From b6fbdbd8e5b9dc7744f2429e67f0e2685968775c Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Tue, 20 Apr 2021 11:10:38 +0200 Subject: [PATCH 1/6] mise au point enonce, separation solution --- 0Readme.md | 14 +------- setup/tasks/main.yml => setup.yml | 19 ++++------- setup/.travis.yml | 29 ----------------- setup/README.md | 38 ---------------------- setup/defaults/main.yml | 2 -- setup/handlers/main.yml | 2 -- setup/meta/main.yml | 53 ------------------------------- setup/tests/inventory | 2 -- setup/tests/test.yml | 5 --- setup/vars/main.yml | 2 -- setup_role.yml | 5 --- 11 files changed, 7 insertions(+), 164 deletions(-) rename setup/tasks/main.yml => setup.yml (53%) delete mode 100644 setup/.travis.yml delete mode 100644 setup/README.md delete mode 100644 setup/defaults/main.yml delete mode 100644 setup/handlers/main.yml delete mode 100644 setup/meta/main.yml delete mode 100644 setup/tests/inventory delete mode 100644 setup/tests/test.yml delete mode 100644 setup/vars/main.yml delete mode 100644 setup_role.yml diff --git a/0Readme.md b/0Readme.md index f6ebf4f..c6681bb 100644 --- a/0Readme.md +++ b/0Readme.md @@ -10,19 +10,7 @@ Convertir en un rôle nommé "setup" le 1er playbook mis au point lors de l'atelier "adhoc to playbook". -Pour rappel, les commandes AdHoc correspondantes: - -``` -ansible localhost -m openssh_keypair -a "path=/home/formation/.ssh/id_rsa owner=formation group=formation" -u formation - -ansible cibles -u formation -k -m user -a "user=ansible password={{ '123Soleil2020%'| password_hash( 'sha512', 65534 | random( seed=inventory_hostname ) | string ) }} create_home=yes home=/home/ansible" - -ansible cibles -u formation -k -m lineinfile -a "path=/etc/sudoers.d/ansible state=present create=yes line='ansible ALL=(ALL) NOPASSWD: ALL' validate='/usr/sbin/visudo -cf %s'" - -ansible cibles -u formation -k -m copy -a "dest=/etc/sudoers.d/ansible content='ansible ALL=(ALL) NOPASSWD: ALL' validate='/usr/sbin/visudo -cf %s'" - -ansible cibles -u formation -k -m authorized_key -a "key={{ lookup( 'file', '~/.ssh/id_rsa.pub') }} user=ansible" -``` +Pour rappel, ce playbook se trouve dans le fichier setup.yml ## Performance diff --git a/setup/tasks/main.yml b/setup.yml similarity index 53% rename from setup/tasks/main.yml rename to setup.yml index a726534..666b960 100644 --- a/setup/tasks/main.yml +++ b/setup.yml @@ -1,49 +1,42 @@ +--- +- name: setup target to be managed by ansible + hosts: cibles + tasks: - name: warn people - tags: wip lineinfile: path: /etc/motd + create: yes line: "Host is managed by ansible, manual interaction not recommended" state: present - name: history - tags: wip lineinfile: path: /etc/history line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}" state: present create: true -# ansible localhost -u formation -m openssh_keypair -a "path=/home/formation/.ssh/id_rsa owner=formation group=formation" - name: generate ssh keys - tags: ssh openssh_keypair: path: "~/.ssh/id_rsa" size: 2048 - owner: formation - group: formation delegate_to: localhost become: false -# ansible cibles -m user -a "name=ansible home=/home/ansible password={{ '123Soleil2020%'| password_hash('sha512') }} create_home=yes" - name: create account - tags: user user: name: ansible - password: "{{ '123Soleil2020%' | password_hash('sha512') }}" + password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}" create_home: yes home: /home/ansible -# ansible centos -m copy -a "dest=/etc/sudoers.d/ansible content="ansible ALL=(ALL) NOPASSWD: ALL validate='/usr/bin/visudo -cf %f'" - name: configure sudo - tags: sudo copy: content: "ansible ALL=(ALL) NOPASSWD: ALL" dest: /etc/sudoers.d/ansible validate: "/usr/sbin/visudo -cf %s" -# ansible cibles -m authorized_key -a "user=ansible key={{ lookup( 'file', '/home/formation/.ssh/id_rsa.pub') }}" - name: deploy ssh key - tags: ssh authorized_key: user: ansible key: "{{ item }}" diff --git a/setup/.travis.yml b/setup/.travis.yml deleted file mode 100644 index 36bbf62..0000000 --- a/setup/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/setup/README.md b/setup/README.md deleted file mode 100644 index f782480..0000000 --- a/setup/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -Setup a host for ansible management - -Requirements ------------- - -None - -Role Variables --------------- - -None - -Dependencies ------------- - -None - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - setup - -License -------- - -BSD - -Author Information ------------------- - -Thomas C diff --git a/setup/defaults/main.yml b/setup/defaults/main.yml deleted file mode 100644 index 75c4251..0000000 --- a/setup/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for setup \ No newline at end of file diff --git a/setup/handlers/main.yml b/setup/handlers/main.yml deleted file mode 100644 index 29dbaa7..0000000 --- a/setup/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for setup \ No newline at end of file diff --git a/setup/meta/main.yml b/setup/meta/main.yml deleted file mode 100644 index 227ad9c..0000000 --- a/setup/meta/main.yml +++ /dev/null @@ -1,53 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.9 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. - \ No newline at end of file diff --git a/setup/tests/inventory b/setup/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/setup/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/setup/tests/test.yml b/setup/tests/test.yml deleted file mode 100644 index c1e233b..0000000 --- a/setup/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - setup \ No newline at end of file diff --git a/setup/vars/main.yml b/setup/vars/main.yml deleted file mode 100644 index 0905b6c..0000000 --- a/setup/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for setup \ No newline at end of file diff --git a/setup_role.yml b/setup_role.yml deleted file mode 100644 index b0be167..0000000 --- a/setup_role.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: setup target to be managed by ansible using setup role - hosts: centos - roles: - - setup \ No newline at end of file From 8a2930d635e7fca4a94fcd93270368fd239e2654 Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Thu, 10 Jun 2021 13:55:45 +0200 Subject: [PATCH 2/6] ajout fichier src --- setup.yml | 4 ++-- sudo | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 sudo diff --git a/setup.yml b/setup.yml index 666b960..6936bab 100644 --- a/setup.yml +++ b/setup.yml @@ -26,13 +26,13 @@ - name: create account user: name: ansible - password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}" + password: "{{ '123Soleil2021%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}" create_home: yes home: /home/ansible - name: configure sudo copy: - content: "ansible ALL=(ALL) NOPASSWD: ALL" + src: sudo dest: /etc/sudoers.d/ansible validate: "/usr/sbin/visudo -cf %s" diff --git a/sudo b/sudo new file mode 100644 index 0000000..02d0225 --- /dev/null +++ b/sudo @@ -0,0 +1,3 @@ +#Configuration sudo +# en nopassword pour ansible +ansible ALL=(ALL) NOPASSWD: ALL From a41ee487a4f01d11532acf12d8f3c94e19278547 Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Tue, 16 Nov 2021 09:35:03 +0100 Subject: [PATCH 3/6] rename readme --- 0Readme.md => Readme.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 0Readme.md => Readme.md (100%) diff --git a/0Readme.md b/Readme.md similarity index 100% rename from 0Readme.md rename to Readme.md From 7c7e0658fcd3a8aed3379dc285bfcd158191f579 Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Tue, 30 Nov 2021 10:46:03 +0100 Subject: [PATCH 4/6] back to apache --- 1dependances.md | 23 ----------------------- Readme.md | 8 ++++++-- setup.yml | 45 --------------------------------------------- sudo | 3 --- 4 files changed, 6 insertions(+), 73 deletions(-) delete mode 100644 1dependances.md delete mode 100644 setup.yml delete mode 100644 sudo diff --git a/1dependances.md b/1dependances.md deleted file mode 100644 index 9d27da5..0000000 --- a/1dependances.md +++ /dev/null @@ -1,23 +0,0 @@ -## Dépendances entre rôles - -**Tâche**: Écrire un rôle dépendant d'un autre - -**Condition**: pour améliorer l'organisation et la maintenance de nos playbooks - -**Norme**: ansible-galaxy, vim, meta - - -### Préparation - -Créez un rôle "vim" qui s'assure: - - de la présence du paquet vim-enhanced - - de l'absence du paquet nano - - de la présence du fichier https://cours.opendoor.fr/Fichiers/vimrc dans /etc/vimrc - -### Pratique - -Faire en sorte que ce rôle "vim" dépende du rôle "setup" précédemment mis en place, c'est à dire que utiliser le rôle "vim" entraîne automatiquement l'utilisation du rôle "setup" - -### Validation - -Les 2 rôles sont exécutés diff --git a/Readme.md b/Readme.md index c6681bb..6a63a20 100644 --- a/Readme.md +++ b/Readme.md @@ -8,9 +8,13 @@ ## Pratique: -Convertir en un rôle nommé "setup" le 1er playbook mis au point lors de l'atelier "adhoc to playbook". +Convertir en un rôle nommé "apache" le 1er playbook mis au point lors de l'atelier "handlers". + +Vous pouvez récupérer ce playbook via la commande: +```bash +git clone -b solution https://infra.opendoor.fr/git/tom/sib_12_handlers +``` -Pour rappel, ce playbook se trouve dans le fichier setup.yml ## Performance diff --git a/setup.yml b/setup.yml deleted file mode 100644 index 6936bab..0000000 --- a/setup.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: setup target to be managed by ansible - hosts: cibles - tasks: - - name: warn people - lineinfile: - path: /etc/motd - create: yes - line: "Host is managed by ansible, manual interaction not recommended" - state: present - - - name: history - lineinfile: - path: /etc/history - line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}" - state: present - create: true - - - name: generate ssh keys - openssh_keypair: - path: "~/.ssh/id_rsa" - size: 2048 - delegate_to: localhost - become: false - - - name: create account - user: - name: ansible - password: "{{ '123Soleil2021%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}" - create_home: yes - home: /home/ansible - - - name: configure sudo - copy: - src: sudo - dest: /etc/sudoers.d/ansible - validate: "/usr/sbin/visudo -cf %s" - - - name: deploy ssh key - authorized_key: - user: ansible - key: "{{ item }}" - loop: - - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}" - - "https://infra.opendoor.fr/id_rsa.pub" \ No newline at end of file diff --git a/sudo b/sudo deleted file mode 100644 index 02d0225..0000000 --- a/sudo +++ /dev/null @@ -1,3 +0,0 @@ -#Configuration sudo -# en nopassword pour ansible -ansible ALL=(ALL) NOPASSWD: ALL From b6e736e264c7e39886de4295bc315f874f94d06c Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Tue, 30 Nov 2021 10:51:49 +0100 Subject: [PATCH 5/6] solution apache --- apache.yml | 5 ++++ tco.apache/.travis.yml | 29 ++++++++++++++++++ tco.apache/README.md | 38 +++++++++++++++++++++++ tco.apache/defaults/main.yml | 2 ++ tco.apache/handlers/main.yml | 6 ++++ tco.apache/meta/main.yml | 53 +++++++++++++++++++++++++++++++++ tco.apache/tasks/main.yml | 39 ++++++++++++++++++++++++ tco.apache/templates/index.txt | 1 + tco.apache/templates/vhost.conf | 16 ++++++++++ tco.apache/tests/inventory | 2 ++ tco.apache/tests/test.yml | 5 ++++ tco.apache/vars/main.yml | 2 ++ 12 files changed, 198 insertions(+) create mode 100644 apache.yml create mode 100644 tco.apache/.travis.yml create mode 100644 tco.apache/README.md create mode 100644 tco.apache/defaults/main.yml create mode 100644 tco.apache/handlers/main.yml create mode 100644 tco.apache/meta/main.yml create mode 100644 tco.apache/tasks/main.yml create mode 100644 tco.apache/templates/index.txt create mode 100644 tco.apache/templates/vhost.conf create mode 100644 tco.apache/tests/inventory create mode 100644 tco.apache/tests/test.yml create mode 100644 tco.apache/vars/main.yml diff --git a/apache.yml b/apache.yml new file mode 100644 index 0000000..961d639 --- /dev/null +++ b/apache.yml @@ -0,0 +1,5 @@ +--- +- hosts: centos + name: install apache from role + roles: + - tco.apache \ No newline at end of file diff --git a/tco.apache/.travis.yml b/tco.apache/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/tco.apache/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/tco.apache/README.md b/tco.apache/README.md new file mode 100644 index 0000000..346405f --- /dev/null +++ b/tco.apache/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +Install apache + +Requirements +------------ + +None + +Role Variables +-------------- + +None + +Dependencies +------------ + +None + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: centos + roles: + - tco.apache + +License +------- + +BSD + +Author Information +------------------ + +Thomas C diff --git a/tco.apache/defaults/main.yml b/tco.apache/defaults/main.yml new file mode 100644 index 0000000..85867ad --- /dev/null +++ b/tco.apache/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tco.apache \ No newline at end of file diff --git a/tco.apache/handlers/main.yml b/tco.apache/handlers/main.yml new file mode 100644 index 0000000..dd4f03e --- /dev/null +++ b/tco.apache/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# handlers file for tco +- name: restart apache + service: + name: httpd + state: restarted \ No newline at end of file diff --git a/tco.apache/meta/main.yml b/tco.apache/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/tco.apache/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/tco.apache/tasks/main.yml b/tco.apache/tasks/main.yml new file mode 100644 index 0000000..2701ec6 --- /dev/null +++ b/tco.apache/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: install apache + yum: + name: httpd + state: latest + +- name: conf httpd + template: + src: vhost.conf + dest: /etc/httpd/conf.d/vhost.conf + mode: 0640 + owner: root + group: apache + notify: restart apache + +- name: activate apache + service: + name: httpd + enabled: yes + state: started + +- name: open firewall port + firewalld: + service: http + permanent: yes + immediate: yes + state: enabled + ignore_errors: yes + +- name: create documentroot + file: + name: /var/www/html/orsys.fr + state: directory + +- name: create index file + copy: + src: index.html + dest: /var/www/html/orsys.fr/index.html + mode: 0644 tasks file for tco.apache \ No newline at end of file diff --git a/tco.apache/templates/index.txt b/tco.apache/templates/index.txt new file mode 100644 index 0000000..949801e --- /dev/null +++ b/tco.apache/templates/index.txt @@ -0,0 +1 @@ +Hello World diff --git a/tco.apache/templates/vhost.conf b/tco.apache/templates/vhost.conf new file mode 100644 index 0000000..0556a2c --- /dev/null +++ b/tco.apache/templates/vhost.conf @@ -0,0 +1,16 @@ + + ServerName orsys.fr + ServerAlias www.orsys.fr + DocumentRoot /var/www/html/orsys.fr/ + CustomLog /var/log/httpd/orsys.fr_access.log combined + ErrorLog /var/log/httpd/orsys.fr_error.log + + Options none + Allowoverride none + Require all denied + + + + Require all granted + + \ No newline at end of file diff --git a/tco.apache/tests/inventory b/tco.apache/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tco.apache/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tco.apache/tests/test.yml b/tco.apache/tests/test.yml new file mode 100644 index 0000000..497a40f --- /dev/null +++ b/tco.apache/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - tco.apache \ No newline at end of file diff --git a/tco.apache/vars/main.yml b/tco.apache/vars/main.yml new file mode 100644 index 0000000..7c7d28e --- /dev/null +++ b/tco.apache/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tco.apache \ No newline at end of file From d5ffc62bca32334cb5fd432c07305526d56255ca Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Tue, 30 Nov 2021 10:55:41 +0100 Subject: [PATCH 6/6] mise au point --- tco.apache/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tco.apache/tasks/main.yml b/tco.apache/tasks/main.yml index 2701ec6..cb5a165 100644 --- a/tco.apache/tasks/main.yml +++ b/tco.apache/tasks/main.yml @@ -33,7 +33,7 @@ state: directory - name: create index file - copy: - src: index.html + template: + src: index.txt dest: /var/www/html/orsys.fr/index.html - mode: 0644 tasks file for tco.apache \ No newline at end of file + mode: 0644 \ No newline at end of file