Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- docpublic:systemes:ansible_init [2022/08/19 09:20]
adminjp [autres actions]
+++ docpublic:systemes:ansible_init [2022/08/21 08:49] (current)
adminjp [ansible module ssh]
@@ Line 1126: / Line 1126: @@
 en statefull avec //terraform// par exemple , si je créé une VM , une DB d'etat (state) contient cet etat, et donc si je joue sur des variables de cette VM plus tard, terraform sait qu'il existe cette VM . Avec Ansible il n'y a pas d'état, il ne sais pas que le VM existe, il ne peut tient pas de registre des actions réalisées .
+===== ansible module user =====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
+state present/absent => creation, destruction
+=== playbook module user ===
+<code>
+ans@disi-dellat:~/ansible$ cat 03_playbook_user.yml
+---
+- name: J_Playbook_User
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_user_joe
+    user:
+      name: joe
+      state: present
+      uid: 1041
+      groups: sudo
+      password: "{{ 'password' | password_hash('sha512') }}"
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 03_playbook_user.yml
+BECOME password:
+...
+Friday 19 August 2022  13:59:41 +0200 (0:00:00.016)       0:00:00.016 *********
+ok: [node3]
+TASK [create_user_joe] ******************************************************************************************
+Friday 19 August 2022  13:59:42 +0200 (0:00:00.846)       0:00:00.863 *********
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Friday 19 August 2022  13:59:43 +0200 (0:00:01.089)       0:00:01.953 *********
+===============================================================================
+create_user_joe ------------------------------------------------------------------------------------------ 1.09s
+Gathering Facts ------------------------------------------------------------------------------------------ 0.85s
+</code>
+=== resultat ===
+<code>
+jehan@node3:/tmp$ id joe
+uid=1041(joe) gid=1041(joe) groups=1041(joe),27(sudo)
+</code>
+=== afficher les details ===
+pour voir les details systems de ce qui a été fait on ajoute un register de notre user joe avec un debug sur cette variable :
+<code>
+ans@disi-dellat:~/ansible$ cat 03_playbook_user.yml
+---
+- name: J_Playbook_User
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_user_joe
+    user:
+      name: joe
+      state: present
+      uid: 1041
+      groups: sudo
+      password: "{{ 'password' | password_hash('sha512') }}"
+    register: __user_joe
+  - name: debug_user
+    debug:
+      var: __user_joe
+</code>
+=== resultat ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 03_playbook_user.yml
+BECOME password:
+...
+TASK [create_user_joe] ******************************************************************************************
+Friday 19 August 2022  16:13:18 +0200 (0:00:01.530)       0:00:01.547 *********
+changed: [node3]
+TASK [debug_user] ***********************************************************************************************
+Friday 19 August 2022  16:13:19 +0200 (0:00:00.539)       0:00:02.087 *********
+ok: [node3] => {
+    "__user_joe": {
+        "append": false,
+        "changed": true,
+        "comment": "",
+        "failed": false,
+        "group": 1041,
+        "groups": "sudo",
+        "home": "/home/joe",
+        "move_home": false,
+        "name": "joe",
+        "password": "NOT_LOGGING_PASSWORD",
+        "shell": "/bin/sh",
+        "state": "present",
+        "uid": 1041
+    }
+}
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Friday 19 August 2022  16:13:19 +0200 (0:00:00.039)       0:00:02.126 *********
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------------------ 1.53s
+create_user_joe ------------------------------------------------------------------------------------------ 0.54s
+debug_user ----------------------------------------------------------------------------------------------- 0.04s
+</code>
+===== ansible stat register =====
+si on souhaite afficher des info sur nos actions, on peut utiliser le module stat sur un fichier par exemple, mais l'affichage des "stat" ne donne rien par defaut, il faut faire un register de l'output pour pouvoir le remonter sur notre server-node source du playbook .
+=== playbook ===
+<code>
+ans@disi-dellat:~/ansible$ cat 04_playbook_stat_reg.yml
+---
+- name: J_Playbook_Stat_Reg
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_file
+    file:
+      path: "/tmp/ansdir/file2"
+      state: touch
+      owner: root
+      group: ans
+      mode: 0755
+  - name: stat_file
+    stat:
+      path: "/tmp/ansdir/file2"
+    register: __stat_file2
+  - name: display
+    debug:
+      var: __stat_file2
+</code>
+=== resultat ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml
+BECOME password:
+PLAY [J_Playbook_Stat_Reg] **************************************************************************************
+TASK [Gathering Facts] ******************************************************************************************
+Saturday 20 August 2022  10:03:05 +0200 (0:00:00.021)       0:00:00.021 *******
+ok: [node3]
+TASK [create_file] **********************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:01.235)       0:00:01.256 *******
+changed: [node3]
+TASK [stat_file] ************************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.277)       0:00:01.533 *******
+ok: [node3]
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.278)       0:00:01.812 *******
+ok: [node3] => {
+    "__stat_file2": {
+        "changed": false,
+        "failed": false,
+        "stat": {
+            "atime": 1660982587.677271,
+            "attr_flags": "e",
+            "attributes": [
+                "extents"
+            ],
+            "block_size": 4096,
+            "blocks": 0,
+            "charset": "binary",
+            "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
+            "ctime": 1660982587.677271,
+            "dev": 2053,
+            "device_type": 0,
+            "executable": true,
+            "exists": true,
+            "gid": 1033,
+            "gr_name": "ans",
+            "inode": 262175,
+            "isblk": false,
+            "ischr": false,
+            "isdir": false,
+            "isfifo": false,
+            "isgid": false,
+            "islnk": false,
+            "isreg": true,
+            "issock": false,
+            "isuid": false,
+            "mimetype": "inode/x-empty",
+            "mode": "0755",
+            "mtime": 1660982587.677271,
+            "nlink": 1,
+            "path": "/tmp/ansdir/file2",
+            "pw_name": "root",
+            "readable": true,
+            "rgrp": true,
+            "roth": true,
+            "rusr": true,
+            "size": 0,
+            "uid": 0,
+            "version": "3306389664",
+            "wgrp": false,
+            "woth": false,
+            "writeable": true,
+            "wusr": true,
+            "xgrp": true,
+            "xoth": true,
+            "xusr": true
+        }
+    }
+}
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  10:03:07 +0200 (0:00:00.042)       0:00:01.854 *******
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------------------ 1.24s
+stat_file ------------------------------------------------------------------------------------------------ 0.28s
+create_file ---------------------------------------------------------------------------------------------- 0.28s
+display -------------------------------------------------------------------------------------------------- 0.04s
+</code>
+=== stat specifique ===
+plus specifiquement si on veux filtrer uniquement sur le retour de stat d'existence du fichier , on utilise dans le module debug un msg sur la variable //stat_file2// dans son dictionnaire il y a une clé //stat// qui a elle meme une clée //exists// qui prend la valeur //true// :
+<code>
+- name: display
+    debug:
+      msg: "Fichier exist : {{ __stat_file2.stat.exists }}"
+</code>
+=== resultat ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 04_playbook_stat_reg.yml
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:18:19 +0200 (0:00:00.281)       0:00:01.823 *******
+ok: [node3] => {
+    "msg": "Fichier exist : True"
+}
+</code>
+==== condition when ====
+avec cette condition d'existence, on peut maintenat faire une autre action sur le base de ce test, exemple ici on créé un directory si (when) la variable valeur exists = true
+<code>
+- name: creation conditionnelle du subDir
+    file:
+      path: /tmp/ansdir2
+      state: directory
+    when: __stat_file2.stat.exists == True
+</code>
+<code>
+TASK [display] **************************************************************************************************
+Saturday 20 August 2022  10:27:42 +0200 (0:00:00.294)       0:00:01.512 *******
+ok: [node3] => {
+    "msg": "Fichier exist : True"
+}
+TASK [creation conditionnelle du subDir] ************************************************************************
+Saturday 20 August 2022  10:27:42 +0200 (0:00:00.047)       0:00:01.559 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+</code>
+==== ansible boucle ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/items_lookup.html
+la plus classique avec with_items qui est une liste a base de dictionnaire
+=== playbook ===
+creation de 3 repertoires
+<code>
+ans@disi-dellat:~/ansible$ cat 021_playbook_dir.yml
+---
+- name: J_Playbook_File_Dir
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_x_dir
+    file:
+      path: "/tmp/ansdir/{{ item }}"
+      state: directory
+      recurse: yes
+      owner: root
+    with_items:
+      - ansdirA
+      - ansdirB
+      - ansdirC
+</code>
+=== execution ===
+<code>
+TASK [create_x_dir] *********************************************************************************************
+Saturday 20 August 2022  10:45:11 +0200 (0:00:01.403)       0:00:01.420 *******
+changed: [node3] => (item=ansdirA)
+changed: [node3] => (item=ansdirB)
+changed: [node3] => (item=ansdirC)
+</code>
+=== dictonnaire de valeur ===
+on peut aussi utiliser les items sous forme de dictionnaire de valeur
+<code>
+tasks:
+  - name: create_x_dir
+    file:
+      path: "/tmp/ansdir/{{ item.dir }}/{{ item.fichier }}"
+      state: directory
+      recurse: yes
+      owner: root
+    with_items:
+      - { dir: ansdirA, fichier: "file1.txt" }
+      - { dir: ansdirB, fichier: "file1.txt" }
+      - { dir: ansdirC, fichier: "file1.txt" }
+</code>
+<code>
+TASK [create_x_dir] *********************************************************************************************
+Saturday 20 August 2022  10:52:27 +0200 (0:00:00.901)       0:00:00.918 *******
+changed: [node3] => (item={'dir': 'ansdirA', 'fichier': 'file1.txt'})
+changed: [node3] => (item={'dir': 'ansdirB', 'fichier': 'file1.txt'})
+changed: [node3] => (item={'dir': 'ansdirC', 'fichier': 'file1.txt'})
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+</code>
+==== dictionnaire dans group_vars ====
+d'un point de vue organisation, il vaut mieux sortir ces variables du playbook pour les mettre dans le group_vars
+<code>
+ans@disi-dellat:~/ansible$ cat group_vars/all/variables.yml
+mydict:
+- { dir: ansdirA, fichier: "file1.txt" }
+- { dir: ansdirB, fichier: "file1.txt" }
+- { dir: ansdirC, fichier: "file1.txt" }
+</code>
+avec dans le playbook un appel a ce dictionnaire
+<code>
+  with_items:
+     {{ mydict }}
+</code>
+==== ansible module apt ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html
+installer un paquet , plein d'options existe, cf ref ci-dessus .
+<code>
+ans@disi-dellat:~/ansible$ cat 05_playbook_apt.yml
+---
+- name: J_Playbook_Apt
+  hosts: node3
+  become: yes
+  tasks:
+  - name: gestion_apt
+    apt:
+      name: tree
+      state: latest
+      update_cache: yes
+      cache_valid_time: 300
+</code>
+le //state: present// est moins risqué en terme d'updates involontaires .
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 05_playbook_apt.yml
+...
+TASK [gestion_apt] **********************************************************************************************
+Saturday 20 August 2022  11:29:43 +0200 (0:00:01.394)       0:00:01.412 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:29:58 +0200 (0:00:15.744)       0:00:17.156 *******
+===============================================================================
+gestion_apt --------------------------------------------------------------------------------------------- 15.74s
+Gathering Facts ------------------------------------------------------------------------------------------ 1.39s
+</code>
+=== supression ===
+supression totale
+<code>
+- name: gestion_apt
+    apt:
+      name: tree
+      state: absent
+      purge: yes
+      autoremove: yes
+</code>
+==== ansible module reboot ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
+on demande un reboot sur la base de la presence d'un fichier
+<code>
+ans@disi-dellat:~/ansible$ cat 06_playbook_reboot.yml
+---
+- name: J_Playbook_File_Reboot
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_fileR
+    file:
+      path: "/tmp/fileR"
+      state: touch
+  - name: stat_fileR
+    stat:
+      path: "/tmp/fileR"
+    register: __stat_fileR
+  - name: reboot_node
+    reboot:
+      msg: "Reboot par Ansible"
+      connect_timeout: 5
+      reboot_timeout: 300
+      pre_reboot_delay: 0
+      post_reboot_delay: 50
+      test_command: uptime
+    when: __stat_fileR.stat.exists
+  - name: reboot_ok
+    file:
+      path: "/tmp/rebootOK"
+      state: touch
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 06_playbook_reboot.yml
+BECOME password:
+PLAY [J_Playbook_File_Reboot] ***********************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  11:54:11 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_fileR] *********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.859)       0:00:00.876 *******
+changed: [node3]
+TASK [stat_fileR] ***********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.294)       0:00:01.171 *******
+ok: [node3]
+TASK [reboot_node] **********************************************************************************
+Saturday 20 August 2022  11:54:12 +0200 (0:00:00.301)       0:00:01.473 *******
+changed: [node3]
+TASK [reboot_ok] ************************************************************************************
+Saturday 20 August 2022  11:55:25 +0200 (0:01:13.094)       0:01:14.567 *******
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  11:55:26 +0200 (0:00:00.861)       0:01:15.429 *******
+===============================================================================
+reboot_node --------------------------------------------------------------------------------- 73.09s
+reboot_ok ------------------------------------------------------------------------------------ 0.86s
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+stat_fileR ----------------------------------------------------------------------------------- 0.30s
+create_fileR --------------------------------------------------------------------------------- 0.29s
+</code>
+==== ansible module ssh ====
+  * https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
+  * https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
+genérer une clée ssh et la deployer
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-ans-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Saturday 20 August 2022  20:45:52 +0200 (0:00:00.017)       0:00:00.017 *******
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.860)       0:00:00.877 *******
+changed: [node3 -> localhost]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Saturday 20 August 2022  20:45:53 +0200 (0:00:00.208)       0:00:01.085 *******
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 0.86s
+create_sshKey -------------------------------------------------------------------------------- 0.21s
+ans@disi-dellat:~/ansible$ ls -ltr /tmp/ssh*
+-rw-r--r-- 1 root  root   382 août  20 20:45 /tmp/ssh-ans-key.pub
+-rw------- 1 root  root  1799 août  20 20:45 /tmp/ssh-ans-key
+</code>
+==== deploy ssh-key ====
+apres generation locale de la clé (pas besoin d'elevation de privilege (become)) , on crée un user (become necessaire)  , l'ajoute dans sudoers et on lui pousse la clé :
+<code>
+ans@disi-dellat:~/ansible$ cat 07_playbook_ssh_key.yml
+---
+- name: J_Playbook_sshKey
+  hosts: node3
+  become: yes
+  tasks:
+  - name: create_sshKey
+    openssh_keypair:
+      path: "/tmp/ssh-adma-key"
+      type: rsa
+      size: 2048
+      state: present
+      force: no
+    #delegate a localhost pour jouer ça sur notre server-node
+    delegate_to: localhost
+    #le faire tourner une seule fois , meme si +sieurs hosts
+    run_once: yes
+  - name: create_user_adma
+    user:
+      name: adma
+      shell: /bin/bash
+      groups: sudo
+      append: yes
+      password: "{{ '1pAA2022.' | password_hash('sha256') }}"
+    become: yes
+  - name: add_adma_sudoers
+    copy:
+      dest: "/etc/sudoers.d/sudoers-adma"
+      content: "adma ALL=(ALL) NOPASSWD: ALL"
+    become: yes
+  - name: deploy_sshKey
+    authorized_key:
+      user: adma
+      key: "{{ lookup('file', '/tmp/ssh-adma-key.pub') }}"
+      state: present
+    become: yes
+</code>
+=== execution ===
+<code>
+ans@disi-dellat:~/ansible$ ansible-playbook -i 01_inventory.yml -u ans -K 07_playbook_ssh_key.yml
+BECOME password:
+PLAY [J_Playbook_sshKey] ****************************************************************************
+TASK [Gathering Facts] ******************************************************************************
+Sunday 21 August 2022  10:47:05 +0200 (0:00:00.017)       0:00:00.017 *********
+ok: [node3]
+TASK [create_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:01.254)       0:00:01.271 *********
+ok: [node3 -> localhost]
+TASK [create_user_adma] *****************************************************************************
+Sunday 21 August 2022  10:47:06 +0200 (0:00:00.185)       0:00:01.457 *********
+changed: [node3]
+TASK [add_adma_sudoers] *****************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.496)       0:00:01.953 *********
+ok: [node3]
+TASK [deploy_sshKey] ********************************************************************************
+Sunday 21 August 2022  10:47:07 +0200 (0:00:00.622)       0:00:02.576 *********
+changed: [node3]
+PLAY RECAP ******************************************************************************************
+node3                      : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+Sunday 21 August 2022  10:47:08 +0200 (0:00:00.660)       0:00:03.236 *********
+===============================================================================
+Gathering Facts ------------------------------------------------------------------------------ 1.25s
+deploy_sshKey -------------------------------------------------------------------------------- 0.66s
+add_adma_sudoers ----------------------------------------------------------------------------- 0.62s
+create_user_adma ----------------------------------------------------------------------------- 0.50s
+create_sshKey -------------------------------------------------------------------------------- 0.19s
+</code>

docpublic/systemes/ansible_init.1660900844.txt.gz · Last modified: 2022/08/19 09:20 by adminjp

Show page Old revisions

[unknown link type]Back to top