[[initiation ansible]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:ansible_init [2022/08/20 09:35]
adminjp [ansible module apt] 		docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
Line 1519: Line 1519:
       cache_valid_time: 300       cache_valid_time: 300
 </code> </code>
 +
 +le //state: present// est moins risqué en terme d'updates involontaires .
  
 === execution === === execution ===
Line 1550: Line 1552:
       purge: yes       purge: yes
       autoremove: yes       autoremove: yes
 +</code>
 +
 +==== ansible module reboot ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
 +
 +on demande un reboot sur la base de la presence d'un fichier
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 06_playbook_reboot.yml 
 +---
 +- name: J_Playbook_File_Reboot
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_fileR
 +    file:
 +      path: "/tmp/fileR"
 +      state: touch
 +  - name: stat_fileR
 +    stat:
 +      path: "/tmp/fileR"
 +    register: __stat_fileR
 +
 +  - name: reboot_node
 +    reboot:
 +      msg: "Reboot par Ansible"
 +      connect_timeout: 5
 +      reboot_timeout: 300
 +      pre_reboot_delay: 0
 +      post_reboot_delay: 50
 +      test_command: uptime
 +    when: __stat_fileR.stat.exists
 +
 +  - name: reboot_ok
 +    file:
 +      path: "/tmp/rebootOK"
 +      state: touch
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 06_playbook_reboot.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_File_Reboot] ***********************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Saturday 20 August 2022  11:54:11 +0200 (0:00:00.017)       0:00:00.017 ******* 
 +ok: [node3]
 +
 +TASK [create_fileR] *********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.859)       0:00:00.876 ******* 
 +changed: [node3]
 +
 +TASK [stat_fileR] ***********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.294)       0:00:01.171 ******* 
 +ok: [node3]
 +
 +TASK [reboot_node] **********************************************************************************
 +Saturday 20 August 2022  11:54:12 +0200 (0:00:00.301)       0:00:01.473 ******* 
 +changed: [node3]
 +
 +TASK [reboot_ok] ************************************************************************************
 +Saturday 20 August 2022  11:55:25 +0200 (0:01:13.094)       0:01:14.567 ******* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  11:55:26 +0200 (0:00:00.861)       0:01:15.429 ******* 
 +=============================================================================== 
 +reboot_node --------------------------------------------------------------------------------- 73.09s
 +reboot_ok ------------------------------------------------------------------------------------ 0.86s
 +Gathering Facts ------------------------------------------------------------------------------ 0.86s
 +stat_fileR ----------------------------------------------------------------------------------- 0.30s
 +create_fileR --------------------------------------------------------------------------------- 0.29s
 +</code>
 +
 +==== ansible module ssh ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
 +  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
 +
 +genérer une clée ssh et la deployer 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-ans-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 ******* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 ******* 
 +changed: [node3 -> localhost]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 ******* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 0.86s
 +create_sshKey -------------------------------------------------------------------------------- 0.21s
 +
 +ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
 +-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
 +-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
 +</code>
 +
 +==== deploy ssh-key ====
 +
 +apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé : 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-adma-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +
 +  - name: create_user_adma
 +    user:
 +      name: adma
 +      shell: /bin/bash
 +      groups: sudo
 +      append: yes
 +      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
 +    become: yes 
 +
 +  - name: add_adma_sudoers
 +    copy:
 +      dest: "/etc/sudoers.d/sudoers-adma"
 +      content: "adma ALL=(ALL) NOPASSWD: ALL"
 +    become: yes
 +
 +  - name: deploy_sshKey
 +    authorized_key:
 +      user: adma
 +      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
 +      state: present
 +    become: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 ********* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 ********* 
 +ok: [node3 -> localhost]
 +
 +TASK [create_user_adma] *****************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 ********* 
 +changed: [node3]
 +
 +TASK [add_adma_sudoers] *****************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 ********* 
 +ok: [node3]
 +
 +TASK [deploy_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 ********* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 ********* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 1.25s
 +deploy_sshKey -------------------------------------------------------------------------------- 0.66s
 +add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
 +create_user_adma ----------------------------------------------------------------------------- 0.50s
 +create_sshKey -------------------------------------------------------------------------------- 0.19s
 </code> </code>
docpublic/systemes/ansible_init.1660988130.txt.gz · Last modified: 2022/08/20 09:35 by adminjp
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0