[[initiation ansible]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:ansible_init [2022/08/20 09:57]
adminjp [ansible module apt] 		docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
Line 1630: Line 1630:
 stat_fileR ----------------------------------------------------------------------------------- 0.30s stat_fileR ----------------------------------------------------------------------------------- 0.30s
 create_fileR --------------------------------------------------------------------------------- 0.29s create_fileR --------------------------------------------------------------------------------- 0.29s
 +</code>
 +
 +==== ansible module ssh ====
 +
 +  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
 +  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
 +
 +genérer une clée ssh et la deployer 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-ans-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 ******* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 ******* 
 +changed: [node3 -> localhost]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 ******* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 0.86s
 +create_sshKey -------------------------------------------------------------------------------- 0.21s
 +
 +ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
 +-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
 +-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
 +</code>
 +
 +==== deploy ssh-key ====
 +
 +apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé : 
 +
 +<code>
 +ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml 
 +---
 +- name: J_Playbook_sshKey
 +  hosts: node3
 +  become: yes
 +  tasks:
 +  - name: create_sshKey
 +    openssh_keypair:
 +      path: "/tmp/ssh-adma-key"
 +      type: rsa
 +      size: 2048
 +      state: present
 +      force: no
 +    #delegate a localhost pour jouer ça sur notre server-node
 +    delegate_to: localhost
 +    #le faire tourner une seule fois , meme si +sieurs hosts
 +    run_once: yes
 +
 +  - name: create_user_adma
 +    user:
 +      name: adma
 +      shell: /bin/bash
 +      groups: sudo
 +      append: yes
 +      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
 +    become: yes 
 +
 +  - name: add_adma_sudoers
 +    copy:
 +      dest: "/etc/sudoers.d/sudoers-adma"
 +      content: "adma ALL=(ALL) NOPASSWD: ALL"
 +    become: yes
 +
 +  - name: deploy_sshKey
 +    authorized_key:
 +      user: adma
 +      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
 +      state: present
 +    become: yes
 +</code>
 +
 +=== execution ===
 +
 +<code>
 +ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml 
 +BECOME password: 
 +
 +PLAY [J_Playbook_sshKey] ****************************************************************************
 +
 +TASK [Gathering Facts] ******************************************************************************
 +Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 ********* 
 +ok: [node3]
 +
 +TASK [create_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 ********* 
 +ok: [node3 -> localhost]
 +
 +TASK [create_user_adma] *****************************************************************************
 +Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 ********* 
 +changed: [node3]
 +
 +TASK [add_adma_sudoers] *****************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 ********* 
 +ok: [node3]
 +
 +TASK [deploy_sshKey] ********************************************************************************
 +Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 ********* 
 +changed: [node3]
 +
 +PLAY RECAP ******************************************************************************************
 +node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
 +
 +Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 ********* 
 +=============================================================================== 
 +Gathering Facts ------------------------------------------------------------------------------ 1.25s
 +deploy_sshKey -------------------------------------------------------------------------------- 0.66s
 +add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
 +create_user_adma ----------------------------------------------------------------------------- 0.50s
 +create_sshKey -------------------------------------------------------------------------------- 0.19s
 </code> </code>
docpublic/systemes/ansible_init.1660989425.txt.gz · Last modified: 2022/08/20 09:57 by adminjp
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0