[[initiation ansible]]
Trace: initiation ansible
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:ansible_init [2022/08/19 12:03]
adminjp [ansible module user] 		docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
Line 1178: Line 1178:
 jehan@node3:/tmp$ id joe jehan@node3:/tmp$ id joe
 uid=1041(joe) gid=1041(joe) groups=1041(joe),27(sudo) uid=1041(joe) gid=1041(joe) groups=1041(joe),27(sudo)
 +</code>
 +
 +=== afficher les details ===
 +
 +pour voir les details systems de ce qui a été fait on ajoute un register de notre user joe avec un debug sur cette variable : 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 03_playbook_user.yml 
 +---
 +- name: J_Playbook_User
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_user_joe
 +    user:
 +      name: joe
 +      state: present
 +      uid: 1041
 +      groups: sudo
 +      password: "{{ 'password' | password_hash('sha512') }}"
 +    register: __user_joe
 +  - name: debug_user
 +    debug:
 +      var: __user_joe
 +</code>
 +
 +
 +=== resultat ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 03_playbook_user.yml 
 +BECOME password: 
 +...
 +TASK [create_user_joe] ******************************************************************************************
 +Friday 19 August 2022  16:13:18 +0200 (0:00:01.530)       0:00:01.547 ********* 
 +changed: [node3]
 +
 +TASK [debug_user] ***********************************************************************************************
 +Friday 19 August 2022  16:13:19 +0200 (0:00:00.539)       0:00:02.087 ********* 
 +ok: [node3] => {
 +    "__user_joe": {
 +        "append": false,
 +        "changed": true,
 +        "comment": "",
 +        "failed": false,
 +        "group": 1041,
 +        "groups": "sudo",
 +        "home": "/home/joe",
 +        "move_home": false,
 +        "name": "joe",
 +        "password": "NOT_LOGGING_PASSWORD",
 +        "shell": "/bin/sh",
 +        "state": "present",
 +        "uid": 1041
 +    }
 +}
 +
 +PLAY RECAP ******************************************************************************************************
 +node3                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Friday 19 August 2022  16:13:19 +0200 (0:00:00.039)       0:00:02.126 ********* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------------------ 1.53s
 +create_user_joe ------------------------------------------------------------------------------------------ 0.54s
 +debug_user ----------------------------------------------------------------------------------------------- 0.04s
 +</code>
 +
 +===== ansible stat register =====
 +
 +si on souhaite afficher des info sur nos actions, on peut utiliser le module stat sur un fichier par exemple, mais l'affichage des "stat" ne donne rien par defaut, il faut faire un register de l'output pour pouvoir le remonter sur notre server-node source du playbook . 
 +
 +=== playbook ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 04_playbook_stat_reg.yml 
 +---
 +- name: J_Playbook_Stat_Reg
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_file
 +    file:
 +      path: "/tmp/ansdir/file2"
 +      state: touch
 +      owner: root
 +      group: ans
 +      mode: 0755
 +  - name: stat_file
 +    stat:
 +      path: "/tmp/ansdir/file2"
 +    register: __stat_file2
 +  - name: display
 +    debug:
 +      var: __stat_file2
 +</code>
 +
 +=== resultat ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_Stat_Reg] **************************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************************
 +Saturday 20 August 2022  10:03:05 +0200 (0:00:00.021)       0:00:00.021 ******* 
 +ok: [node3]
 +
 +TASK [create_file] **********************************************************************************************
 +Saturday 20 August 2022  10:03:07 +0200 (0:00:01.235)       0:00:01.256 ******* 
 +changed: [node3]
 +
 +TASK [stat_file] ************************************************************************************************
 +Saturday 20 August 2022  10:03:07 +0200 (0:00:00.277)       0:00:01.533 ******* 
 +ok: [node3]
 +
 +TASK [display] **************************************************************************************************
 +Saturday 20 August 2022  10:03:07 +0200 (0:00:00.278)       0:00:01.812 ******* 
 +ok: [node3] => {
 +    "__stat_file2": {
 +        "changed": false,
 +        "failed": false,
 +        "stat": {
 +            "atime": 1660982587.677271,
 +            "attr_flags": "e",
 +            "attributes": [
 +                "extents"
 +            ],
 +            "block_size": 4096,
 +            "blocks": 0,
 +            "charset": "binary",
 +            "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
 +            "ctime": 1660982587.677271,
 +            "dev": 2053,
 +            "device_type": 0,
 +            "executable": true,
 +            "exists": true,
 +            "gid": 1033,
 +            "gr_name": "ans",
 +            "inode": 262175,
 +            "isblk": false,
 +            "ischr": false,
 +            "isdir": false,
 +            "isfifo": false,
 +            "isgid": false,
 +            "islnk": false,
 +            "isreg": true,
 +            "issock": false,
 +            "isuid": false,
 +            "mimetype": "inode/x-empty",
 +            "mode": "0755",
 +            "mtime": 1660982587.677271,
 +            "nlink": 1,
 +            "path": "/tmp/ansdir/file2",
 +            "pw_name": "root",
 +            "readable": true,
 +            "rgrp": true,
 +            "roth": true,
 +            "rusr": true,
 +            "size": 0,
 +            "uid": 0,
 +            "version": "3306389664",
 +            "wgrp": false,
 +            "woth": false,
 +            "writeable": true,
 +            "wusr": true,
 +            "xgrp": true,
 +            "xoth": true,
 +            "xusr": true
 +        }
 +    }
 +}
 +
 +PLAY RECAP ******************************************************************************************************
 +node3                      : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  10:03:07 +0200 (0:00:00.042)       0:00:01.854 ******* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------------------ 1.24s
 +stat_file ------------------------------------------------------------------------------------------------ 0.28s
 +create_file ---------------------------------------------------------------------------------------------- 0.28s
 +display -------------------------------------------------------------------------------------------------- 0.04s
 +</code>
 +
 +=== stat specifique ===
 +
 +plus specifiquement si on veux filtrer uniquement sur le retour de stat d'existence du fichier , on utilise dans le module debug un msg sur la variable //stat_file2// dans son dictionnaire il y a une clé //stat// qui a elle meme une clée //exists// qui prend la valeur //true// : 
 +
 +<code>
 +- name: display
 +    debug:
 +      msg: "Fichier exist : {{ __stat_file2.stat.exists }}"
 +</code>
 +
 +=== resultat ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml
 +TASK [display] **************************************************************************************************
 +Saturday 20 August 2022  10:18:19 +0200 (0:00:00.281)       0:00:01.823 ******* 
 +ok: [node3] => {
 +    "msg": "Fichier exist : True"
 +}
 +</code>
 +
 +==== condition when ====
 +
 +avec cette condition d'existence, on peut maintenat faire une autre action sur le base de ce test, exemple ici on créé un directory si (when) la variable valeur exists = true 
 +
 +<code>
 +- name: creation conditionnelle du subDir
 +    file:
 +      path: /tmp/ansdir2
 +      state: directory
 +    when: __stat_file2.stat.exists == True
 +</code>
 +
 +<code>
 +TASK [display] **************************************************************************************************
 +Saturday 20 August 2022  10:27:42 +0200 (0:00:00.294)       0:00:01.512 ******* 
 +ok: [node3] => {
 +    "msg": "Fichier exist : True"
 +}
 +
 +TASK [creation conditionnelle du subDir] ************************************************************************
 +Saturday 20 August 2022  10:27:42 +0200 (0:00:00.047)       0:00:01.559 ******* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************************
 +node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +</code>
 +
 +==== ansible boucle ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/items_lookup.html
 +
 +la plus classique avec with_items qui est une liste a base de dictionnaire
 +
 +=== playbook ===
 +
 +creation de 3 repertoires
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 021_playbook_dir.yml 
 +---
 +- name: J_Playbook_File_Dir
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_x_dir
 +    file:
 +      path: "/tmp/ansdir/{{ item }}"
 +      state: directory
 +      recurse: yes
 +      owner: root
 +    with_items:
 +      - ansdirA
 +      - ansdirB
 +      - ansdirC
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +TASK [create_x_dir] *********************************************************************************************
 +Saturday 20 August 2022  10:45:11 +0200 (0:00:01.403)       0:00:01.420 ******* 
 +changed: [node3] => (item=ansdirA)
 +changed: [node3] => (item=ansdirB)
 +changed: [node3] => (item=ansdirC)
 +</code>
 +
 +=== dictonnaire de valeur ===
 +
 +on peut aussi utiliser les items sous forme de dictionnaire de valeur 
 +
 +<code>
 +tasks:
 +  - name: create_x_dir
 +    file:
 +      path: "/tmp/ansdir/{{ item.dir }}/{{ item.fichier }}"
 +      state: directory
 +      recurse: yes
 +      owner: root
 +    with_items:
 +      - { dir: ansdirA, fichier: "file1.txt" }
 +      - { dir: ansdirB, fichier: "file1.txt" }
 +      - { dir: ansdirC, fichier: "file1.txt" }
 +</code>
 +
 +
 +<code>
 +TASK [create_x_dir] *********************************************************************************************
 +Saturday 20 August 2022  10:52:27 +0200 (0:00:00.901)       0:00:00.918 ******* 
 +changed: [node3] => (item={'dir': 'ansdirA', 'fichier': 'file1.txt'})
 +changed: [node3] => (item={'dir': 'ansdirB', 'fichier': 'file1.txt'})
 +changed: [node3] => (item={'dir': 'ansdirC', 'fichier': 'file1.txt'})
 +
 +PLAY RECAP ******************************************************************************************************
 +node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +</code>
 +
 +==== dictionnaire dans group_vars ====
 +
 +d'un point de vue organisation, il vaut mieux sortir ces variables du playbook pour les mettre dans le group_vars
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat group_vars/all/variables.yml
 +mydict:
 +- { dir: ansdirA, fichier: "file1.txt" }
 +- { dir: ansdirB, fichier: "file1.txt" }
 +- { dir: ansdirC, fichier: "file1.txt" }
 +</code>
 +
 +avec dans le playbook un appel a ce dictionnaire 
 +
 +<code>
 +  with_items:
 +     {{ mydict }}
 +</code>
 +
 +
 +==== ansible module apt ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html
 +
 +installer un paquet , plein d'options existe, cf ref ci-dessus . 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 05_playbook_apt.yml 
 +---
 +- name: J_Playbook_Apt
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: gestion_apt
 +    apt:
 +      name: tree
 +      state: latest
 +      update_cache: yes
 +      cache_valid_time: 300
 +</code>
 +
 +le //state: present// est moins risqué en terme d'updates involontaires .
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 05_playbook_apt.yml 
 +...
 +TASK [gestion_apt] **********************************************************************************************
 +Saturday 20 August 2022  11:29:43 +0200 (0:00:01.394)       0:00:01.412 ******* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************************
 +node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  11:29:58 +0200 (0:00:15.744)       0:00:17.156 ******* 
 +=============================================================================== 
 +gestion_apt --------------------------------------------------------------------------------------------- 15.74s
 +Gathering Facts ------------------------------------------------------------------------------------------ 1.39s
 +</code>
 +
 +
 +=== supression ===
 +
 +supression totale 
 +
 +<code>
 +- name: gestion_apt
 +    apt:
 +      name: tree
 +      state: absent
 +      purge: yes
 +      autoremove: yes
 +</code>
 +
 +==== ansible module reboot ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
 +
 +on demande un reboot sur la base de la presence d'un fichier
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 06_playbook_reboot.yml 
 +---
 +- name: J_Playbook_File_Reboot
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_fileR
 +    file:
 +      path: "/tmp/fileR"
 +      state: touch
 +  - name: stat_fileR
 +    stat:
 +      path: "/tmp/fileR"
 +    register: __stat_fileR
 +
 +  - name: reboot_node
 +    reboot:
 +      msg: "Reboot par Ansible"
 +      connect_timeout: 5
 +      reboot_timeout: 300
 +      pre_reboot_delay: 0
 +      post_reboot_delay: 50
 +      test_command: uptime
 +    when: __stat_fileR.stat.exists
 +
 +  - name: reboot_ok
 +    file:
 +      path: "/tmp/rebootOK"
 +      state: touch
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 06_playbook_reboot.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_File_Reboot] ***********************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Saturday 20 August 2022  11:54:11 +0200 (0:00:00.017)       0:00:00.017 ******* 
 +ok: [node3]
 +
 +TASK [create_fileR] *********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.859)       0:00:00.876 ******* 
 +changed: [node3]
 +
 +TASK [stat_fileR] ***********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.294)       0:00:01.171 ******* 
 +ok: [node3]
 +
 +TASK [reboot_node] **********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.301)       0:00:01.473 ******* 
 +changed: [node3]
 +
 +TASK [reboot_ok] ************************************************************************************
 +Saturday 20 August 2022  11:55:25 +0200 (0:01:13.094)       0:01:14.567 ******* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  11:55:26 +0200 (0:00:00.861)       0:01:15.429 ******* 
 +=============================================================================== 
 +reboot_node --------------------------------------------------------------------------------- 73.09s
 +reboot_ok ------------------------------------------------------------------------------------ 0.86s
 +Gathering Facts ------------------------------------------------------------------------------ 0.86s
 +stat_fileR ----------------------------------------------------------------------------------- 0.30s
 +create_fileR --------------------------------------------------------------------------------- 0.29s
 +</code>
 +
 +==== ansible module ssh ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
 +  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
 +
 +genérer une clée ssh et la deployer 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-ans-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 ******* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 ******* 
 +changed: [node3 -> localhost]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 ******* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 0.86s
 +create_sshKey -------------------------------------------------------------------------------- 0.21s
 +
 +ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
 +-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
 +-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
 +</code>
 +
 +==== deploy ssh-key ====
 +
 +apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé : 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-adma-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +
 +  - name: create_user_adma
 +    user:
 +      name: adma
 +      shell: /bin/bash
 +      groups: sudo
 +      append: yes
 +      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
 +    become: yes 
 +
 +  - name: add_adma_sudoers
 +    copy:
 +      dest: "/etc/sudoers.d/sudoers-adma"
 +      content: "adma ALL=(ALL) NOPASSWD: ALL"
 +    become: yes
 +
 +  - name: deploy_sshKey
 +    authorized_key:
 +      user: adma
 +      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
 +      state: present
 +    become: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 ********* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 ********* 
 +ok: [node3 -> localhost]
 +
 +TASK [create_user_adma] *****************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 ********* 
 +changed: [node3]
 +
 +TASK [add_adma_sudoers] *****************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 ********* 
 +ok: [node3]
 +
 +TASK [deploy_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 ********* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 ********* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 1.25s
 +deploy_sshKey -------------------------------------------------------------------------------- 0.66s
 +add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
 +create_user_adma ----------------------------------------------------------------------------- 0.50s
 +create_sshKey -------------------------------------------------------------------------------- 0.19s
 </code> </code>
docpublic/systemes/ansible_init.1660910632.txt.gz · Last modified: 2022/08/19 12:03 by adminjp
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0