diff --git a/Readme.md b/Readme.md
index e110c7b..2926b5b 100644
--- a/Readme.md
+++ b/Readme.md
@@ -7,30 +7,42 @@
*Norme*: En utilisant les variables
+### Prérequis
-### Préparation
+Avoir à disposition le playbook
+### Atelier 1 - faciliter l'exploitation et la maintenance d'un playbook
-Récupérer la solution de l'atelier *"handlers"*:
+Identifier toutes les modifications à faire au playbook _setup.yml_ si on veut changer le nom du compte à créer.
-```bash
-cd
-git clone -b https://infra.opendoor.fr/git/tom/sib_12_handlers
-cd sib_12_handlers
-```
+Comment simplifier une future modification de cet emplacement ?
-### Pratique:
+### Atelier 2 - variables de play
-Ce playbook présente beaucoup de redondance (nom de répertoire, nom du site ...) ce qui ne facilite pas sa maintenance.
+Se mettre d'accord sur le nom de variable à utiliser.
-J'ai choisie d'utiliser les variables:
+Remplacer toutes les occurences du nom d'utilisateur par la variable
- - apache_documentroot
- - apache_site_name
+Rajouter une section _vars_ au playbook dans laquelle sera définie notre variable
-J'ai défini ces variables dans la section _vars_ du playbook. C'est loin d'être idéal ...
+Voir fichier setup_2.yml
-### Performance
+### Atelier 3 - variables d'inventaire
-Il est désormais facile d'adapter le playbook pour qu'il traite un autre site que www.orsys.fr
+Comment faire pour que à chaque machine soit associé un compte différent ?
+
+Voir fichier setup_3.yml et host_vars/centos1.formation.opendoor.fr
+
+### Atelier 4 - variables de type liste
+
+Comment faire si je veux créer plusieurs comptes utilisateur sur chaque machine ?
+
+Voir fichier setup_4.yml et host_vars/centos1.formation.opendoor.fr
+
+### Atelier 5 - variables de type tableau associatif
+
+Comment faire si je veux que ces comptes utilisateurs aient des mots de passe et des groupes différents ?
+
+Voir fichier setup_5.yml et host_vars/centos1.formation.opendoor.fr
+
+⚠️ pour que la solution fonctionne, il faut que le fichier répertoire host_vars et son contenu (centos1.formation.opendoor.fr) soit dans le même répertoire que votre fichier d'inventaire.
-Il suffit de changer la valeur de la variable.
diff --git a/apache.yml b/apache.yml
deleted file mode 100644
index 049142d..0000000
--- a/apache.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-- name: install apache via ansible playbook
- hosts: cibles
- vars:
- apache_site_name: "orsys.fr"
- apache_documentroot: "/srv/www/{{ apache_site_name }}"
- handlers:
- - name: restart apache
- service:
- name: httpd
- state: restarted
-
- tasks:
- - name: install apache
- yum:
- name: httpd
- state: latest
-
- - name: conf httpd
- template:
- src: vhost.conf
- dest: /etc/httpd/conf.d/vhost.conf
- mode: 0640
- owner: root
- group: apache
- notify: restart apache
-
- - name: activate apache
- service:
- name: httpd
- enabled: yes
- state: started
-
- - name: open firewall port
- firewalld:
- service: http
- permanent: yes
- immediate: yes
- state: enabled
- ignore_errors: yes
-
- - name: create documentroot
- file:
- name: "{{ apache_documentroot }}"
- state: directory
-
- - name: create index file
- copy:
- src: index.txt
- dest: "{{ apache_documentroot }}/index.html"
- mode: 0644
diff --git a/host_vars/centos1.formation.opendoor.fr b/host_vars/centos1.formation.opendoor.fr
new file mode 100644
index 0000000..3a62484
--- /dev/null
+++ b/host_vars/centos1.formation.opendoor.fr
@@ -0,0 +1,10 @@
+setup_user: toto
+
+setup_users:
+- tartempion
+- ansible
+- foobar
+
+setup_user_hash:
+ - { login: plop, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: wheel }
+ - { login: plip, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: users }
\ No newline at end of file
diff --git a/index.txt b/index.txt
deleted file mode 100644
index 949801e..0000000
--- a/index.txt
+++ /dev/null
@@ -1 +0,0 @@
-Hello World
diff --git a/setup_2.yml b/setup_2.yml
new file mode 100644
index 0000000..43c6aa5
--- /dev/null
+++ b/setup_2.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+ hosts: cibles
+ vars:
+ setup_user: jabba
+ tasks:
+ - name: warn people
+ lineinfile:
+ path: /etc/motd
+ create: yes
+ line: "Host is managed by ansible, manual interaction not recommended"
+ state: present
+
+ - name: history
+ lineinfile:
+ path: /etc/history
+ line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+ state: present
+ create: true
+
+ - name: generate ssh keys
+ openssh_keypair:
+ path: "~/.ssh/id_rsa"
+ size: 2048
+ delegate_to: localhost
+ become: false
+
+ - name: create account
+ user:
+ name: "{{ setup_user }}"
+ password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+ create_home: yes
+ home: /home/{{ setup_user }}
+
+ - name: configure sudo
+ copy:
+ content: "{{ setup_user }} ALL=(ALL) NOPASSWD: ALL"
+ dest: /etc/sudoers.d/ansible
+ validate: "/usr/sbin/visudo -cf %s"
+
+ - name: deploy ssh key
+ authorized_key:
+ user: "{{ setup_user }}"
+ key: "{{ item }}"
+ loop:
+ - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+ - "https://infra.opendoor.fr/id_rsa.pub"
\ No newline at end of file
diff --git a/setup_3.yml b/setup_3.yml
new file mode 100644
index 0000000..57b66e5
--- /dev/null
+++ b/setup_3.yml
@@ -0,0 +1,46 @@
+
+---
+- name: setup target to be managed by ansible
+ hosts: cibles
+ tasks:
+ - name: warn people
+ lineinfile:
+ path: /etc/motd
+ create: yes
+ line: "Host is managed by ansible, manual interaction not recommended"
+ state: present
+
+ - name: history
+ lineinfile:
+ path: /etc/history
+ line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+ state: present
+ create: true
+
+ - name: generate ssh keys
+ openssh_keypair:
+ path: "~/.ssh/id_rsa"
+ size: 2048
+ delegate_to: localhost
+ become: false
+
+ - name: create account
+ user:
+ name: "{{ setup_user }}"
+ password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+ create_home: yes
+ home: /home/{{ setup_user }}
+
+ - name: configure sudo
+ copy:
+ content: "{{ setup_user }} ALL=(ALL) NOPASSWD: ALL"
+ dest: /etc/sudoers.d/ansible
+ validate: "/usr/sbin/visudo -cf %s"
+
+ - name: deploy ssh key
+ authorized_key:
+ user: "{{ setup_user }}"
+ key: "{{ item }}"
+ loop:
+ - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+ - "https://infra.opendoor.fr/id_rsa.pub"
\ No newline at end of file
diff --git a/setup_4.yml b/setup_4.yml
new file mode 100644
index 0000000..bf7e555
--- /dev/null
+++ b/setup_4.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+ hosts: cibles
+ tasks:
+ - name: warn people
+ lineinfile:
+ path: /etc/motd
+ create: yes
+ line: "Host is managed by ansible, manual interaction not recommended"
+ state: present
+
+ - name: history
+ lineinfile:
+ path: /etc/history
+ line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+ state: present
+ create: true
+
+ - name: generate ssh keys
+ openssh_keypair:
+ path: "~/.ssh/id_rsa"
+ size: 2048
+ delegate_to: localhost
+ become: false
+
+ - name: create account
+ user:
+ name: "{{ item }}"
+ password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+ create_home: yes
+ home: /home/{{item}}
+ loop: "{{ setup_users }}"
+
+ - name: configure sudo
+ lineinfile:
+ line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
+ path: /etc/sudoers.d/ansible
+ validate: "/usr/sbin/visudo -cf %s"
+ loop: "{{ setup_users }}"
+
+ - name: deploy ssh key
+ authorized_key:
+ user: "{{ item[0] }}"
+ key: "{{ item[1] }}"
+ with_nested:
+ - "{{ setup_users }}"
+ - [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]
\ No newline at end of file
diff --git a/setup_5.yml b/setup_5.yml
new file mode 100644
index 0000000..ce4368b
--- /dev/null
+++ b/setup_5.yml
@@ -0,0 +1,48 @@
+
+---
+- name: setup target to be managed by ansible
+ hosts: cibles
+ tasks:
+ - name: warn people
+ lineinfile:
+ path: /etc/motd
+ create: yes
+ line: "Host is managed by ansible, manual interaction not recommended"
+ state: present
+
+ - name: history
+ lineinfile:
+ path: /etc/history
+ line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+ state: present
+ create: true
+
+ - name: generate ssh keys
+ openssh_keypair:
+ path: "~/.ssh/id_rsa"
+ size: 2048
+ delegate_to: localhost
+ become: false
+
+ - name: create account
+ user:
+ name: "{{ item.login }}"
+ password: "{{ item.password }}"
+ create_home: yes
+ home: /home/{{item.login }}
+ loop: "{{ setup_user_hash }}"
+
+ - name: configure sudo
+ lineinfile:
+ line: "{{ item.login }} ALL=(ALL) NOPASSWD: ALL"
+ path: /etc/sudoers.d/ansible
+ validate: "/usr/sbin/visudo -cf %s"
+ loop: "{{ setup_user_hash }}"
+
+ - name: deploy ssh key
+ authorized_key:
+ user: "{{ item[0].login }}"
+ key: "{{ item[1] }}"
+ with_nested:
+ - "{{ setup_user_hash }}"
+ - [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]
\ No newline at end of file
diff --git a/vhost.conf b/vhost.conf
deleted file mode 100644
index 4af757e..0000000
--- a/vhost.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-
- ServerName {{ apache_site_name }}
- ServerAlias www.{{ apache_site_name }}
- DocumentRoot {{ apache_documentroot }}/
- CustomLog /var/log/httpd/{{ apache_site_name }}_access.log combined
- ErrorLog /var/log/httpd/{{ apache_site_name }}_error.log
-
- Options none
- Allowoverride none
- Require all denied
-
-
-
- Require all granted
-
-
\ No newline at end of file