maj prerequis

Readme.md

@@ -0,0 +1,50 @@
+## Variables
+
+
+*Tâche*: Utiliser des variables pour assouplir l'utilisation d'un playbook
+
+*Condition*: quand on souhaite adapter un playbook ou un playbook à une situation différente, sans avoir à gérer une autre version du playbook.
+
+*Norme*: En utilisant les variables
+
+### Prérequis
+
+```bash
+cd
+git clone -b solution_setup https://infra.opendoor.fr/git/tom/sib_15_roles.git var
+cd var
+```
+
+### Atelier 1 - faciliter l'exploitation et la maintenance d'un playbook
+
+Identifier toutes les modifications à faire au playbook _setup.yml_ si on veut changer le nom du compte à créer.
+
+Comment simplifier une future modification de cet emplacement ?
+
+### Atelier 2 - variables de play
+
+Se mettre d'accord sur le nom de variable à utiliser.
+
+Remplacer toutes les occurences du nom d'utilisateur par la variable
+
+Rajouter une section _vars_ au playbook dans laquelle sera définie notre variable
+
+### Atelier 3 - variables d'inventaire
+
+Comment faire pour que à chaque machine soit associé un compte différent ?
+
+### Atelier 4 - variables de type liste
+
+Comment faire si je veux créer plusieurs comptes utilisateur sur chaque machine ?
+
+### Atelier 5 - variables de type tableau associatif
+
+Comment faire si je veux que ces comptes utilisateurs aient des mots de passe et des groupes différents ?
+
+
+
+
+
+
+
+ Solution: voir branche "solution_abr"

ansible_apache_formation/README.md

@@ -1,47 +0,0 @@
-Role Name
-=========
-apache_formation
-
-NOT FOR PRODUCTION USE
-
-This role has been designed for training purpose
-
-Requirements
-------------
-
-None
-
-Role Variables
---------------
-
-apache_server_name - nom du site
-
-apache_service_name - nom du service
-apache_package_name - nom du package
-apache_config_dir - répertoire de config
-apache_group_name  - nom du groupe apache
-#apache_listen_port - port d'écoute - defaut 80
-
-
-Dependencies
-------------
-
-None
-
-Example Playbook
-----------------
-
----
-- hosts: test
-  roles:
-  - apache_formation
-
-License
--------
-
-BSD
-
-Author Information
-------------------
-
-Thomas Constans <thomas@opendoor.fr>

ansible_apache_formation/defaults/main.yml

@@ -1,3 +0,0 @@
-#/home/formation/ansible_apache_formation/defaults/main.yml
----
-apache_listen_port: 80

ansible_apache_formation/handlers/main.yml

@@ -1,5 +0,0 @@
----
-    - name: reload httpd
-      service:
-        name: "{{ apache_service_name }}"
-        state: reloaded

ansible_apache_formation/meta/main.yml

@@ -1,51 +0,0 @@
-galaxy_info:
-  role_name: apache_formation
-  author: Thomas Constans <thomas@opendoor.fr>
-  description: Simple apache role set up for training purpose
-  company: www.opendoor.fr
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: GPLv2
-
-  min_ansible_version: 1.2
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  # Optionally specify the branch Galaxy will use when accessing the GitHub
-  # repo for this role. During role install, if no tags are available,
-  # Galaxy will use this branch. During import Galaxy will access files on
-  # this branch. If Travis integration is configured, only notifications for this
-  # branch will be accepted. Otherwise, in all cases, the repo's default branch
-  # (usually master) will be used.
-  #github_branch:
-
-  #
-  # platforms is a list of platforms, and each platform has a name and a list of versions.
-  #
-  platforms:
-   - name: EL
-     versions:
-     - 7
-
-  galaxy_tags: [apache,training]
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-  dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

ansible_apache_formation/tasks/apache.yml

@@ -1,60 +0,0 @@
----
-- name: import OS variables
-  include_vars: "{{ ansible_distribution |lower }}{{ ansible_distribution_major_version }}.yml"
-
-- name: installation
-  package:
-    name: "{{ apache_package_name }}"
-    state: present
-
-- name: configuration
-  notify: reload httpd
-  template:
-    src: vhost.conf
-    dest: "{{ apache_config_dir }}/vhost.conf"
-    mode: 0640
-    owner: root
-    group: "{{ apache_group_name }}"
-
-- name: enable service
-  service:
-    name: "{{ apache_service_name }}"
-    enabled: yes
-
-- name: open firewall port
-  firewalld:
-    service: http
-    permanent: yes
-    immediate: yes
-    state: enabled
-  ignore_errors: yes
-
-- name: create documentroot
-  file:
-    name: "/var/www/{{ apache_server_name }}"
-    state: directory
-
-- name: create index file
-  template:
-    src: index.html
-    dest: "/var/www/{{ apache_server_name }}/index.html"
-    mode: 0644
-
-- name: install python passlib package
-  package:
-    name: "{{ python_passlib_package }}"
-    state: present
-
-- name: passwd file
-  htpasswd:
-    path: "{{ apache_config_dir }}/passwd"
-    name: tom
-    password: "123Soleil"
-    mode: 0640
-    owner: root
-    group: "{{ apache_group_name }}"
-
-- name: start service
-  service:
-    name: "{{ apache_service_name }}"
-    state: started

ansible_apache_formation/tasks/main.yml

@@ -1,3 +0,0 @@
----
-- import_tasks: apache.yml
-  tags: httpd

ansible_apache_formation/templates/index.html

@@ -1 +0,0 @@
-<h1>Welcome aboard {{ ansible_hostname }}</h1>

ansible_apache_formation/templates/vhost.conf

@@ -1,23 +0,0 @@
-<VirtualHost *:80>
-   ServerName {{ apache_server_name }}"
-   ServerAlias www.{{ apache_server_name }}"
-   DocumentRoot /var/www/{{ apache_server_name }}"
-   CustomLog   /var/log/{{ apache_service_name }}/{{ apache_server_name }}"_access.log combined
-   ErrorLog    /var/log/{{ apache_service_name }}/{{ apache_server_name }}"_error.log
-   <Directory />
-      Options none
-      Allowoverride none
-      Require all denied
-   </Directory>
-
-   <Directory /var/www/{{ apache_server_name }}">
-      Require all granted
-   </Directory>
-   <Directory /var/www/{{ apache_server_name }}"/Private>
-      Options indexes
-      AuthName "stop"
-      AuthType Basic
-      AuthUserFile {{ apache_config_dir }}/passwd
-      require valid-user
-   </Directory>
-</VirtualHost>

ansible_apache_formation/tests/inventory

@@ -1,2 +0,0 @@
-localhost
-

ansible_apache_formation/tests/test.yml

@@ -1,4 +0,0 @@
----
-- hosts: centos
-  roles:
-    - tconstans.ansible_apache_formation

ansible_apache_formation/vars/almalinux9.yml

@@ -1,6 +0,0 @@
-#/home/formation/ansible_apache_formation/vars/centos8.yml
-python_passlib_package: python3-passlib
-apache_service_name: httpd
-apache_package_name: httpd
-apache_config_dir: /etc/httpd/conf.d
-apache_group_name: apache

ansible_apache_formation/vars/centos7.yml

@@ -1 +0,0 @@
-python_passlib_package: python-passlib

ansible_apache_formation/vars/centos8.yml

@@ -1,6 +0,0 @@
-#/home/formation/ansible_apache_formation/vars/centos8.yml
-python_passlib_package: python3-passlib
-apache_service_name: httpd
-apache_package_name: httpd
-apache_config_dir: /etc/httpd/conf.d
-apache_group_name: apache

ansible_apache_formation/vars/debian10.yml

@@ -1,7 +0,0 @@
-#/home/formation/ansible_apache_formation/vars/debian10.yml
-python_passlib_package: python3-passlib
-apache_service_name: apache2
-apache_package_name: apache2
-apache_config_dir: /etc/apache2/sites-enabled
-apache_group_name: www-data
-

ansible_apache_formation/vars/main.yml

@@ -1 +0,0 @@
----

apache.yml

@@ -1,4 +0,0 @@
----
-- hosts: cibles
-  role:
-  - ansible_apache_formation

host_vars/centos1.formation.opendoor.fr.yml

@@ -1,2 +0,0 @@
-apache_server_name: orsys.fr
-apache_documentroot: /srv/www/orsys.fr

setup.yml

@@ -0,0 +1,45 @@
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: ansible
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/ansible
+
+  - name: configure sudo
+    copy:
+      content: "ansible ALL=(ALL)      NOPASSWD:  ALL"
+      dest: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: ansible
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"