Question : There are some files that need to be created on all app servers in Stratos DC. The Nautilus DevOps team want these files to be owned by user root only; however, they also want that app-specific user to have a set of permissions to these files. All tasks must be done using Ansible only, so they need to create a playbook. Below you can find more information about the task.
Create a playbook.yml under /home/thor/ansible on jump host, an inventory file is already present under /home/thor/ansible on Jump Server itself.
Create an empty file blog.txt under /opt/sysops/ directory on app server 1. Set some acl properties for this file. Using acl provide read '(r)' permissions to group tony (i.e entity is tony and etype is group).
Create an empty file story.txt under /opt/sysops/ directory on app server 2. Set some acl properties for this file. Using acl provide read + write '(rw)' permissions to user steve (i.e entity is steve and etype is user).
Create an empty file media.txt under /opt/sysops/ on app server 3. Set some acl properties for this file. Using acl provide read + write '(rw)' permissions to group banner (i.e entity is banner and etype is group).
Note: Validation will try to run playbook using command ansible-playbook -i inventory playbook.yml so please make sure playbook works this way, without passing any extra arguments.
Please Note :- Perform the below commands based on your question server, user name & other details that might differ. So please read the task carefully before executing it. All the Best 👍
1. Go through the folder mentioned in task and create inventory & playbook files
|
thor@jump_host
/$ cd /home/thor/ansible/ thor@jump_host
~/ansible$ ll total 8 -rw-r--r-- 1
thor thor 36 Jul 22 14:29 ansible.cfg -rw-r--r-- 1
thor thor 237 Jul 22 14:29 inventory thor@jump_host
~/ansible$ |
|
thor@jump_host
~/ansible$ ansible all -a "ls
-ltr /opt/sysops/" -i inventory stapp03 |
CHANGED | rc=0 >> total 0 stapp01 |
CHANGED | rc=0 >> total 0 stapp02 |
CHANGED | rc=0 >> total 0 thor@jump_host
~/ansible$ |
|
thor@jump_host
~/ansible$ vi playbook.yml thor@jump_host
~/ansible$ cat playbook.yml - name: Create
file and set ACL in Host 1 hosts: stapp01 become: yes tasks: - name: Create the blog.txt on stapp01 file: path: /opt/sysops/blog.txt state: touch - name: Set ACL for blog.txt acl: path: /opt/sysops/blog.txt entity: tony etype: group permissions: r state: present - name: Create
file and set ACL in Host 2 hosts: stapp02 become: yes tasks: - name: Create the story.txt on stapp02 file: path: /opt/sysops/story.txt state: touch - name: Set ACL for story.txt acl: path: /opt/sysops/story.txt entity: steve etype: user permissions: rw state: present - name: Create
file and set ACL in Host 3 hosts: stapp03 become: yes tasks: - name: Create the media.txt on stapp03 file: path: /opt/sysops/media.txt state: touch - name: Set ACL for media.txt acl: path: /opt/sysops/media.txt entity: banner etype: group permissions: rw state: present thor@jump_host
~/ansible$ |
|
thor@jump_host
~/ansible$ ansible-playbook -i
inventory playbook.yml
PLAY [Create
file and set ACL in Host 1]
************************************************************************************
TASK [Gathering
Facts]
****************************************************************************************************** ok: [stapp01]
TASK [Create the
blog.txt on stapp01]
*************************************************************************************** changed:
[stapp01]
TASK [Set ACL
for blog.txt]
************************************************************************************************* changed:
[stapp01]
PLAY [Create
file and set ACL in Host 2]
************************************************************************************
TASK [Gathering
Facts] ****************************************************************************************************** ok: [stapp02]
TASK [Create the
story.txt on stapp02]
************************************************************************************** changed:
[stapp02]
TASK [Set ACL
for story.txt] ************************************************************************************************ changed:
[stapp02]
PLAY [Create
file and set ACL in Host 3]
************************************************************************************
TASK [Gathering
Facts] ****************************************************************************************************** ok: [stapp03]
TASK [Create the
media.txt on stapp03]
************************************************************************************** changed:
[stapp03]
TASK [Set ACL
for media.txt]
************************************************************************************************ changed:
[stapp03]
PLAY RECAP
****************************************************************************************************************** stapp01 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 stapp02 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 stapp03 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
thor@jump_host
~/ansible$ |
|
thor@jump_host
~/ansible$ ansible all -a "ls
-ltr /opt/sysops/" -i inventory stapp01 |
CHANGED | rc=0 >> total 0 -rw-r--r--+ 1
root root 0 Jul 22 14:37 blog.txt stapp03 |
CHANGED | rc=0 >> total 0 -rw-rw-r--+ 1
root root 0 Jul 22 14:37 media.txt stapp02 |
CHANGED | rc=0 >> total 0 -rw-rw-r--+ 1
root root 0 Jul 22 14:37 story.txt thor@jump_host
~/ansible$ |
Happy Learning!!!!
0 Comments