mateuszstompor / rhce-ex294-exam Goto Github PK

Repository containing questions preparing for EX294 exam

License: MIT License

ex294 rhce rhce8 rhce-certification redhat exam ansible rhce-exam redhat-certified-engineer

rhce-ex294-exam's Introduction

EX294 Exam Preparations

Repository contains exercises preparing for EX294 exam. It should be treated as a database of questions but the readers need to keep in mind that none of them was taken from the actual test. They were created based on the study point available at RedHat's website

Inspiration

Content present in the repository is inspierd by other people' sample exams, redhat training exercises and my own invention. Use links below to check them out

Infrastructure assumptions

In order to perform the exercises plan of the infrastructure must be established. What I present is similar to configuration used by RedHat in their course preparing for the exam - RH294. Look at one of my repositories to save time provisioning the machines on your own and have a cluster that is you can exercise against

Hosts

There are five servers used in total throughout the objectives. All ansible code should be written and executed from the controller node. Most of the exercises are targetted at changing configuration of managed host but modification of controller is something that the person preparing for the test should be able to do as well

controller - control node
managed1 - managed node
managed2 - managed node
managed3 - managed node
managed4 - managed node

Network

Access to each host should be possible with use of short name as well as fqdn which is build by concatenating short name with .example.com, e. g. controller.example.com. All of the nodes should have NAT access on top of direct access to each other

Users

Initially, there is a single user created on the servers

root - accessed by password vagrant

Authentication against other servers

Managed nodes can be accessed via ssh from the controller, without password with use of root user

System

All machines were provisioned with RHEL8/CentOS8 system

Requirements

ansible 2.8 - on control node
python3 - on both control and managed
sshd - up and running everywhere

rhce-ex294-exam's People

Contributors

Stargazers

Watchers

Forkers

gr8alex ramonvanstijn samir-maniyar antara24 levalves sbhamare89 marc-cenon dongjinmedia allansong2012 chavezdf zhuroy mndambuki edmtiong gzxl4r mrp1xel olwimamdouh viniciuscwa phavn zer02wosec juanma11r istrate itester394 cupofcaffeine faical2014 arnav300 sameerecb irvinmarceloc cryptsight sathya-narayana jhonatangiru ilhanerglu abakabir sbhatia-rgare haroldchandu jbelmont arw-thomasm gudsingh manojkavali96 drumata danieljesusleon lnrdlnx mshiin akash-sethi-redhat michael-leon gosandeep suhas-umashankar vikaskumar144 kentclark20 mktsnix pradeeppasupuleti infymp9 kigeorge imadsvx hooda992 jfidel87 eu-devops psehgaft injeti-manohar adsh64 nsavor jdmarshall95 zeeshan-github-project williamsun-hha pkamnani dibinjacob haward-a

rhce-ex294-exam's Issues

Environment presets

Questions:
-It is important to know how control node and remote nodes are preset.
-All remote nodes should have the same root password? All these commands will been executed by root on remote hosts, because automation user has not been created yet. Does root user on remote nodes should be configured passwordless?
-Why you use sudo instead of using -u root -k?
-First you should add the inventory hosts in known_hosts, because always request validation, unless you deactivate this first. Did you?

sudo ansible all -m user -a "name=automation password={{ 'devops' | password_hash('sha512', 'salt')}}"
sudo ansible all -m authorized_key -a "key={{ lookup('file', '/home/automation/.ssh/id_rsa.pub') }} user=automation"
sudo ansible all -m copy -a 'content="automation ALL=(ALL) NOPASSWD:ALL" dest=/etc/sudoers.d/automation'

03.Archiving solution : Flat parameter missing on the fetch task

In 03.Archiving solution

If flat parameter for the fetch task is not set to true, it try to store file in
/backup/managed4-configuration.gz/managed4.example.com/backup instead of /backup/

from ansible-doc
flat: # Allows you to override the default behavior of appending hostname/path/to/file to the destination.
If `dest' ends with '/', it will use the basename of the source file, similar to the copy module.
This can be useful if working with a single host, or if retrieving files that are uniquely named per host. If using multiple hosts with the same filename, the file will be overwritten for each host.

authorized_key and openssh_keypair are not part ansible core.

authorized_key and openssh_keypair are not part of ansible-core.
And need to be installed separately

ansible-galaxy collection install  community.crypto
ansible-galaxy collection install  ansible.posix

If authorized_key is going to be executed via sudo, like in solution of 2nd exercise ,make sure that the collection is available for root.

sudo ansible-galaxy collection list ansible.posix

Otherwise will get below error.
"The module authorized_key was redirected to ansible.posix.authorized_key, which could not be loaded."
To fix just re-run collection installation through sudo

sudo ansible-galaxy collection install ansible.posix

05. ansible facts - solution: wrong hostgroup in the command line to verify

ansible database -m setup | grep ansible_local -A 3

Should be

ansible proxy -m setup | grep ansible_local -A 3

04. Group differentiation

The solution do not take care of a detail. the managed3.example.com is member of the webservers and database host group. So the final motd for this server should have 2 lines:

Welcome to MySQL database
Welcome to Apache server

Your solution do not work properly in this case.