EX294問題集PDFでEX294リアル試験問題解答 [Q13-Q34]

EX294問題集PDFでEX294リアル試験問題解答

時間限定！今すぐ試そうEX294試験 [2023] 問題集でRedHatのPDF問題

Redhat ex294試験の準備をするには、候補者がLinuxの管理とRed Hat Enterprise Linuxを使用した経験をしっかりと理解する必要があります。RedHatは、Red Hat System Administration III：Linuxを含む試験の準備を支援するためのいくつかのトレーニングコースを提供しています。 Ansible（RH294）コース付きの自動化。

 

質問 # 13
Create an Ansible vault to store user passwords as follows:
* The name of the vault is valut.yml
* The vault contains two variables as follows:
- dev_pass with value wakennym
- mgr_pass with value rocky
* The password to encrypt and decrypt the vault is atenorth
* The password is stored in the file /home/admin/ansible/password.txt

正解：

解説：
Solution as:
# pwd
/home/admin/ansible
# echo "atenorth" >password.txt
# chmod 0600 password.txt
# ansible-vault create vault.yml --vault-password-file=password.txt
---
- dev_pass: wakennym
- mgr_pass: rocky
:wq
# cat vault.yml
$ANSIBLE_VAULT;1.1;AES256
36383862376164316436353665343765643331393433373564613762666531313034336438353662
3464346331346461306337633632393563643531376139610a343531326130663266613533633562
38623439316631306463623761343939373263333134353264333834353264343934373765643737
3535303630626666370a643663366634383863393338616661666632353139306436316430616334
65386134393363643133363738656130636532346431376265613066326162643437643064313863
6633333537303334333437646163343666666132316639376531
# ansible-vault view vault.yml
password:******
---
- dev_pass: wakennym
- mgr_pass: rocky

質問 # 14
Install and configure ansible
User sandy has been created on your control node with the appropriate permissions already, do not change or modify ssh keys. Install the necessary packages to run ansible on the control node. Configure ansible.cfg to be in folder /home/sandy/ansible/ansible.cfg and configure to access remote machines via the sandy user. All roles should be in the path /home/sandy/ansible/roles. The inventory path should be in /home/sandy/ansible/invenlory.
You will have access to 5 nodes.
node1.example.com
node2.example.com
node3.example.com
node4.example.com
node5.example.com
Configure these nodes to be in an inventory file where node I is a member of group dev. nodc2 is a member of group test, node3 is a member of group proxy, nodc4 and node 5 are members of group prod. Also, prod is a member of group webservers.

正解：

解説：
In/home/sandy/ansible/ansible.cfg
[defaults]
inventory=/home/sandy/ansible/inventory
roles_path=/home/sandy/ansible/roles
remote_user= sandy
host_key_checking=false
[privilegeescalation]
become=true
become_user=root
become_method=sudo
become_ask_pass=false
In /home/sandy/ansible/inventory
[dev]
node 1 .example.com
[test]
node2.example.com
[proxy]
node3 .example.com
[prod]
node4.example.com
node5 .example.com
[webservers:children]
prod

質問 # 15
Create a file called packages.yml in /home/sandy/ansible to install some packages for the following hosts. On dev, prod and webservers install packages httpd, mod_ssl, and mariadb. On dev only install the development tools package. Also, on dev host update all the packages to the latest.

正解：

解説：
Solution as:

** NOTE 1 a more acceptable answer is likely 'present' since it's not asking to install the latest
state: present
** NOTE 2 need to update the development node
- name: update all packages on development node
yum:
name: '*'
state: latest

質問 # 16
Create a playbook that changes the default target on all nodes to multi-user tarqet. Do this in playbook file called target.yml in /home/sandy/ansible

正解：

解説：
- name: change default target
hosts: all
tasks:
- name: change target
file:
src: /usr/lib/systemd/system/multi-user.target dest: /etc/systemd/system/default.target state: link

質問 # 17
Create a file in /home/sandy/ansible/ called report.yml. Using this playbook, get a file called report.txt (make it look exactly as below). Copy this file over to all remote hosts at /root/report.txt. Then edit the lines in the file to provide the real information of the hosts. If a disk does not exist then write NONE.

• A. Solution as:
  
  
• B. Solution as:
  

正解：A

質問 # 18
Create user accounts
------------------------
--> A list of users to be created can be found in the file called user_list.yml
which you should download from http://classroom.example.com/user_list.yml and
save to /home/admin/ansible/
--> Using the password vault created elsewhere in this exam, create a playbook called
create_user.yml
that creates user accounts as follows:
--> Users with a job description of developer should be:
--> created on managed nodes in the "dev" and "test" host groups assigned the
password from the "dev_pass"
variable and these user should be member of supplementary group "devops".
--> Users with a job description of manager should be:
--> created on managed nodes in the "prod" host group assigned the password from
the "mgr_pass" variable
and these user should be member of supplementary group "opsmgr"
--> Passwords should use the "SHA512" hash format. Your playbook should work using
the vault password file
created elsewhere in this exam.
while practising you to create these file hear. But in exam have to download as per
questation.
user_list.yml file consist:
---
user:
- name: user1
job: developer
- name: user2
job: manager

正解：

解説：
Solution as:
# pwd
/home/admin/ansible
# wget http://classroom.example.com/user_list.yml
# cat user_list.yml
# vim create_user.yml
---
- name:
hosts: all
vars_files:
- ./user_list.yml
- ./vault.yml
tasks:
- name: creating groups
group:
name: "{{ item }}"
state: present
loop:
- devops
- opsmgr
- name: creating user
user:
name: "{{ item.name }}"
state: present
groups: devops
password: "{{ dev_pass|password_hash ('sha512') }}"
loop: "{{ user }}"
when: (inventory_hostname in groups['dev'] or inventory_hostname in
groups['test']) and item.job == "developer"
- name: creating user
user:
name: "{{ item.name }}"
state: present
groups: opsmgr
password: "{{ mgr_pass|password_hash ('sha512') }}"
loop: "{{ user }}"
when: inventory_hostname in groups['prod'] and item.job == "manager"
:wq!
# ansible-playbook create_user.yml --vault-password-file=password.txt --syntax-check
# ansible-playbook create_user.yml --vault-password-file=password.txt

質問 # 19
Create a role called sample-apache in /home/sandy/ansible/roles that enables and starts httpd, enables and starts the firewall and allows the webserver service. Create a template called index.html.j2 which creates and serves a message from /var/www/html/index.html Whenever the content of the file changes, restart the webserver service.
Welcome to [FQDN] on [IP]
Replace the FQDN with the fully qualified domain name and IP with the ip address of the node using ansible facts. Lastly, create a playbook in /home/sandy/ansible/ called apache.yml and use the role to serve the index file on webserver hosts.

正解：

解説：
/home/sandy/ansible/apache.yml

/home/sandy/ansible/roles/sample-apache/tasks/main.yml

/home/sandy/ansible/roles/sample-apache/templates/index.html.j2

In /home/sandy/ansible/roles/sample-apache/handlers/main.yml

質問 # 20
Use Ansible Galaxy with a requirements file called /home/admin/ansible/roles/
install.yml to download and install roles to /home/admin/ansible/roles from the
following URLs:
http:// classroom.example.com /role1.tar.gz The name of this role should be balancer
http:// classroom.example.com /role2.tar.gz The name of this role should be phphello

正解：

解説：
Solution as:
# pwd
/home/admin/ansible/roles
# vim install.yml
---
- src: http://classroom.example.com/role1.tar.gz
name: balancer
- src: http://classroom.example.com/role2.tar.gz
name: phphello
:wq!
# pwd
/home/admin/ansible
# ansible-galaxy install -r roles/install.yml -p roles

質問 # 21
Create a playbook called hwreport.yml that produces an output file called /root/
hwreport.txt on all managed nodes with the following information:
------------------------------------------------------------------------------------------------------
--> Inventory host name
--> Total memory in MB
--> BIOS version
--> Size of disk device vda
--> Size of disk device vdb
Each line of the output file contains a single key-value pair.
* Your playbook should:
--> Download the file hwreport.empty from the URL http://classroom.example.com/
hwreport.empty and
save it as /root/hwreport.txt
--> Modify with the correct values.
note: If a hardware item does not exist, the associated value should be set to NONE
----------------------------------------------------------------------------------------------
while practising you to create these file hear. But in exam have to download as per
questation.
hwreport.txt file consists.
my_sys=hostname
my_BIOS=biosversion
my_MEMORY=memory
my_vda=vdasize
my_vdb=vdbsize

正解：

解説：
Solution as:
# pwd
/home/admin/ansible
# vim hwreport.yml
- name:
hosts: all
ignore_errors: yes
tasks:
- name: download file
get_url:
url: http://classroom.example.com/content/ex407/hwreport.empty
dest: /root/hwreport.txt
- name: vdasize
replace:
regexp: "vdasize"
replace: "{{ ansible_facts.devices.vda.size }}"
dest: /root/hwreport.txt
register: op1
- debug:
var: op1
- name: none
replace:
regexp: "vdasize"
replace: NONE
dest: /root/hwreport.txt
when:
op1.failed == true
- name: vdbsize
replace:
regexp: "vdbsize"
replace: "{{ ansible_facts.devices.vdb.size }}"
dest: /root/hwreport.txt
register: op2
- debug:
var: op2
- name: none
replace:
regexp: "vdbsize"
replace: NONE
dest: /root/hwreport.txt
when:
op2.failed == true
- name: sysinfo
replace:
regexp: "{{item.src}}"
replace: "{{item.dest}}"
dest: /root/hwreport.txt
loop:
- src: "hostname"
dest: "{{ ansible_facts.fqdn }}"
- src: "biosversion"
dest: "{{ ansible_facts.bios_version }}"
- src: "memory"
dest: "{{ ansible_facts.memtotal_mb }}"
:wq!
# ansible-playbook hwreport.yml --syntax-check
# ansible-playbook hwreport.yml

質問 # 22
In /home/sandy/ansible/ create a playbook called logvol.yml. In the play create a logical volume called Iv0 and make it of size 1500MiB on volume group vgO If there is not enough space in the volume group print a message "Not enough space for logical volume" and then make a 800MiB Iv0 instead. If the volume group still doesn't exist, create a message "Volume group doesn't exist" Create an xfs filesystem on all Iv0 logical volumes. Don't mount the logical volume.

正解：

解説：
Solution as:

Topic 1, LAB SETUP
You will need to set up your lab by creating 5 managed nodes and one control node.
So 6 machines total. Download the free RHEL8 iso from Red Hat Developers website.
***Control node you need to set up***
You need to create some static ips on your managed nodes then on the control node set them up in the
/etc/hosts file as follows:
vim /etc/hosts
10.0.2.21 node1.example.com
10.0.2.22 node2.example.com
10.0.2.23 node3.example.com
10.0.2.24 node4.example.com
10.0.2.25 node5.example.com
yum -y install ansible
useradd ansible
echo password | passwd --stdin ansible
echo "ansible ALL=(ALL) NOPASSWD:ALL
su - ansible; ssh-keygen
ssh-copy-id node1.example.com
ssh-copy-id node2.example.com
ssh-copy-id node3.example.com
ssh-copy-id node4.example.com
ssh-copy-id node5.example.com
***Each manage node setup***
First, add an extra 2GB virtual harddisk to each control node 1,2,3. Then add an extra hard disk to control
node 4. Do not add an extra hard disk to node 5. When you start up these machines the extra disks should be
automatically located at /dev/sdb (or /dev/vdb depending on your hypervisor).
useradd ansible
echo password | passwd --stdin ansible
echo "ansible ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ansible
Note python3 should be installed by default, however if it is not then on both the control node and managed
nodes you can install it also set the default python3 if you are having trouble with python2 being the default.
yum -y install python3
alternatives --set python /usr/bin/python3
All machines need the repos available. You did this in RHSCA. To set up locally you just need to do the same
for each machine. Attach the rhel8 iso as a disk to virtualbox, kvm or whatever hypervisor you are using (this
will be /dev/sr0). Then inside the machine:
mount /dev/sr0 to /mnt
Then you will have all the files from the iso in /mnt.
mkdir /repo
cp -r /mnt /repo
vim /etc/yum.repos.d/base.repo
Inside this file:
[baseos]
name=baseos
baseurl=file:///repo/BaseOS
gpgcheck=0
Also the appstream
vim /etc/yum.repos.d/appstream.repo
Inside this file:
[appstream]
name=appstream
baseurl=file:///repo/AppStream
gpgcheck=0

質問 # 23
Create an ansible vault password file called lock.yml with the password reallysafepw in the /home/sandy/ansible directory. In the lock.yml file define two variables. One is pw_dev and the password is 'dev' and the other is pw_mgr and the password is 'mgr' Create a regular file called secret.txt which contains the password for lock.yml.

• A. ansible-vault create lock.yml
  New Vault Password: reallysafepw
  
• B. ansible-vault create lock.yml
  New Vault Password: reallysafepw
  Confirm: reallysafepw
  

正解：B

質問 # 24
Create a playbook /home/bob /ansible/motd.yml that runs on all inventory hosts and docs the following: The playbook should replaee any existing content of/etc/motd in the following text. Use ansible facts to display the FQDN of each host
On hosts in the dev host group the line should be "Welcome to Dev Server FQDN".
On hosts in the webserver host group the line should be "Welcome to Apache Server FQDN".
On hosts in the database host group the line should be "Welcome to MySQL Server FQDN".

正解：

解説：
/home/sandy/ansible/apache.yml

/home/sandy/ansible/roles/sample-apache/tasks/main.yml
Topic 2, LAB SETUP - 2
control.realmX.example.com _ workstation.lab.example.com
node1.realmX.example.com _ servera.lab.example.com
node2.realmX.example.com _ serverb.lab.example.com
node3.realmX.example.com _ serverc.lab.example.com
node4.realmX.example.com _ serverd.lab.example.com
node5.realmX.example.com
- username:root, password:redhat
- username:admin, password:redhat
note1. don't change 'root' or 'admin' password.
note2. no need to create ssh-keygen for access, its pre-defined
note3. SELinux is in enforcing mode and firewalld is disabled/stop on whole managed hosts.

質問 # 25
Create a file in /home/sandy/ansible/ called report.yml. Using this playbook, get a file called report.txt (make it look exactly as below). Copy this file over to all remote hosts at /root/report.txt. Then edit the lines in the file to provide the real information of the hosts. If a disk does not exist then write NONE.

正解：

解説：
Solution as:

質問 # 26
Create a file called specs.empty in home/bob/ansible on the local machine as follows:
HOST=
MEMORY=
BIOS=
VDA_DISK_SIZE=
VDB_DISK_SIZE=
Create the playbook /home/bob/ansible/specs.yml which copies specs.empty to all remote nodes' path /root/specs.txt. Using the specs.yml playbook then edit specs.txt on the remote machines to reflect the appropriate ansible facts.

正解：

解説：
Solution as:

質問 # 27
Create the users in the file usersjist.yml file provided. Do this in a playbook called users.yml located at /home/sandy/ansible. The passwords for these users should be set using the lock.yml file from TASK7. When running the playbook, the lock.yml file should be unlocked with secret.txt file from TASK 7.
All users with the job of 'developer' should be created on the dev hosts, add them to the group devops, their password should be set using the pw_dev variable. Likewise create users with the job of 'manager' on the proxy host and add the users to the group 'managers', their password should be set using the pw_mgr variable.

正解：

解説：
ansible-playbook users.yml -vault-password-file=secret.txt

質問 # 28
Create a playbook called webdev.yml in 'home/sandy/ansible. The playbook will create a directory Avcbdev on dev host. The permission of the directory are 2755 and owner is webdev. Create a symbolic link from /Webdev to /var/www/html/webdev. Serve a file from Avebdev7index.html which displays the text "Development" Curl http://node1.example.com/webdev/index.html to test

• A. Solution as:
  
• B. Solution as:
  

正解：B

質問 # 29
Generate a hosts file:
* Download an initial template file hosts.j2 from http://classroom.example.com/
hosts.j2 to
/home/admin/ansible/ Complete the template so that it can be used to generate a file with a line for each inventory host in the same format as /etc/hosts:
172.25.250.9 workstation.lab.example.com workstation
* Create a playbook called gen_hosts.yml that uses this template to generate the file /etc/myhosts on hosts in the dev host group.
* When completed, the file /etc/myhosts on hosts in the dev host group should have a line for each managed host:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.10 serevra.lab.example.com servera
172.25.250.11 serevrb.lab.example.com serverb
172.25.250.12 serevrc.lab.example.com serverc
172.25.250.13 serevrd.lab.example.com serverd
-----------------------------------------------------------------
while practising you to create these file hear. But in exam have to download as per questation.
hosts.j2 file consists.
localhost localhost.localdomain localhost4 localhost4.localdomain4
::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
-------------------------------------------------------------------

正解：

解説：
Solution as:
# pwd
/home/admin/ansible
# wget http://classroom.example.com/hosts.j2
# vim hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]
['ansible_facts']['fqdn'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
:wq!
# vim gen_hosts.yml
---
- name: collecting all host information
hosts: all
tasks:
- name:
template:
src: hosts.j2
dest: /etc/myhosts
when: inventory_hostname in groups['dev']
:wq
# ansible-playbook gen_hosts.yml --syntax-check
# ansible-playbook gen_hosts.yml

質問 # 30
Create and run an Ansible ad-hoc command.
--> As a system administrator, you will need to install software on the managed
nodes.
--> Create a shell script called yum-pack.sh that runs an Ansible ad-hoc command to
create yum-repository on each of the managed nodes as follows:
--> repository1
-----------
1. The name of the repository is EX407
2. The description is "Ex407 Description"
3. The base URL is http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/
4. GPG signature checking is enabled
5. The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEYredhat-
release
6. The repository is enabled
--> repository2
-----------
1. The name of the repository is EXX407
2. The description is "Exx407 Description"
3. The base URL is http://content.example.com/rhel8.0/x86_64/dvd/AppStream/
4. GPG signature checking is enabled
5. The GPG key URL is http://content.example.com/rhel8.0/x86_64/dvd/ RPM-GPG-KEYredhat-
release
6. The repository is enabled

正解：

解説：
Solution as:
# pwd
/home/admin/ansible
# vim yum-pack.sh
#!/bin/bash
ansible all -m yum_repository -a 'name=EX407 description="Ex407 Description"
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS/ gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled=yes'
ansible all -m yum_repository -a 'name=EXX407 description="Exx407 Description"
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream/ gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled=yes'
:!wq
# chmod +x yum-pack.sh
# bash yum-pack.sh
# ansible all -m command -a 'yum repolist all'

質問 # 31
Create a file called requirements.yml in /home/sandy/ansible/roles a file called role.yml in /home/sandy/ansible/. The haproxy-role should be used on the proxy host. And when you curl http://node3.example.com it should display "Welcome to node4.example.com" and when you curl again "Welcome to node5.example.com" The php-role should be used on the prod host.

正解：

解説：
Solution as:

Check the proxy host by curl http://node3.example.com

質問 # 32
Rekey an existing Ansible vault as follows:
-----------------------------------------------
* Download Ansible vault from http:// classroom.example.com /secret.yml to /home/
admin/ansible/
* The current vault password is curabete
* The new vault password is newvare
* The vault remains in an encrypted state with the new password

正解：

解説：
Solution as:
# pwd
/home/admin/ansible/
# wget http://classroom.example.com/secret.yml
# chmod 0600 newpassword.txt
# ansible-vault rekey vault.yml --new-vault-password-file=newpassword.txt

質問 # 33
Create a playbook called regulartasks.yml which has the system that append the date to /root/datefile every day at noon. Name is job 'datejob'

正解：

解説：
Solution as:

質問 # 34
......

EX294プレミアム試験エンジンとPDFダウンロード：https://www.jpntest.com/shiken/EX294-mondaishu