot.yml
│ ├── tests_chrony.yml
│ ├── tests_default_vars.yml
│ ├── tests_default_wrapper.yml
│ ├── tests_default.yml
│ ├── tests_ntp_provider1.yml
│ ├── tests_ntp_provider2.yml
│ ├── tests_ntp_provider3.yml
│ ├── tests_ntp_provider4.yml
│ ├── tests_ntp_provider5.yml
│ ├── tests_ntp_provider6.yml
│ ├── tests_ntp_ptp.yml
│ ├── tests_ntp.yml
│ ├── tests_ptp_multi.yml
│ └── tests_ptp_single.yml
├── tox.ini
└── vars
├── CentOS_6.yml
├── CentOS_9.yml
├── Debian.yml
├── default.yml
├── Fedora_33.yml
├── main.yml
├── RedHat_6.yml
└── RedHat_9.yml
时间同步实列
创建date目录用于存放playbook和角色目录
[root@localhost ~]# mkdir date
#将timeync的目录复制一份到当前目录并改名为timeync
[root@localhost date]# cp -r /usr/share/ansible/roles/rhel-system-roles.timesync timesync
编写playbook
[root@localhost date]# cat main.yml
---
- hosts: web.example.com
vars:
timesync_ntp_servers:
- hostname: time1aliyun.org
pool: yes
iburst: yes
timezone: Asia/Shanghai
roles:
- timesync //此处为date下的timeync
tasks:
- name: set timezone
timezone:
name: "{{ timezone }}"
[root@localhost timesync]# pwd
/usr/share/doc/rhel-system-roles/timesync //此目录下存放着timeyns的模板yml
[root@localhost timesync]# ls
example-multiple-ntp-servers-playbook.yml example-single-pool-playbook.yml README.html README.md
[root@localhost timesync]# cat example-multiple-ntp-servers-playbook.yml
- hosts: "{{ target }}"
vars:
timesync_ntp_servers:
- hostname: 0.pool.ntp.org
iburst: yes
- hostname: 1.pool.ntp.org
iburst: yes
- hostname: 2.pool.ntp.org
iburst: yes
- hostname: 3.pool.ntp.org
iburst: yes
roles:
- rhel-system-roles.timesync
配置清单和ansible.cfg文件
[root@localhost date]# cat inventory
[webservers]
web.example.com
#ansible.cfg文件
[root@localhost date]# cat ansible.cfg
inventory = ./inventory
查看受控主机
[root@localhost ~]# head /etc/chrony.conf
```bash
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst //poll为centos.pool.ntp.org
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
[root@localhost date]# ansible-playbook main.yml
[root@localhost ~]# head /etc/chrony.conf
#
# Ansible managed
#
pool time1aliyun.org iburst //变为了main.yml里修改的ailiyun
# Allow the system clock to be stepped in the first three updates.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
#查看chrond服务启动了且有开机自启
[root@localhost ~]# systemctl status chronyd.service
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-06-14 16:08:32 CST; 58s ago
Docs: man:chronyd(8)
SELinux
[root@localhost ~]# tree selinux_play/
selinux_play/
├── ansible.cfg
├── inventory
├── main.yml
└── selinux
├── ansible_pytest_extra_requirements.txt
├── COPYING
├── custom_requirements.txt
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── library
│ ├── seboolean.py
│ ├── sefcontext.py
│ ├── selinux_modules_facts.py
│ ├── selinux.py
│ ├── selogin.py
│ └── seport.py
├── meta
│ ├── collection-requirements.yml
│ └── main.yml
├── molecule_extra_requirements.txt
├── pylint_extra_requirements.txt
├── pytest_extra_requirements.txt
├── README.html
├── README.md
├── tasks
│ ├── main.yml
│ ├── selinux_load_module.yml
│ └── set_facts_packages.yml
├── tests
│ ├── linux-system-roles-selinux-test-a.pp
│ ├── linux-system-roles-selinux-test-b.pp
│ ├── linux-system-roles-selinux-test-c.pp
│ ├── roles
│ ├── selinux_apply_reboot.yml
│ ├── selinux.config
│ ├── selinux_config_restore.yml
│ ├── selinux_config_save.yml
│ ├── selinux_test_transitions.yml
│ ├── set_selinux_variables.yml
│ ├── setup-snapshot.yml
│ ├── tests_all_purge.yml
│ ├── tests_all_transitions.yml
│ ├── tests_boolean.yml
│ ├── tests_default_vars.yml
│ ├── tests_default.yml
│ ├── tests_fcontext.yml
│ ├── tests_login.yml
│ ├── tests_port.yml
│ ├── tests_selinux_disabled.yml
│ └── tests_selinux_modules.yml
├── tox.ini
└── vars
└── main.yml
SELinux实列
[root@localhost ~]# mkdir selinux_play
[root@localhost selinux_play]# cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ selinux
---
- hosts: web.example.com
vars:
selinux_policy: targeted
selinux_state: enforcing
roles:
- selinux
[root@localhost date]# cat inventory
[webservers]
web.example.com
#ansible.cfg文件
[root@localhost date]# cat ansible.cfg
inventory = ./inventory
[root@localhost ~]# getenforce 0 //修改为Permissive
Permissive
[root@localhost selinux_play]# ansible-playbook main.yml
[root@localhost ~]# getenforce //状态变为了enforcing
Enforcing
浙公网安备 33010602011771号