Overview:
Today you will use Ansible to configure a new database server.
Part A: Deploy cn01 and db03
- you may use cn01 from the Ansible lab, or build a new cn01
- you must build a new db03 for today's test
Part B: Configure Ansible
Create a playbook to install mariadb on db03
- your playbook file must be named /root/ansible/db_config.yml
- use ansible.builtin.dnf to install mariadb-server
- use ansible.builtin.systemd to start the mariadb service (now and automatically on boot)
- use ansible.builtin.firewalld to open 3306/tcp
- pay attention to task names when you copy and paste
Part C: GIT
We will use GIT to track changes to our playbooks.
- Install GIT on cn01
- Create an empty GIT repository in /root/ansible
- Add all our playbooks to out repo (db_config.yml may be the only one)
- Commit our files with the commit message 'first commit'
- Edit db_config.yml and add the comment # i just added a comment
- Commit your change with a commit message of 'added comment for test 3'
Part D: nftables
Just for fun, and grades, we will switch from firewalld to nftables on cn01
- stop, disable, and mask the firewalld.service
- configure /etc/sysconfig/nftables.conf
- allow incoming ssh connections
- allow connections that were initiated on cn01 (i.e. use connection tracking)
- allow local traffic
- allow all ICMP packets
- place all rules in a single input chain residing in a table called test3_inet_table, here is an empty table to start with...
table inet test3_inet_table { chain input { type filter hook input priority 0; policy drop # allow connections we know about # allow new tcp connections to port 22 (ssh) # allow local traffic # accept all icmp packets (v4 and v6) } } - start, and enable the nftables.service