Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:ansible_init [2022/08/19 14:16]
adminjp [ansible module user]
+++ docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
@@ Line 1243: / Line 1243: @@
 create_user_joe ------------------------------------------------------------------------------------------ 0.54s
 debug_user ----------------------------------------------------------------------------------------------- 0.04s
+</code>
+===== ansible stat register =====
+si on souhaite afficher des info sur nos actions, on peut utiliser le module stat sur un fichier par exemple, mais l'affichage des "stat" ne donne rien par defaut, il faut faire un register de l'output pour pouvoir le remonter sur notre server-node source du playbook .
+=== playbook ===
+<code>
+ans@disi-dellat:~/ansible$ cat 04_playbook_stat_reg.yml
+---
+- name: J_Playbook_Stat_Reg
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_file
+    file:
+      path: "/tmp/ansdir/file2"
+      state: touch
+      owner: root
+      group: ans
+      mode: 0755
+  - name: stat_file
+    stat:
+      path: "/tmp/ansdir/file2"
+    register: __stat_file2
+  - name: display
+    debug:
+      var: __stat_file2
+</code>
+=== resultat ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml
+BECOME password:
+PLAY [J_Playbook_Stat_Reg] **************************************************************************************
+TASK [Gathering Facts] ******************************************************************************************
+Saturday 20 August 2022  10:03:05 +0200 (0:00:00.021)       0:00:00.021 *******
+ok: [node3]
+TASK [create_file] **********************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:01.235)       0:00:01.256 *******
+changed: [node3]
+TASK [stat_file] ************************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.277)       0:00:01.533 *******
+ok: [node3]
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.278)       0:00:01.812 *******
+ok: [node3] => {
+    "__stat_file2": {
+        "changed": false,
+        "failed": false,
+        "stat": {
+            "atime": 1660982587.677271,
+            "attr_flags": "e",
+            "attributes": [
+                "extents"
+            ],
+            "block_size": 4096,
+            "blocks": 0,
+            "charset": "binary",
+            "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
+            "ctime": 1660982587.677271,
+            "dev": 2053,
+            "device_type": 0,
+            "executable": true,
+            "exists": true,
+            "gid": 1033,
+            "gr_name": "ans",
+            "inode": 262175,
+            "isblk": false,
+            "ischr": false,
+            "isdir": false,
+            "isfifo": false,
+            "isgid": false,
+            "islnk": false,
+            "isreg": true,
+            "issock": false,
+            "isuid": false,
+            "mimetype": "inode/x-empty",
+            "mode": "0755",
+            "mtime": 1660982587.677271,
+            "nlink": 1,
+            "path": "/tmp/ansdir/file2",
+            "pw_name": "root",
+            "readable": true,
+            "rgrp": true,
+            "roth": true,
+            "rusr": true,
+            "size": 0,
+            "uid": 0,
+            "version": "3306389664",
+            "wgrp": false,
+            "woth": false,
+            "writeable": true,
+            "wusr": true,
+            "xgrp": true,
+            "xoth": true,
+            "xusr": true
+        }
+    }
+}
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.042)       0:00:01.854 *******
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------------------ 1.24s
+stat_file ------------------------------------------------------------------------------------------------ 0.28s
+create_file ---------------------------------------------------------------------------------------------- 0.28s
+display -------------------------------------------------------------------------------------------------- 0.04s
+</code>
+=== stat specifique ===
+plus specifiquement si on veux filtrer uniquement sur le retour de stat d'existence du fichier , on utilise dans le module debug un msg sur la variable //stat_file2// dans son dictionnaire il y a une clé //stat// qui a elle meme une clée //exists// qui prend la valeur //true// :
+<code>
+- name: display
+    debug:
+      msg: "Fichier exist : {{ __stat_file2.stat.exists }}"
+</code>
+=== resultat ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:18:19 +0200 (0:00:00.281)       0:00:01.823 *******
+ok: [node3] => {
+    "msg": "Fichier exist : True"
+}
+</code>
+==== condition when ====
+avec cette condition d'existence, on peut maintenat faire une autre action sur le base de ce test, exemple ici on créé un directory si (when) la variable valeur exists = true
+<code>
+- name: creation conditionnelle du subDir
+    file:
+      path: /tmp/ansdir2
+      state: directory
+    when: __stat_file2.stat.exists == True
+</code>
+<code>
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:27:42 +0200 (0:00:00.294)       0:00:01.512 *******
+ok: [node3] => {
+    "msg": "Fichier exist : True"
+}
+TASK [creation conditionnelle du subDir] ************************************************************************
+Saturday 20 August 2022  10:27:42 +0200 (0:00:00.047)       0:00:01.559 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+</code>
+==== ansible boucle ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/items_lookup.html
+la plus classique avec with_items qui est une liste a base de dictionnaire
+=== playbook ===
+creation de 3 repertoires
+<code>
+ans@disi-dellat:~/ansible$ cat 021_playbook_dir.yml
+---
+- name: J_Playbook_File_Dir
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_x_dir
+    file:
+      path: "/tmp/ansdir/{{ item }}"
+      state: directory
+      recurse: yes
+      owner: root
+    with_items:
+      - ansdirA
+      - ansdirB
+      - ansdirC
+</code>
+=== execution ===
+<code>
+TASK [create_x_dir] *********************************************************************************************
+Saturday 20 August 2022  10:45:11 +0200 (0:00:01.403)       0:00:01.420 *******
+changed: [node3] => (item=ansdirA)
+changed: [node3] => (item=ansdirB)
+changed: [node3] => (item=ansdirC)
+</code>
+=== dictonnaire de valeur ===
+on peut aussi utiliser les items sous forme de dictionnaire de valeur
+<code>
+tasks:
+  - name: create_x_dir
+    file:
+      path: "/tmp/ansdir/{{ item.dir }}/{{ item.fichier }}"
+      state: directory
+      recurse: yes
+      owner: root
+    with_items:
+      - { dir: ansdirA, fichier: "file1.txt" }
+      - { dir: ansdirB, fichier: "file1.txt" }
+      - { dir: ansdirC, fichier: "file1.txt" }
+</code>
+<code>
+TASK [create_x_dir] *********************************************************************************************
+Saturday 20 August 2022  10:52:27 +0200 (0:00:00.901)       0:00:00.918 *******
+changed: [node3] => (item={'dir': 'ansdirA', 'fichier': 'file1.txt'})
+changed: [node3] => (item={'dir': 'ansdirB', 'fichier': 'file1.txt'})
+changed: [node3] => (item={'dir': 'ansdirC', 'fichier': 'file1.txt'})
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+</code>
+==== dictionnaire dans group_vars ====
+d'un point de vue organisation, il vaut mieux sortir ces variables du playbook pour les mettre dans le group_vars
+<code>
+ans@disi-dellat:~/ansible$ cat group_vars/all/variables.yml
+mydict:
+- { dir: ansdirA, fichier: "file1.txt" }
+- { dir: ansdirB, fichier: "file1.txt" }
+- { dir: ansdirC, fichier: "file1.txt" }
+</code>
+avec dans le playbook un appel a ce dictionnaire
+<code>
+  with_items:
+     {{ mydict }}
+</code>
+==== ansible module apt ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html
+installer un paquet , plein d'options existe, cf ref ci-dessus .
+<code>
+ans@disi-dellat:~/ansible$ cat 05_playbook_apt.yml
+---
+- name: J_Playbook_Apt
+  hosts: node3
+  become: yes
+  tasks:
+  - name: gestion_apt
+    apt:
+      name: tree
+      state: latest
+      update_cache: yes
+      cache_valid_time: 300
+</code>
+le //state: present// est moins risqué en terme d'updates involontaires .
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 05_playbook_apt.yml
+...
+TASK [gestion_apt] **********************************************************************************************
+Saturday 20 August 2022  11:29:43 +0200 (0:00:01.394)       0:00:01.412 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:29:58 +0200 (0:00:15.744)       0:00:17.156 *******
+===============================================================================
+gestion_apt --------------------------------------------------------------------------------------------- 15.74s
+Gathering Facts ------------------------------------------------------------------------------------------ 1.39s
+</code>
+=== supression ===
+supression totale
+<code>
+- name: gestion_apt
+    apt:
+      name: tree
+      state: absent
+      purge: yes
+      autoremove: yes
+</code>
+==== ansible module reboot ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
+on demande un reboot sur la base de la presence d'un fichier
+<code>
+ans@disi-dellat:~/ansible$ cat 06_playbook_reboot.yml
+---
+- name: J_Playbook_File_Reboot
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_fileR
+    file:
+      path: "/tmp/fileR"
+      state: touch
+  - name: stat_fileR
+    stat:
+      path: "/tmp/fileR"
+    register: __stat_fileR
+  - name: reboot_node
+    reboot:
+      msg: "Reboot par Ansible"
+      connect_timeout: 5
+      reboot_timeout: 300
+      pre_reboot_delay: 0
+      post_reboot_delay: 50
+      test_command: uptime
+    when: __stat_fileR.stat.exists
+  - name: reboot_ok
+    file:
+      path: "/tmp/rebootOK"
+      state: touch
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 06_playbook_reboot.yml
+BECOME password:
+PLAY [J_Playbook_File_Reboot] ***********************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  11:54:11 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_fileR] *********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.859)       0:00:00.876 *******
+changed: [node3]
+TASK [stat_fileR] ***********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.294)       0:00:01.171 *******
+ok: [node3]
+TASK [reboot_node] **********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.301)       0:00:01.473 *******
+changed: [node3]
+TASK [reboot_ok] ************************************************************************************
+Saturday 20 August 2022  11:55:25 +0200 (0:01:13.094)       0:01:14.567 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:55:26 +0200 (0:00:00.861)       0:01:15.429 *******
+===============================================================================
+reboot_node --------------------------------------------------------------------------------- 73.09s
+reboot_ok ------------------------------------------------------------------------------------ 0.86s
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+stat_fileR ----------------------------------------------------------------------------------- 0.30s
+create_fileR --------------------------------------------------------------------------------- 0.29s
+</code>
+==== ansible module ssh ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
+  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
+genérer une clée ssh et la deployer
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-ans-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 *******
+changed: [node3 -> localhost]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 *******
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+create_sshKey -------------------------------------------------------------------------------- 0.21s
+ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
+-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
+-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
+</code>
+==== deploy ssh-key ====
+apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé :
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-adma-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+  - name: create_user_adma
+    user:
+      name: adma
+      shell: /bin/bash
+      groups: sudo
+      append: yes
+      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
+    become: yes
+  - name: add_adma_sudoers
+    copy:
+      dest: "/etc/sudoers.d/sudoers-adma"
+      content: "adma ALL=(ALL) NOPASSWD: ALL"
+    become: yes
+  - name: deploy_sshKey
+    authorized_key:
+      user: adma
+      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
+      state: present
+    become: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 *********
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 *********
+ok: [node3 -> localhost]
+TASK [create_user_adma] *****************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 *********
+changed: [node3]
+TASK [add_adma_sudoers] *****************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 *********
+ok: [node3]
+TASK [deploy_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 *********
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 *********
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 1.25s
+deploy_sshKey -------------------------------------------------------------------------------- 0.66s
+add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
+create_user_adma ----------------------------------------------------------------------------- 0.50s
+create_sshKey -------------------------------------------------------------------------------- 0.19s
 </code>

docpublic/systemes/ansible_init.1660918562.txt.gz · Last modified: 2022/08/19 14:16 by adminjp

Show page Old revisions

[unknown link type]Back to top