tom/sib_15_roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mise au point enonce, separation solution

Browse Source
This commit is contained in:
Thomas Constans
2021-04-20 11:10:38 +02:00
parent 6f2c805c6c
commit b6fbdbd8e5
11 changed files with 7 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
0Readme.md
View File

@@ -10,19 +10,7 @@
Convertir en un rôle nommé "setup" le 1er playbook mis au point lors de l'atelier "adhoc to playbook". Convertir en un rôle nommé "setup" le 1er playbook mis au point lors de l'atelier "adhoc to playbook".
Pour rappel, les commandes AdHoc correspondantes: Pour rappel, ce playbook se trouve dans le fichier setup.yml
```
ansible localhost -m openssh_keypair -a "path=/home/formation/.ssh/id_rsa owner=formation group=formation" -u formation
ansible cibles -u formation -k -m user -a "user=ansible password={{ '123Soleil2020%'| password_hash( 'sha512', 65534 | random( seed=inventory_hostname ) | string ) }} create_home=yes home=/home/ansible"
ansible cibles -u formation -k -m lineinfile -a "path=/etc/sudoers.d/ansible state=present create=yes line='ansible ALL=(ALL) NOPASSWD: ALL' validate='/usr/sbin/visudo -cf %s'"
ansible cibles -u formation -k -m copy -a "dest=/etc/sudoers.d/ansible content='ansible ALL=(ALL) NOPASSWD: ALL' validate='/usr/sbin/visudo -cf %s'"
ansible cibles -u formation -k -m authorized_key -a "key={{ lookup( 'file', '~/.ssh/id_rsa.pub') }} user=ansible"
```
## Performance ## Performance

19
setup/tasks/main.yml → setup.yml
View File

@@ -1,49 +1,42 @@
---
- name: setup target to be managed by ansible
hosts: cibles
tasks:
- name: warn people - name: warn people
tags: wip
lineinfile: lineinfile:
path: /etc/motd path: /etc/motd
create: yes
line: "Host is managed by ansible, manual interaction not recommended" line: "Host is managed by ansible, manual interaction not recommended"
state: present state: present
- name: history - name: history
tags: wip
lineinfile: lineinfile:
path: /etc/history path: /etc/history
line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}" line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
state: present state: present
create: true create: true
# ansible localhost -u formation -m openssh_keypair -a "path=/home/formation/.ssh/id_rsa owner=formation group=formation"
- name: generate ssh keys - name: generate ssh keys
tags: ssh
openssh_keypair: openssh_keypair:
path: "~/.ssh/id_rsa" path: "~/.ssh/id_rsa"
size: 2048 size: 2048
owner: formation
group: formation
delegate_to: localhost delegate_to: localhost
become: false become: false
# ansible cibles -m user -a "name=ansible home=/home/ansible password={{ '123Soleil2020%'| password_hash('sha512') }} create_home=yes"
- name: create account - name: create account
tags: user
user: user:
name: ansible name: ansible
password: "{{ '123Soleil2020%' | password_hash('sha512') }}" password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
create_home: yes create_home: yes
home: /home/ansible home: /home/ansible
# ansible centos -m copy -a "dest=/etc/sudoers.d/ansible content="ansible ALL=(ALL) NOPASSWD: ALL validate='/usr/bin/visudo -cf %f'"
- name: configure sudo - name: configure sudo
tags: sudo
copy: copy:
content: "ansible ALL=(ALL) NOPASSWD: ALL" content: "ansible ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/ansible dest: /etc/sudoers.d/ansible
validate: "/usr/sbin/visudo -cf %s" validate: "/usr/sbin/visudo -cf %s"
# ansible cibles -m authorized_key -a "user=ansible key={{ lookup( 'file', '/home/formation/.ssh/id_rsa.pub') }}"
- name: deploy ssh key - name: deploy ssh key
tags: ssh
authorized_key: authorized_key:
user: ansible user: ansible
key: "{{ item }}" key: "{{ item }}"

29
setup/.travis.yml
View File

@@ -1,29 +0,0 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

38
setup/README.md
View File

@@ -1,38 +0,0 @@
Role Name
=========
Setup a host for ansible management
Requirements
------------
None
Role Variables
--------------
None
Dependencies
------------
None
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- setup
License
-------
BSD
Author Information
------------------
Thomas C <thomas@opendoor.fr>

2
setup/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for setup

2
setup/handlers/main.yml
View File

@@ -1,2 +0,0 @@
---
# handlers file for setup

53
setup/meta/main.yml
View File

@@ -1,53 +0,0 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

2
setup/tests/inventory
View File

@@ -1,2 +0,0 @@
localhost

5
setup/tests/test.yml
View File

@@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- setup

2
setup/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for setup

5
setup_role.yml
View File

@@ -1,5 +0,0 @@
---
- name: setup target to be managed by ansible using setup role
hosts: centos
roles:
- setup