Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- docpublic:systemes:ansible_init [2022/08/20 08:52]
adminjp [ansible boucle]
+++ docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
@@ Line 1477: / Line 1477: @@
 PLAY RECAP ******************************************************************************************************
 node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+</code>
+==== dictionnaire dans group_vars ====
+d'un point de vue organisation, il vaut mieux sortir ces variables du playbook pour les mettre dans le group_vars
+<code>
+ans@disi-dellat:~/ansible$ cat group_vars/all/variables.yml
+mydict:
+- { dir: ansdirA, fichier: "file1.txt" }
+- { dir: ansdirB, fichier: "file1.txt" }
+- { dir: ansdirC, fichier: "file1.txt" }
+</code>
+avec dans le playbook un appel a ce dictionnaire
+<code>
+  with_items:
+     {{ mydict }}
+</code>
+==== ansible module apt ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html
+installer un paquet , plein d'options existe, cf ref ci-dessus .
+<code>
+ans@disi-dellat:~/ansible$ cat 05_playbook_apt.yml
+---
+- name: J_Playbook_Apt
+  hosts: node3
+  become: yes
+  tasks:
+  - name: gestion_apt
+    apt:
+      name: tree
+      state: latest
+      update_cache: yes
+      cache_valid_time: 300
+</code>
+le //state: present// est moins risqué en terme d'updates involontaires .
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 05_playbook_apt.yml
+...
+TASK [gestion_apt] **********************************************************************************************
+Saturday 20 August 2022  11:29:43 +0200 (0:00:01.394)       0:00:01.412 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:29:58 +0200 (0:00:15.744)       0:00:17.156 *******
+===============================================================================
+gestion_apt --------------------------------------------------------------------------------------------- 15.74s
+Gathering Facts ------------------------------------------------------------------------------------------ 1.39s
+</code>
+=== supression ===
+supression totale
+<code>
+- name: gestion_apt
+    apt:
+      name: tree
+      state: absent
+      purge: yes
+      autoremove: yes
+</code>
+==== ansible module reboot ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
+on demande un reboot sur la base de la presence d'un fichier
+<code>
+ans@disi-dellat:~/ansible$ cat 06_playbook_reboot.yml
+---
+- name: J_Playbook_File_Reboot
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_fileR
+    file:
+      path: "/tmp/fileR"
+      state: touch
+  - name: stat_fileR
+    stat:
+      path: "/tmp/fileR"
+    register: __stat_fileR
+  - name: reboot_node
+    reboot:
+      msg: "Reboot par Ansible"
+      connect_timeout: 5
+      reboot_timeout: 300
+      pre_reboot_delay: 0
+      post_reboot_delay: 50
+      test_command: uptime
+    when: __stat_fileR.stat.exists
+  - name: reboot_ok
+    file:
+      path: "/tmp/rebootOK"
+      state: touch
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 06_playbook_reboot.yml
+BECOME password:
+PLAY [J_Playbook_File_Reboot] ***********************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  11:54:11 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_fileR] *********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.859)       0:00:00.876 *******
+changed: [node3]
+TASK [stat_fileR] ***********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.294)       0:00:01.171 *******
+ok: [node3]
+TASK [reboot_node] **********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.301)       0:00:01.473 *******
+changed: [node3]
+TASK [reboot_ok] ************************************************************************************
+Saturday 20 August 2022  11:55:25 +0200 (0:01:13.094)       0:01:14.567 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:55:26 +0200 (0:00:00.861)       0:01:15.429 *******
+===============================================================================
+reboot_node --------------------------------------------------------------------------------- 73.09s
+reboot_ok ------------------------------------------------------------------------------------ 0.86s
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+stat_fileR ----------------------------------------------------------------------------------- 0.30s
+create_fileR --------------------------------------------------------------------------------- 0.29s
+</code>
+==== ansible module ssh ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
+  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
+genérer une clée ssh et la deployer
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-ans-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 *******
+changed: [node3 -> localhost]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 *******
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+create_sshKey -------------------------------------------------------------------------------- 0.21s
+ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
+-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
+-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
+</code>
+==== deploy ssh-key ====
+apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé :
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-adma-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+  - name: create_user_adma
+    user:
+      name: adma
+      shell: /bin/bash
+      groups: sudo
+      append: yes
+      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
+    become: yes
+  - name: add_adma_sudoers
+    copy:
+      dest: "/etc/sudoers.d/sudoers-adma"
+      content: "adma ALL=(ALL) NOPASSWD: ALL"
+    become: yes
+  - name: deploy_sshKey
+    authorized_key:
+      user: adma
+      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
+      state: present
+    become: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 *********
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 *********
+ok: [node3 -> localhost]
+TASK [create_user_adma] *****************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 *********
+changed: [node3]
+TASK [add_adma_sudoers] *****************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 *********
+ok: [node3]
+TASK [deploy_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 *********
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 *********
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 1.25s
+deploy_sshKey -------------------------------------------------------------------------------- 0.66s
+add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
+create_user_adma ----------------------------------------------------------------------------- 0.50s
+create_sshKey -------------------------------------------------------------------------------- 0.19s
 </code>

docpublic/systemes/ansible_init.1660985579.txt.gz · Last modified: 2022/08/20 08:52 by adminjp

Show page Old revisions

[unknown link type]Back to top