ANSIBLE ROLE(系统自带角色)
1. 安装随机自带的role(管理红帽自身常用功能的最佳解决方案):# yum list "*role*"
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查:0:13:35 前,执行于 2020年08月17日 星期一 20时36分26秒。
已安装的软件包
rhel-system-roles.noarch 1.0-5.el8 @AppStream
可安装的软件包
policycoreutils-newrole.x86_64 2.8-16.1.el8 BaseOS
装到哪里:
# rpm -ql rhel-system-roles.noarch
/usr/share/ansible
/usr/share/ansible/roles
/usr/share/ansible/roles/linux-system-roles.kdump
/usr/share/ansible/roles/linux-system-roles.network
/usr/share/ansible/roles/linux-system-roles.postfix
/usr/share/ansible/roles/linux-system-roles.selinux
/usr/share/ansible/roles/linux-system-roles.timesync
/usr/share/ansible/roles/rhel-system-roles.kdump
/usr/share/ansible/roles/rhel-system-roles.kdump/COPYING
/usr/share/ansible/roles/rhel-system-roles.kdump/README.html
/usr/share/ansible/roles/rhel-system-roles.kdump/README.md
/usr/share/ansible/roles/rhel-system-roles.kdump/defaults
/usr/share/ansible/roles/rhel-system-roles.kdump/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/handlers
/usr/share/ansible/roles/rhel-system-roles.kdump/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/meta
/usr/share/ansible/roles/rhel-system-roles.kdump/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/semaphore
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/tasks/ssh.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/templates
/usr/share/ansible/roles/rhel-system-roles.kdump/templates/kdump.conf.j2
/usr/share/ansible/roles/rhel-system-roles.kdump/templates/kdump.j2
/usr/share/ansible/roles/rhel-system-roles.kdump/tests
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/roles
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/roles/kdump
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/tests/tests_ssh.yml
/usr/share/ansible/roles/rhel-system-roles.kdump/vars
/usr/share/ansible/roles/rhel-system-roles.kdump/vars/main.yml
/usr/share/ansible/roles/rhel-system-roles.network
/usr/share/ansible/roles/rhel-system-roles.network/.travis.yml
/usr/share/ansible/roles/rhel-system-roles.network/LICENSE
/usr/share/ansible/roles/rhel-system-roles.network/README.html
/usr/share/ansible/roles/rhel-system-roles.network/README.md
/usr/share/ansible/roles/rhel-system-roles.network/defaults
/usr/share/ansible/roles/rhel-system-roles.network/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/library
/usr/share/ansible/roles/rhel-system-roles.network/library/network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/meta
/usr/share/ansible/roles/rhel-system-roles.network/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/module_utils
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/__init__.py
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/argument_validator.py
/usr/share/ansible/roles/rhel-system-roles.network/module_utils/network_lsr/utils.py
/usr/share/ansible/roles/rhel-system-roles.network/pylintrc
/usr/share/ansible/roles/rhel-system-roles.network/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests
/usr/share/ansible/roles/rhel-system-roles.network/tests/ansible_module_network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/covstats
/usr/share/ansible/roles/rhel-system-roles.network/tests/down-profile.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/ensure_non_running_provider.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-coverage.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/get-total-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/helpers
/usr/share/ansible/roles/rhel-system-roles.network/tests/helpers/ethtool
/usr/share/ansible/roles/rhel-system-roles.network/tests/merge-coverage.sh
/usr/share/ansible/roles/rhel-system-roles.network/tests/remove-profile.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/defaults
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/library
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/meta
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/module_utils
/usr/share/ansible/roles/rhel-system-roles.network/tests/roles/linux-system-roles.network/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tests/run-tasks.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-device_absent.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-device_present.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-profile_absent.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/assert-profile_present.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/create-and-remove-interface.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/manage-test-interface.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tasks/show-interfaces.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/test_network_connections.py
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_bridge.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_bridge_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_default_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_ethernet.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_ethernet_other_provider.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_helpers-and-asserts.yml
/usr/share/ansible/roles/rhel-system-roles.network/tests/tests_unit.yml
/usr/share/ansible/roles/rhel-system-roles.network/tox.ini
/usr/share/ansible/roles/rhel-system-roles.postfix
/usr/share/ansible/roles/rhel-system-roles.postfix/COPYING
/usr/share/ansible/roles/rhel-system-roles.postfix/README.html
/usr/share/ansible/roles/rhel-system-roles.postfix/README.md
/usr/share/ansible/roles/rhel-system-roles.postfix/defaults
/usr/share/ansible/roles/rhel-system-roles.postfix/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/handlers
/usr/share/ansible/roles/rhel-system-roles.postfix/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/meta
/usr/share/ansible/roles/rhel-system-roles.postfix/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.postfix/tasks
/usr/share/ansible/roles/rhel-system-roles.postfix/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux
/usr/share/ansible/roles/rhel-system-roles.selinux/COPYING
/usr/share/ansible/roles/rhel-system-roles.selinux/README.html
/usr/share/ansible/roles/rhel-system-roles.selinux/README.md
/usr/share/ansible/roles/rhel-system-roles.selinux/library
/usr/share/ansible/roles/rhel-system-roles.selinux/library/selogin.py
/usr/share/ansible/roles/rhel-system-roles.selinux/meta
/usr/share/ansible/roles/rhel-system-roles.selinux/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/semaphore
/usr/share/ansible/roles/rhel-system-roles.selinux/tasks
/usr/share/ansible/roles/rhel-system-roles.selinux/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/roles
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/roles/selinux
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux.config
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_apply_reboot.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_config_restore.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_config_save.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/selinux_test_transitions.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/set_selinux_variables.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_all_purge.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_all_transitions.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_boolean.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_fcontext.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_login.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_port.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/tests/tests_selinux_disabled.yml
/usr/share/ansible/roles/rhel-system-roles.selinux/vars
/usr/share/ansible/roles/rhel-system-roles.selinux/vars/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync
/usr/share/ansible/roles/rhel-system-roles.timesync/COPYING
/usr/share/ansible/roles/rhel-system-roles.timesync/README.html
/usr/share/ansible/roles/rhel-system-roles.timesync/README.md
/usr/share/ansible/roles/rhel-system-roles.timesync/defaults
/usr/share/ansible/roles/rhel-system-roles.timesync/defaults/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/handlers
/usr/share/ansible/roles/rhel-system-roles.timesync/handlers/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/library
/usr/share/ansible/roles/rhel-system-roles.timesync/library/timesync_provider.sh
/usr/share/ansible/roles/rhel-system-roles.timesync/meta
/usr/share/ansible/roles/rhel-system-roles.timesync/meta/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/semaphore
/usr/share/ansible/roles/rhel-system-roles.timesync/tasks
/usr/share/ansible/roles/rhel-system-roles.timesync/tasks/main.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/templates
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/chrony.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/chronyd.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ntp.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ntpd.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/phc2sys.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ptp4l.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/ptp4l.sysconfig.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/templates/timemaster.conf.j2
/usr/share/ansible/roles/rhel-system-roles.timesync/tests
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/roles
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/roles/timesync
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_default.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider1.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider2.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider3.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider4.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_provider5.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ntp_ptp.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ptp_multi.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/tests/tests_ptp_single.yml
/usr/share/ansible/roles/rhel-system-roles.timesync/vars
/usr/share/ansible/roles/rhel-system-roles.timesync/vars/main.yml
/usr/share/doc/rhel-system-roles/kdump/COPYING
/usr/share/doc/rhel-system-roles/kdump/README.html
/usr/share/doc/rhel-system-roles/kdump/README.md
/usr/share/doc/rhel-system-roles/network/LICENSE
/usr/share/doc/rhel-system-roles/network/README.html
/usr/share/doc/rhel-system-roles/network/README.md
/usr/share/doc/rhel-system-roles/network/example-bond-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-bridge-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-down-profile-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-eth-simple-auto-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-eth-with-vlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-infiniband-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-inventory
/usr/share/doc/rhel-system-roles/network/example-macvlan-playbook.yml
/usr/share/doc/rhel-system-roles/network/example-remove-profile-playbook.yml
/usr/share/doc/rhel-system-roles/postfix/COPYING
/usr/share/doc/rhel-system-roles/postfix/README.html
/usr/share/doc/rhel-system-roles/postfix/README.md
/usr/share/doc/rhel-system-roles/selinux/COPYING
/usr/share/doc/rhel-system-roles/selinux/README.html
/usr/share/doc/rhel-system-roles/selinux/README.md
/usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml
/usr/share/doc/rhel-system-roles/timesync/COPYING
/usr/share/doc/rhel-system-roles/timesync/README.html
/usr/share/doc/rhel-system-roles/timesync/README.md
/usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml
/usr/share/doc/rhel-system-roles/timesync/example-timesync-pool-playbook.yml
-----
ansible.cfg:
with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
roles_path = ./roles:/usr/share/ansible/roles:/etc/ansible/roles
---
- name: Time Synchronization Play
hosts: srvgroup
roles:
- rhel-system-roles.timesync
---
- name: Time Synchronization Play
hosts: srvgroup
vars:
timesync_ntp_provider: chrony
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
v_timezone: America/Toronto
roles:
- rhel-system-roles.timesync
tasks:
- name: Set Timezone
timezone:
name: "{{ v_timezone }}"
---
- hosts: srvgroup
vars:
selinux_policy: targeted
selinux_state: enforcing
selinux_booleans:
- { name: 'samba_enable_home_dirs', state: 'on' }
- { name: 'ssh_sysadm_login', state: 'on', persistent: 'yes' }
selinux_fcontexts:
- { target: '/tmp/test_dir(/.*)?', setype: 'user_home_dir_t', ftype: 'd' }
selinux_restore_dirs:
- /tmp/test_dir
selinux_ports:
- { ports: '22100', proto: 'tcp', setype: 'ssh_port_t', state: 'present' }
selinux_logins:
- { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
# prepare prerequisites which are used in this playbook
tasks:
- name: Creates directory
file:
path: /tmp/test_dir
state: directory
- name: Add a Linux System Roles SELinux User
user:
comment: Linux System Roles SELinux User
name: sar-user
- name: execute the role and catch errors
block:
- include_role:
name: rhel-system-roles.selinux
rescue:
# Fail if failed for a different reason than selinux_reboot_required.
- name: handle errors
fail:
msg: "role failed"
when: not selinux_reboot_required
- name: restart managed host
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1
poll: 0
ignore_errors: true
- name: wait for managed host to come back
wait_for_connection:
delay: 10
timeout: 300
- name: reapply the role
include_role:
name: rhel-system-roles.selinux
简化:
---
- name: Selinux Role
hosts: srvgroup
tasks:
- name: execute the role and catch errors
block:
- include_role:
name: rhel-system-roles.selinux
rescue:
# Fail if failed for a different reason than selinux_reboot_required.
- name: handle errors
fail:
when: not selinux_reboot_required
- name: Restart the Machines
reboot:
- name: reapply the role
include_role:
name: rhel-system-roles.selinux
---
- name: SELinux Testing
hosts: server3.example.com
tasks:
- name: SELinux State
selinux:
policy: targeted
state: enforcing
- name: SEbool
seboolean:
name: httpd_enable_homedirs
state: yes
persistent: yes
- name: Create File
copy:
content: "Hello World"
dest: /srv/helloworld.txt
- name: test
sefcontext:
target: /srv/helloworld.txt
setype: samba_share_t
state: present
- name: Apply new SELinux file context to filesystem
command: restorecon -irv /srv/helloworld.txt
- name: Set Port
seport:
ports: 8888
proto: tcp
setype: http_port_t
state: present
页:
[1]