mise au point solution abr

2022-11-14 15:44:35 +01:00
parent 85f0fbea9d
commit 42a02ed774
9 changed files with 228 additions and 84 deletions
--- a/Readme.md
+++ b/Readme.md
@@ -7,30 +7,42 @@

 *Norme*: En utilisant les variables

+### Prérequis

-### Préparation
+Avoir à disposition  le playbook
+### Atelier 1 - faciliter l'exploitation et la maintenance d'un playbook

-Récupérer la solution de l'atelier *"handlers"*:
+Identifier toutes les modifications à faire au playbook _setup.yml_ si on veut changer le nom du compte à créer.

-```bash
-cd
-git clone  -b https://infra.opendoor.fr/git/tom/sib_12_handlers
-cd sib_12_handlers
-```
+Comment simplifier une future modification de cet emplacement ?

-### Pratique:
+### Atelier 2 - variables de play

-Ce playbook présente beaucoup de redondance (nom de répertoire, nom du site ...) ce qui ne facilite pas sa maintenance.
+Se mettre d'accord sur le nom de variable à utiliser.

-J'ai choisie d'utiliser les variables:
+Remplacer toutes les occurences du nom d'utilisateur par la variable

-  - apache_documentroot
-  - apache_site_name
+Rajouter une section _vars_ au playbook dans laquelle sera définie notre variable

-J'ai défini ces variables dans la section _vars_ du playbook. C'est loin d'être idéal ...
+Voir fichier setup_2.yml

-### Performance
+### Atelier 3 - variables d'inventaire

-Il est désormais facile d'adapter le playbook pour qu'il traite un autre site que www.orsys.fr
+Comment faire pour que à chaque machine soit associé un compte différent ?
+
+Voir fichier setup_3.yml et host_vars/centos1.formation.opendoor.fr
+
+### Atelier 4 - variables de type liste
+
+Comment faire si je veux créer plusieurs comptes utilisateur sur chaque machine ?
+
+Voir fichier setup_4.yml et host_vars/centos1.formation.opendoor.fr
+
+### Atelier 5 - variables de type tableau associatif
+
+Comment faire si je veux que ces comptes utilisateurs aient des mots de passe et des groupes différents ?
+
+Voir fichier setup_5.yml et host_vars/centos1.formation.opendoor.fr
+
+⚠️ pour que la solution fonctionne, il faut que le fichier répertoire host_vars et son contenu (centos1.formation.opendoor.fr) soit dans le même répertoire que votre fichier d'inventaire.

-Il suffit de changer la valeur de la variable.
--- a/apache.yml
+++ b/apache.yml
@@ -1,51 +0,0 @@
---
- name: install apache via ansible playbook
-  hosts: cibles
-  vars:
-    apache_site_name: "orsys.fr"
-    apache_documentroot: "/srv/www/{{ apache_site_name }}"
-  handlers:
-  - name: restart apache
-    service:
-      name: httpd
-      state: restarted
-
-  tasks:
-  - name: install apache
-    yum:
-      name: httpd
-      state: latest
-
-  - name: conf httpd
-    template:
-      src: vhost.conf
-      dest: /etc/httpd/conf.d/vhost.conf
-      mode: 0640
-      owner: root
-      group: apache
-    notify: restart apache
-
-  - name: activate apache
-    service:
-      name: httpd
-      enabled: yes
-      state: started
-
-  - name: open firewall port
-    firewalld:
-      service: http
-      permanent: yes
-      immediate: yes
-      state: enabled
-    ignore_errors: yes
-
-  - name: create documentroot
-    file:
-      name: "{{ apache_documentroot }}"
-      state: directory
-
-  - name: create index file
-    copy:
-      src: index.txt
-      dest: "{{ apache_documentroot }}/index.html"
-      mode: 0644
--- a/host_vars/centos1.formation.opendoor.fr
+++ b/host_vars/centos1.formation.opendoor.fr
@@ -0,0 +1,10 @@
+setup_user: toto
+
+setup_users:
+- tartempion
+- ansible
+- foobar
+
+setup_user_hash:
+  - { login: plop, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: wheel }
+  - { login: plip, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: users }
--- a/index.txt
+++ b/index.txt
@@ -1 +0,0 @@
-<span style="text-align: center;background-color: #FD5401; font-size: 42px;">Hello World</span>
--- a/setup_2.yml
+++ b/setup_2.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  vars:
+    setup_user: jabba
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: "{{ setup_user }}"
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/{{ setup_user }}
+
+  - name: configure sudo
+    copy:
+      content: "{{ setup_user }} ALL=(ALL)      NOPASSWD:  ALL"
+      dest: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: "{{ setup_user }}"
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"
--- a/setup_3.yml
+++ b/setup_3.yml
@@ -0,0 +1,46 @@
+
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: "{{ setup_user }}"
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/{{ setup_user }}
+
+  - name: configure sudo
+    copy:
+      content: "{{ setup_user }} ALL=(ALL)      NOPASSWD:  ALL"
+      dest: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: "{{ setup_user }}"
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"
--- a/setup_4.yml
+++ b/setup_4.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: "{{ item }}"
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/{{item}}
+    loop: "{{ setup_users }}"
+
+  - name: configure sudo
+    lineinfile:
+      line: "{{ item }} ALL=(ALL)      NOPASSWD:  ALL"
+      path: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+    loop: "{{ setup_users }}"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: "{{ item[0] }}"
+      key: "{{ item[1] }}"
+    with_nested:
+      - "{{ setup_users }}"
+      - [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]
--- a/setup_5.yml
+++ b/setup_5.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: "{{ item.login }}"
+      password: "{{ item.password }}"
+      create_home: yes
+      home: /home/{{item.login }}
+    loop: "{{ setup_user_hash }}"
+
+  - name: configure sudo
+    lineinfile:
+      line: "{{ item.login }} ALL=(ALL)      NOPASSWD:  ALL"
+      path: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+    loop: "{{ setup_user_hash }}"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: "{{ item[0].login }}"
+      key: "{{ item[1] }}"
+    with_nested:
+      - "{{ setup_user_hash }}"
+      - [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]
--- a/vhost.conf
+++ b/vhost.conf
@@ -1,16 +0,0 @@
-<VirtualHost *:80>
-       ServerName    {{ apache_site_name }}
-       ServerAlias   www.{{ apache_site_name }}
-       DocumentRoot  {{ apache_documentroot }}/
-       CustomLog     /var/log/httpd/{{ apache_site_name }}_access.log combined
-       ErrorLog      /var/log/httpd/{{ apache_site_name }}_error.log
-       <Directory />
-                Options none
-                Allowoverride none
-                Require all denied
-        </Directory>
-
-        <Directory {{ apache_documentroot }}>
-                Require all granted
-        </Directory>
-</VirtualHost>
				`@@ -1 +0,0 @@`
				`<span style="text-align: center;background-color: #FD5401; font-size: 42px;">Hello World</span>`