· 5 years ago · Feb 10, 2020, 10:14 PM
1cat > modules_adhoc.xml << EOF
2<scenario>
3
4<magicked>
51
6</magicked>
7
8<description>
9 <description>
10 Create and run an Ansible ad-hoc command
11 </description>
12</description>
13
14<task>
15 <task>
16 <text>
17 As a system administrator, you will need to install software on the managed nodes.
18 <p>
19 Create a shell script called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ADHOC_SCRIPT}</code>
20 that runs an Ansible ad-hoc command to create a <code>yum</code> repository on each of
21 the managed nodes as follows:
22 </p>
23 <ol>
24 <li>
25 The name of the repository is <code>\${EP_YUMREPO_NAME}</code>
26 </li>
27 <li>
28 The description is <code>\${EP_YUMREPO_DESCRIPTION}</code>
29 </li>
30 <li>
31 The base URL is <url>http://\${DYN_SERVERFQDN}\${EP_YUMREPO_BASEURL}</url>
32 </li>
33 <li>
34 GPG signature checking is enabled
35 </li>
36 <li>
37 The GPG key URL is <url>http://\${DYN_SERVERFQDN}\${EP_YUMREPO_BASEURL}/\${EP_YUMREPO_GPGKEY}</url>
38 </li>
39 <li>
40 The repository is enabled
41 </li>
42 </ol>
43 </text>
44 </task>
45</task>
46</scenario>
47
48<!--
49vi:ts=4
50-->
51EOF
52cat > modules_create_content.xml << EOF
53<scenario>
54
55<magicked>
561
57</magicked>
58
59<description>
60 <description>
61 Create a web content directory
62 </description>
63</description>
64
65<task>
66 <task>
67 <text>
68 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_WEBDIR}</code> as follows:
69 <ol>
70 <li>
71 The playbook runs on managed nodes in the <code>dev</code> host group
72 </li>
73 <li>
74 Create the directory <code>\${EP_WEBDIR_NAME}</code> with the following requirements:
75 <ol>
76 <li>
77 membership in the <code>\${EP_WEBDIR_GROUP}</code> group
78 </li>
79 <li>
80 regular permissions: owner=read+write+execute, group=read+write+execute, other=read+execute
81 </li>
82 <li>
83 special permissions: set group ID
84 </li>
85 </ol>
86 </li>
87 <li>
88 Symbolically link <code>/var/www/html\${EP_WEBDIR_NAME}</code> to <code>\${EP_WEBDIR_NAME}</code>
89 </li>
90 <li>
91 Create the file <code>\${EP_WEBDIR_NAME}/index.html</code> with a single line of text
92 that reads: <code>Development</code>
93 </li>
94 </ol>
95 </text>
96 </task>
97</task>
98</scenario>
99
100<!--
101vi:ts=4
102-->
103EOF
104cat > modules_create_partition.xml << EOF
105<scenario>
106
107<magicked>
1081
109</magicked>
110
111<description>
112 <description>
113 Create and use a partition
114 </description>
115</description>
116
117<task>
118 <task>
119 <text>
120 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_ERRORS}</code>
121 that runs on all managed nodes that does the following:
122 <ol>
123 <li>
124 Creates a single primary partition number 1 of size <code>\${EP_PARTITION_SIZE1}</code> on device
125 <code>\${EP_PARTITION_DEVICE}</code>
126 </li>
127 <li>
128 Formats the partition with the <code>\${EP_PARTITION_FSTYPE}</code> filesystem
129 </li>
130 <li>
131 Mounts the filesystem persistently at <code>\${EP_PARTITION_MOUNT}</code>
132 </li>
133 <li>
134 If the requested partition size cannot be created, the error message
135 <p>
136 <code>\${EP_PARTITION_SIZEMSG}</code>
137 </p>
138 should be displayed and the size
139 <code>\${EP_PARTITION_SIZE2}</code> should be used instead.
140 </li>
141 <li>
142 If the device <code>\${EP_PARTITION_DEVICE}</code> does not exist, the error message
143 <p>
144 <code>\${EP_PARTITION_DEVMSG}</code>
145 </p>
146 should be displayed.
147 </li>
148 </ol>
149 </text>
150 </task>
151</task>
152</scenario>
153
154<!--
155vi:ts=4
156-->
157EOF
158cat > modules_create_role.xml << EOF
159<scenario>
160
161<magicked>
1621
163</magicked>
164
165<description>
166 <description>
167 Create and use a role
168 </description>
169</description>
170
171<task>
172 <task>
173 <text>
174 Create a role called <code>apache</code> in <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_ROLES}</code>
175 with the following requirements:
176 <ol>
177 <li>
178 The <code>httpd</code> package is installed, enabled on boot, and started
179 </li>
180 <li>
181 The firewall is enabled and running with a rule to allow access to the web server
182 </li>
183 <li>
184 A template file <code>index.html.j2</code> exists and is used to create the file
185 <code>/var/www/html/index.html</code> with the following output:
186 <p/>
187 <code>Welcome to HOSTNAME on IPADDRESS</code>
188 <p/>
189 where <code>HOSTNAME</code> is the fully qualified
190 domain name of the managed node and <code>IPADDRESS</code> is the IP address of the managed node.
191 </li>
192 </ol>
193 <p/>
194 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_NEW_ROLE}</code> that uses this role as follows:
195 <ol>
196 <li>
197 The playbook runs on hosts in the <code>webservers</code> host group
198 </li>
199 </ol>
200 </text>
201 </task>
202</task>
203</scenario>
204
205<!--
206vi:ts=4
207-->
208EOF
209cat > modules_create_vault.xml << EOF
210<scenario>
211
212<magicked>
2131
214</magicked>
215
216<description>
217 <description>
218 Create a password vault
219 </description>
220</description>
221
222<task>
223 <task>
224 <text>
225 Create an Ansible vault to store user passwords as follows:
226 <ol>
227 <li>
228 The name of the vault is <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_VAULT_NAME}</code>
229 </li>
230 <li>
231 The vault contains two variables as follows:
232 <ol>
233 <li>
234 <code>\${EP_VAULT_DEVVAR}</code> with value <code>\${EP_VAULT_DEVPW}</code>
235 </li>
236 <li>
237 <code>\${EP_VAULT_MGRVAR}</code> with value <code>\${EP_VAULT_MGRPW}</code>
238 </li>
239 </ol>
240 </li>
241 <li>
242 The password to encrypt and decrypt the vault is <code>\${EP_VAULT_PASSWORD}</code>
243 </li>
244 <li>
245 The password is stored in the file
246 <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_VAULT_PWFILE}</code>
247 </li>
248 </ol>
249 </text>
250 </task>
251</task>
252</scenario>
253
254<!--
255vi:ts=4
256-->
257EOF
258cat > modules_gen_hosts.xml << EOF
259<scenario>
260
261<magicked>
2621
263</magicked>
264
265<description>
266 <description>
267 Generate a hosts file
268 </description>
269</description>
270
271<task>
272 <task>
273 <text>
274 <ol>
275 <li>
276 Download an initial template file called <code>hosts.j2</code> from
277 <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}</url>
278 to <code>\${EP_ANSIBLE_PLAYBOOKS}</code>
279 </li>
280 <li>
281 Complete the template so that it can be used to generate a file
282 with a line for each inventory host
283 in the same format as <code>/etc/hosts</code>
284 </li>
285 <li>
286 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_GEN_HOSTS}</code> that
287 uses this template to generate the file <code>\${EP_MY_HOSTS}</code> on hosts in
288 the <code>dev</code> host group.
289 </li>
290 </ol>
291 When completed, the file <code>\${EP_MY_HOSTS}</code> on hosts in the <code>dev</code> host group
292 should have a line for each managed host:
293 <p/>
294 <code>
295 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br/>
296 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<br/>
297 <p/>
298 <p/>
299 \${DYN_NODE1_IP} \${DYN_NODE1FQDN} \${EP_CANDSYS1}<br/>
300 \${DYN_NODE2_IP} \${DYN_NODE2FQDN} \${EP_CANDSYS2}<br/>
301 \${DYN_NODE3_IP} \${DYN_NODE3FQDN} \${EP_CANDSYS3}<br/>
302 \${DYN_NODE4_IP} \${DYN_NODE4FQDN} \${EP_CANDSYS4}<br/>
303 \${DYN_NODE5_IP} \${DYN_NODE5FQDN} \${EP_CANDSYS5}<br/>
304 </code>
305 </text>
306 </task>
307</task>
308</scenario>
309
310<!--
311vi:ts=4
312-->
313EOF
314cat > modules_hwreport.xml << EOF
315<scenario>
316
317<magicked>
3181
319</magicked>
320
321<description>
322 <description>
323 Generate a hardware report
324 </description>
325</description>
326
327<task>
328 <task>
329 <text>
330 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_HWREPORT}</code> that produces
331 an output file called <code>\${EP_HWREPORT_FILE}</code> on all managed nodes with the following
332 information:
333 <ol>
334 <li>
335 Inventory host name
336 </li>
337 <li>
338 Total memory in MB
339 </li>
340 <li>
341 BIOS version
342 </li>
343 <li>
344 Size of disk device <code>vda</code>
345 </li>
346 <li>
347 Size of disk device <code>vdb</code>
348 </li>
349 <li>
350 Each line of the output file contains a single <i>key</i>=<i>value</i> pair.
351 </li>
352 </ol>
353 Your playbook should:
354 <ol>
355 <li>
356 Download the file <code>hwreport.empty</code> from the URL <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}</url>
357 and save it as <code>\${EP_HWREPORT_FILE}</code>
358 </li>
359 <li>
360 Modify <code>\${EP_HWREPORT_FILE}</code> with the correct values
361 </li>
362 <li>
363 If a hardware item does not exist, the associated value should be set to
364 <b><code>NONE</code></b>
365 </li>
366 </ol>
367 </text>
368 </task>
369</task>
370</scenario>
371
372<!--
373vi:ts=4
374-->
375EOF
376cat > modules_install_ansible.xml << EOF
377<scenario>
378
379<magicked>
3801
381</magicked>
382
383<description>
384 <description>
385 Install and configure Ansible
386 </description>
387</description>
388
389<task>
390 <task>
391 <text>
392 Install and configure Ansible on the control node <code>\${DYN_ANSIBLEFQDN}</code> as follows:
393 <ol>
394 <li>
395 Install the required packages
396 </li>
397 <li>
398 Create a static inventory file called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_INVENTORY}</code> as follows:
399 <ol>
400 <li>
401 <code>\${EP_CANDSYS1}</code> is a member of the <code>dev</code> host group
402 </li>
403 <li>
404 <code>\${EP_CANDSYS2}</code> is a member of the <code>test</code> host group
405 </li>
406 <li>
407 <code>\${EP_CANDSYS3}</code> and <code>\${EP_CANDSYS4}</code> are members of the <code>prod</code> host group
408 </li>
409 <li>
410 <code>\${EP_CANDSYS5}</code> is a member of the <code>balancers</code> host group
411 </li>
412 <li>
413 The <code>prod</code> group is a member of the <code>webservers</code> host group
414 </li>
415 </ol>
416 </li>
417 <li>
418 Create a configuration file called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_CONFIG}</code> as follows:
419 <ol>
420 <li>
421 The host inventory file <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_INVENTORY}</code> is defined
422 </li>
423 <li>
424 The location of roles used in playbooks is defined as <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_ROLES}</code>
425 </li>
426 </ol>
427 </li>
428 </ol>
429 </text>
430 </task>
431</task>
432</scenario>
433
434<!--
435vi:ts=4
436-->
437EOF
438cat > modules_install_packages.xml << EOF
439<scenario>
440
441<magicked>
4421
443</magicked>
444
445<description>
446 <description>
447 Install packages
448 </description>
449</description>
450
451<task>
452 <task>
453 <text>
454 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_YUM}</code> that:
455 <ol>
456 <li>
457 Installs the <code>php</code> and <code>mariadb</code> packages on hosts in the
458 <code>dev</code>, <code>test</code>, and <code>prod</code> host groups
459 </li>
460 <li>
461 Installs the <code>Development Tools</code> package group
462 on hosts in the <code>dev</code> host group
463 </li>
464 <li>
465 Updates all packages to the latest version
466 on hosts in the <code>dev</code> host group
467 </li>
468 </ol>
469 </text>
470 </task>
471</task>
472</scenario>
473
474<!--
475vi:ts=4
476-->
477EOF
478cat > modules_instructions.xml << EOF
479<scenario>
480
481<magicked>
4821
483</magicked>
484
485<description>
486 <description>
487 <h2>Important configuration information</h2>
488 </description>
489</description>
490
491<task>
492 <task>
493 <text>
494
495 <p/>
496 During the exam you will be working with several virtual systems in
497 addition to the desktop at which you are seated. You do not have root
498 access to the desktop system however you have full root access to
499 the virtual systems.
500
501 <p/>
502 <b>System Information</b>
503 <br/>
504 You will be working with the following virtual systems for this exam:
505 <p/>
506 <table cellspacing='10'>
507 <tr>
508 <td><b>System</b></td><td><b>IP Address</b></td><td><b>Role</b></td>
509 </tr>
510 <tr>
511 <td><code>\${DYN_ANSIBLEFQDN}</code></td><td><code>\${DYN_ANSIBLE_IP}</code></td>
512 <td><code>Ansible control node</code></td>
513 </tr>
514 <tr>
515 <td><code>\${DYN_NODE1FQDN}</code></td><td><code>\${DYN_NODE1_IP}</code></td>
516 <td><code>Ansible managed node</code></td>
517 </tr>
518 <tr>
519 <td><code>\${DYN_NODE2FQDN}</code></td><td><code>\${DYN_NODE2_IP}</code></td>
520 <td><code>Ansible managed node</code></td>
521 </tr>
522 <tr>
523 <td><code>\${DYN_NODE3FQDN}</code></td><td><code>\${DYN_NODE3_IP}</code></td>
524 <td><code>Ansible managed node</code></td>
525 </tr>
526 <tr>
527 <td><code>\${DYN_NODE4FQDN}</code></td><td><code>\${DYN_NODE4_IP}</code></td>
528 <td><code>Ansible managed node</code></td>
529 </tr>
530 <tr>
531 <td><code>\${DYN_NODE5FQDN}</code></td><td><code>\${DYN_NODE5_IP}</code></td>
532 <td><code>Ansible managed node</code></td>
533 </tr>
534 </table>
535
536 <p/>
537 The IP addresses for these systems are set statically. Do not change
538 these settings.
539
540 <p/>
541 <b>Account Information</b>
542 <p/>
543 The <b>root</b> password for all systems is <b><code>\${DYN_PASSWORD}</code></b>
544 <p/>
545 Do not change the <b>root</b> password. Unless otherwise specified, this will be
546 the password you use to access other systems and services. Also,
547 unless otherwise specified, you should
548 use this password for any accounts that you create or for any services
549 that require a password be set.
550
551 <p/>
552 For your convenience, SSH keys have been pre-installed on all of your
553 systems to allow <b>root</b> access via ssh without having to enter
554 a password. Do not make any modifications to the <b>root</b> SSH
555 configuration files on your systems.
556
557 <p/>
558 The user account <b>\${EP_ANSIBLE_ADMIN}</b> has been created on the Ansible control node.
559 This account has SSH keys pre-installed to allow SSH login
560 between the Ansible control node and each of the Ansible managed nodes.
561 Do not make any modifications to the <b>\${EP_ANSIBLE_ADMIN}</b> SSH
562 configuration files on your systems.
563 You can access this
564 user account using <code>su</code> from the <b>root</b> account.
565
566 <p/>
567 Unless otherwise specified, all of your work (including Ansible playbooks,
568 configuration files, host inventories, etc.) should exist on the control node
569 in the directory <code>\${EP_ANSIBLE_PLAYBOOKS}</code> and should be owned
570 by the <b>\${EP_ANSIBLE_ADMIN}</b> user. All Ansible related commands
571 should be run from that directory on the Ansible control node by the
572 <b>\${EP_ANSIBLE_ADMIN}</b> user.
573
574 <p/>
575 <b>Other Information</b>
576 <p/>
577 Some exam items may require modification of the Ansible host inventory.
578 It is your responsibility to make sure
579 that all previous inventory groups and items will exist with any other
580 changes. It is also your responsibility to make sure all
581 default groups and hosts in the inventory remain with any changes you
582 make.
583
584 <p/>
585 The firewall on your exam systems is not enabled by default and
586 SELinux is in Permissive mode.
587
588 <p/>
589 Should you need to install additional software, your physical systems and
590 the Ansible control node have been set up to point to the following
591 repositories on <code>\${DYN_SERVERFQDN}</code>:
592 <ul>
593 <li>
594 <url>http://\${DYN_SERVERFQDN}\${EP_RHELDIR}</url>
595 </li>
596 </ul>
597
598 <p/>
599 Some items require additional files which have been provided for you
600 at the following location:
601 <ul>
602 <li>
603 <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}</url>
604 </li>
605 </ul>
606
607 <p/>
608 Product documentation can be found at:
609 <ul>
610 <li>
611 <url>http://\${DYN_SERVERFQDN}\${EP_ANSIBLE_DOC_URL}/Ansible2.7-Docs/docs.ansible.com/ansible/latest/index.html</url>
612 </li>
613 </ul>
614
615 <p/>
616 Other resources have been configured for your use during the exam.
617 Specific information about these resources will be provided in the
618 items which require those resources.
619
620 <p/>
621 <b>IMPORTANT</b>
622 <p/>
623 Please note that prior to grading, your <b>Ansible managed node systems</b>
624 will be reset to their initial state as they existed at the start of the exam and the
625 Ansible playbooks you have written will be applied by running them as
626 the <b>\${EP_ANSIBLE_ADMIN}</b> user from the playbook directory
627 <code>\${EP_ANSIBLE_PLAYBOOKS}</code> on the control node.
628 After your playbooks have been run, your managed nodes will be evaluated
629 to determine whether they have been configured as specified.
630
631 <p/>
632 <h3>Virtual System Management</h3>
633
634 During the exam, you may shut down or reboot your virtual system
635 at any time. You may do this from the virtual system itself
636 or you can control the virtual system from your physical system.
637
638 <p/>
639 You may access your exam system via ssh or via its console
640 (described below). Note that ssh access may be dependent on
641 your solving of other exam items.
642
643 <p/>
644 To access or control your exam system from your physical system,
645 click on the <b>VM Control Console</b> icon on your desktop. This
646 will present a table containing a button for each one of your
647 virtual systems. Clicking on the button for a particular virtual
648 system will bring up a menu with four options for that system:
649 <p/>
650 <ol>
651 <li>
652 Start <i>node</i> VM - this will start the named virtual system if it
653 is not running. If the system is already running this has no effect.
654 <p/>
655 </li>
656 <li>
657 Reboot <i>node</i> VM - this will do a graceful shut down of your
658 exam virtual system followed by a restart.
659 <p/>
660 </li>
661 <li>
662 Shutdown <i>node</i> VM - this will do a graceful shut down of of the
663 named virtual system.
664 <p/>
665 </li>
666 <li>
667 Power Off <i>node</i> VM - this will <b>immediately</b> shut down the
668 named virtual system.
669 <p/>
670 </li>
671 <li>
672 VM Console <i>node</i> - this will open a window that connects to the
673 console of the named virtual system. Note that the console will
674 'grab' your mouse pointer when you shift focus to this window. To
675 release the mouse, type <b>Ctrl+Alt</b> simultaneously.
676 <p/>
677 </li>
678 <li>
679 Rebuild <i>node</i> VM - this will revert the current VM to its
680 original state. You will be asked to confirm in a separate pop-up
681 window. <b>WARNING!!!</b> Any work you have done on the VM will be
682 <b>LOST</b>. You should only use this feature if you have managed
683 to render your system unusable. Before using this feature, please
684 make sure you have powered off your VM.
685 </li>
686 </ol>
687
688 <p/>
689 <h3>Other Information</h3>
690
691 Each exam task has a set of radio buttons associated with it that you
692 can use to indicate which items you have completed and which items you
693 wish to revisit. You do not need to use these if you do not wish to
694 however. The buttons serve no purpose other than to give you an easy
695 way to mark the status of each particular item if you so choose.
696
697 <p/>
698 <h3>Item Feedback</h3>
699
700 If you choose to, you may also provide feedback on individual exam
701 items by clicking on the '<i>Provide feedback on this item</i>' button.
702
703 </text>
704 </task>
705</task>
706</scenario>
707
708<!--
709vi: ts=4
710-->
711EOF
712cat > modules_modify_file.xml << EOF
713<scenario>
714
715<magicked>
7161
717</magicked>
718
719<description>
720 <description>
721 Modify file content
722 </description>
723</description>
724
725<task>
726 <task>
727 <text>
728 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_MODIFY_FILE}</code> as follows:
729 <ol>
730 <li>
731 The playbook runs on all inventory hosts
732 </li>
733 <li>
734 The playbook replaces the contents of <code>/etc/issue</code> with a single line of text as follows:
735 <ol>
736 <li>
737 On hosts in the <code>dev</code> host group, the line reads: <code>Development</code>
738 </li>
739 <li>
740 On hosts in the <code>test</code> host group, the line reads: <code>Test</code>
741 </li>
742 <li>
743 On hosts in the <code>prod</code> host group, the line reads: <code>Production</code>
744 </li>
745 </ol>
746 </li>
747 </ol>
748 </text>
749 </task>
750</task>
751</scenario>
752
753<!--
754vi:ts=4
755-->
756EOF
757cat > modules_rekey_vault.xml << EOF
758<scenario>
759
760<magicked>
7611
762</magicked>
763
764<description>
765 <description>
766 Rekey an Ansible vault
767 </description>
768</description>
769
770<task>
771 <task>
772 <text>
773 Rekey an existing Ansible vault as follows:
774 <ol>
775 <li>
776 Download the Ansible vault from
777 <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}/\${EP_REKEY_VAULT}</url>
778 and save it as <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_REKEY_VAULT}</code>
779 </li>
780 <li>
781 The current vault password is <code>\${EP_REKEY_OLDPW}</code>
782 </li>
783 <li>
784 The new vault password is <code>\${EP_REKEY_NEWPW}</code>
785 </li>
786 <li>
787 The vault remains in an encrypted state with the new password
788 </li>
789 </ol>
790 </text>
791 </task>
792</task>
793</scenario>
794
795<!--
796vi:ts=4
797-->
798EOF
799cat > modules_system_role.xml << EOF
800<scenario>
801
802<magicked>
8031
804</magicked>
805
806<description>
807 <description>
808 Use a RHEL system role
809 </description>
810</description>
811
812<task>
813 <task>
814 <text>
815 Install the RHEL system roles package and create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_SYSTEM_ROLE}</code> that:
816 <ol>
817 <li>
818 Runs on all managed hosts
819 </li>
820 <li>
821 Uses the <code>timesync</code> role
822 </li>
823 <li>
824 Configures the role to use the time server <code>\${DYN_SERVERIP}</code>
825 </li>
826 <li>
827 Configures the role to set the <code>iburst</code> parameter as enabled
828 </li>
829 </ol>
830 </text>
831 </task>
832</task>
833</scenario>
834
835<!--
836vi:ts=4
837-->
838EOF
839cat > modules_use_galaxy.xml << EOF
840<scenario>
841
842<magicked>
8431
844</magicked>
845
846<description>
847 <description>
848 Install roles using Ansible Galaxy
849 </description>
850</description>
851
852<task>
853 <task>
854 <text>
855 Use Ansible Galaxy with a requirements file called
856 <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_ROLES}/\${EP_GALAXY_REQUIREMENTS}</code>
857 to download and install roles to <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_ANSIBLE_ROLES}</code>
858 from the following URLs:
859 <ol>
860 <li>
861 <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}/\${EP_GALAXY_ROLE1_SRC}</url>
862 <p/>The name of this role should be <code>\${EP_GALAXY_ROLE1}</code>
863 </li>
864 <li>
865 <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}/\${EP_GALAXY_ROLE2_SRC}</url>
866 <p/>The name of this role should be <code>\${EP_GALAXY_ROLE2}</code>
867 </li>
868 </ol>
869 </text>
870 </task>
871</task>
872</scenario>
873
874<!--
875vi:ts=4
876-->
877EOF
878cat > modules_use_roles.xml << EOF
879<scenario>
880
881<magicked>
8821
883</magicked>
884
885<description>
886 <description>
887 Use roles from Ansible Galaxy
888 </description>
889</description>
890
891<task>
892 <task>
893 <text>
894 Create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_ROLES}</code> as follows:
895 <ol>
896 <li>
897 The playbook contains a play that runs on hosts in the <code>balancers</code> host group
898 and uses the <code>\${EP_GALAXY_ROLE1}</code> role.
899 <ol>
900 <li>
901 This role configures a service to load balance web server requests between hosts in
902 the <code>webservers</code> host group.
903 </li>
904 <li>
905 When implemented, browsing to hosts in the <code>balancers</code> host group
906 (for example <url>http://\${DYN_NODE5FQDN}/</url>) should produce the following output:
907 <p/>
908 <code>
909 Welcome to \${DYN_NODE3FQDN} on \${DYN_NODE3_IP}
910 </code>
911 </li>
912 <li>
913 Reloading the browser should return output from the alternate web server:
914 <p/>
915 <code>
916 Welcome to \${DYN_NODE4FQDN} on \${DYN_NODE4_IP}
917 </code>
918 </li>
919 </ol>
920 </li>
921 <li>
922 The playbook contains a play that runs on hosts in the <code>webservers</code> host group
923 and uses the <code>\${EP_GALAXY_ROLE2}</code> role.
924 <ol>
925 <li>
926 When implemented, browsing to hosts in the <code>webservers</code> host group
927 with the URL <code>/hello.php</code> should produce the following output:
928 <p/>
929 <code>
930 Hello PHP World from <code>FQDN</code>
931 </code>
932 <p/>
933 where <code>FQDN</code> is the fully qualified domain name of the host.
934 <p/>
935 </li>
936 <li>
937 For example, browsing to <url>http://\${DYN_NODE3FQDN}/hello.php</url>, should
938 produce the following output:
939 <p/>
940 <code>
941 Hello PHP World from <code>\${DYN_NODE3FQDN}</code>
942 </code>
943 <p/>
944 along with various details of the PHP configuration including
945 the version of PHP that is installed.
946 </li>
947 <li>
948 Similarly, browsing to <url>http://\${DYN_NODE4FQDN}/hello.php</url>, should
949 produce the following output:
950 <p/>
951 <code>
952 Hello PHP World from <code>\${DYN_NODE4FQDN}</code>
953 </code>
954 <p/>
955 along with various details of the PHP configuration including
956 the version of PHP that is installed.
957 </li>
958 </ol>
959 </li>
960 </ol>
961 </text>
962 </task>
963</task>
964</scenario>
965
966<!--
967vi:ts=4
968-->
969EOF
970cat > modules_use_vault.xml << EOF
971<scenario>
972
973<magicked>
9741
975</magicked>
976
977<description>
978 <description>
979 Create user accounts
980 </description>
981</description>
982
983<task>
984 <task>
985 <text>
986 <ol>
987 <li>
988 A list of users to be created can be found in the file called <code>user_list.yml</code> which
989 you should download from <url>http://\${DYN_SERVERFQDN}/\${EP_WEBURL}</url> and save to
990 <code>\${EP_ANSIBLE_PLAYBOOKS}</code>
991 </li>
992 <li>
993 Using the password vault <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_VAULT_NAME}</code> created elsewhere in this exam,
994 create a playbook called <code>\${EP_ANSIBLE_PLAYBOOKS}/\${EP_PLAYBOOK_USERS}</code> that creates user accounts
995 as follows:
996 <ol>
997 <li>
998 Users with a job description of <code>developer</code> should be:
999 <ol>
1000 <li>
1001 created on managed nodes in the <code>dev</code> and <code>test</code> host groups
1002 </li>
1003 <li>
1004 assigned the password from the <code>\${EP_VAULT_DEVVAR}</code> variable
1005 </li>
1006 <li>
1007 a member of supplementary group <code>devops</code>
1008 </li>
1009 </ol>
1010 </li>
1011 <li>
1012 Users with a job description of <code>manager</code> should be:
1013 <ol>
1014 <li>
1015 created on managed nodes in the <code>prod</code> host group
1016 </li>
1017 <li>
1018 assigned the password from the <code>\${EP_VAULT_MGRVAR}</code> variable
1019 </li>
1020 <li>
1021 a member of supplementary group <code>opsmgr</code>
1022 </li>
1023 </ol>
1024 </li>
1025 </ol>
1026 </li>
1027 <li>
1028 Passwords should use the SHA512 hash format.
1029 </li>
1030 <li>
1031 Your playbook should work using the vault password file created
1032 elsewhere in this exam.
1033 </li>
1034 </ol>
1035 </text>
1036 </task>
1037</task>
1038</scenario>
1039
1040<!--
1041vi:ts=4
1042-->
1043EOF
1044cat > sections_configuration.xml << EOF
1045<scenario>
1046
1047<magicked>
10481
1049</magicked>
1050
1051<description>
1052 <description>
1053 <meta>config_sect_title</meta>
1054 </description>
1055</description>
1056
1057<task>
1058 <task>
1059 <text>
1060 <p>
1061 Before you begin, you should review some general configuration
1062 information outlined in the following link:
1063 </p>
1064 </text>
1065 </task>
1066</task>
1067</scenario>
1068<!--
1069vi: ts=4
1070-->
1071EOF
1072cat > sections_gating.xml << EOF
1073<scenario>
1074
1075<magicked>
10761
1077</magicked>
1078
1079<description>
1080 <description>
1081 <meta>page_title</meta>
1082 </description>
1083</description>
1084
1085<task>
1086 <task>
1087 <text>
1088 <p>
1089 You will be working with two systems for this exam. One system
1090 is the physical system at which you are seated. The other system
1091 is a virtual system which is hosted on your physical system and
1092 has been pre-installed with Red Hat Enterprise Linux. Unless
1093 otherwise specified, all exam items are to be performed on the virtual
1094 system only. You do not have root access to the physical host system
1095 but you may use it as necessary to test services that you may be
1096 required to configure on your virtual system.
1097 </p>
1098 <p>
1099 Before you may proceed with the main part of the exam, you must
1100 complete the tasks outlined in the link below.
1101 </p>
1102 <p>
1103 Be aware that you are not permitted to communicate with other
1104 examinees during the course of this exam. You are also prohibited
1105 from connecting to the systems of other examinees. The testing system
1106 and the network will be monitored, and misuse of either will result
1107 in a grade of zero on the exam.
1108 </p>
1109 </text>
1110 </task>
1111</task>
1112</scenario>
1113EOF
1114cat > sections_header.xml << EOF
1115<scenario>
1116
1117<magicked>
11181
1119</magicked>
1120
1121<description>
1122 <description>
1123 <meta>section_title</meta>
1124 </description>
1125</description>
1126
1127<task>
1128 <task>
1129 <text>
1130 <p>
1131 Perform all of the following steps on your systems.
1132 </p>
1133 </text>
1134 </task>
1135</task>
1136</scenario>
1137
1138<!--
1139vi: ts=4
1140-->
1141EOF
1142cat > sections_instructions.xml << EOF
1143<scenario>
1144
1145<magicked>
11461
1147</magicked>
1148
1149<description>
1150 <description>
1151 <meta>page_title</meta>
1152 </description>
1153</description>
1154
1155<task>
1156 <task>
1157 <text>
1158 <p/>
1159 <b>Please review</b> the <i>Configuration Information</i> section
1160 below for information on your exam environment.
1161 <p/>
1162 As a reminder, please be aware that you are not permitted to
1163 communicate with other examinees during the course of this
1164 exam. You are also prohibited from connecting to the hosts of
1165 other examinees. The testing system and the network will be
1166 monitored, and misuse of either will result in a grade of zero
1167 on the exam.
1168 <p/>
1169 Perform the tasks listed below. You may want to read the entire
1170 list before you begin. These items will be reported as a single
1171 score. You must score 210 points or higher, out of 300, on these
1172 requirements in order to earn certification.
1173 <p/>
1174 </text>
1175 </task>
1176</task>
1177</scenario>
1178
1179<!--
1180vi: ts=4
1181-->
1182EOF
1183cat > sections_vm_info.xml << EOF
1184<scenario>
1185
1186<magicked>
11871
1188</magicked>
1189
1190<description>
1191 <description>
1192 <meta>vm_info_title</meta>
1193 </description>
1194</description>
1195
1196<task>
1197 <task>
1198 <text>
1199 <p>
1200 During the exam, you may shutdown or reboot your virtual system
1201 at any time. You may do this from the virtual system itself
1202 or you can control the virtual system from your physical system.
1203 </p>
1204 <p>
1205 To access or control your exam system from your physical system,
1206 click on the 'VM Control' icon on your desktop. This will present a
1207 menu with four options:
1208 </p>
1209 <ul>
1210 <li>
1211 Connect to Exam VM Console - this will open a window that
1212 connects to the console of your exam system.
1213 <p/>
1214 </li>
1215 <li>
1216 Start Exam VM - this will start your exam virtual
1217 system if it is not running. If your system is already
1218 running this has no effect.
1219 <p/>
1220 </li>
1221 <li>
1222 Shutdown Exam VM - this will do a graceful shut down of your
1223 exam virtual system.
1224 <p/>
1225 </li>
1226 <li>
1227 Power Off Exam VM - this will <b>immediately</b> shut down your
1228 exam virtual system.
1229 <p/></li>
1230 <li>
1231 Exam VM Console - this will open a window that
1232 connects to the console of your exam system.
1233 <p/></li>
1234 </ul>
1235 </text>
1236 </task>
1237</task>
1238</scenario>
1239EOF