tom/sib_17.0_variables
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: tom:solution_abr
Branches Tags
tom:master tom:master_abr tom:solution tom:solution_abr
..
compare: tom:master_abr
Branches Tags
tom:master_abr tom:solution tom:solution_abr tom:master

3 Commits
solution_a ... master_abr

Author SHA1 Message Date
Thomas Constans
4ff6575d82 maj prerequis 2024-06-19 09:58:56 +02:00
Thomas Constans
cb4d81ee90 mise au point instructions abr 2022-11-14 15:14:53 +01:00
Thomas Constans
b3a2e29ec6 mise au point abr 2022-11-14 14:36:45 +01:00
6 changed files with 15 additions and 168 deletions
Expand all files Collapse all files

20
Readme.md
View File

@@ -9,7 +9,12 @@
### Prérequis ### Prérequis
Avoir à disposition le playbook ```bash
cd
git clone -b solution_setup https://infra.opendoor.fr/git/tom/sib_15_roles.git var
cd var
```
### Atelier 1 - faciliter l'exploitation et la maintenance d'un playbook ### Atelier 1 - faciliter l'exploitation et la maintenance d'un playbook
Identifier toutes les modifications à faire au playbook _setup.yml_ si on veut changer le nom du compte à créer. Identifier toutes les modifications à faire au playbook _setup.yml_ si on veut changer le nom du compte à créer.
@@ -24,25 +29,22 @@ Remplacer toutes les occurences du nom d'utilisateur par la variable
Rajouter une section _vars_ au playbook dans laquelle sera définie notre variable Rajouter une section _vars_ au playbook dans laquelle sera définie notre variable
Voir fichier setup_2.yml
### Atelier 3 - variables d'inventaire ### Atelier 3 - variables d'inventaire
Comment faire pour que à chaque machine soit associé un compte différent ? Comment faire pour que à chaque machine soit associé un compte différent ?
Voir fichier setup_3.yml et host_vars/centos1.formation.opendoor.fr
### Atelier 4 - variables de type liste ### Atelier 4 - variables de type liste
Comment faire si je veux créer plusieurs comptes utilisateur sur chaque machine ? Comment faire si je veux créer plusieurs comptes utilisateur sur chaque machine ?
Voir fichier setup_4.yml et host_vars/centos1.formation.opendoor.fr
### Atelier 5 - variables de type tableau associatif ### Atelier 5 - variables de type tableau associatif
Comment faire si je veux que ces comptes utilisateurs aient des mots de passe et des groupes différents ? Comment faire si je veux que ces comptes utilisateurs aient des mots de passe et des groupes différents ?
Voir fichier setup_5.yml et host_vars/centos1.formation.opendoor.fr
⚠️ pour que la solution fonctionne, il faut que le fichier répertoire host_vars et son contenu (centos1.formation.opendoor.fr) soit dans le même répertoire que votre fichier d'inventaire.
Solution: voir branche "solution_abr"

10
host_vars/centos1.formation.opendoor.fr
View File

@@ -1,10 +0,0 @@
setup_user: toto
setup_users:
- tartempion
- ansible
- foobar
setup_user_hash:
- { login: plop, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: wheel }
- { login: plip, password: "{{ '123Soleil!' | password_hash('sha512') }}", group: users }

9
setup_3.yml → setup.yml
View File

@@ -1,4 +1,3 @@
--- ---
- name: setup target to be managed by ansible - name: setup target to be managed by ansible
hosts: cibles hosts: cibles
@@ -26,20 +25,20 @@
- name: create account - name: create account
user: user:
name: "{{ setup_user }}" name: ansible
password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}" password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
create_home: yes create_home: yes
home: /home/{{ setup_user }} home: /home/ansible
- name: configure sudo - name: configure sudo
copy: copy:
content: "{{ setup_user }} ALL=(ALL) NOPASSWD: ALL" content: "ansible ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/ansible dest: /etc/sudoers.d/ansible
validate: "/usr/sbin/visudo -cf %s" validate: "/usr/sbin/visudo -cf %s"
- name: deploy ssh key - name: deploy ssh key
authorized_key: authorized_key:
user: "{{ setup_user }}" user: ansible
key: "{{ item }}" key: "{{ item }}"
loop: loop:
- "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}" - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"

48
setup_2.yml
View File

@@ -1,48 +0,0 @@
---
- name: setup target to be managed by ansible
hosts: cibles
vars:
setup_user: jabba
tasks:
- name: warn people
lineinfile:
path: /etc/motd
create: yes
line: "Host is managed by ansible, manual interaction not recommended"
state: present
- name: history
lineinfile:
path: /etc/history
line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
state: present
create: true
- name: generate ssh keys
openssh_keypair:
path: "~/.ssh/id_rsa"
size: 2048
delegate_to: localhost
become: false
- name: create account
user:
name: "{{ setup_user }}"
password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
create_home: yes
home: /home/{{ setup_user }}
- name: configure sudo
copy:
content: "{{ setup_user }} ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/ansible
validate: "/usr/sbin/visudo -cf %s"
- name: deploy ssh key
authorized_key:
user: "{{ setup_user }}"
key: "{{ item }}"
loop:
- "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
- "https://infra.opendoor.fr/id_rsa.pub"

48
setup_4.yml
View File

@@ -1,48 +0,0 @@
---
- name: setup target to be managed by ansible
hosts: cibles
tasks:
- name: warn people
lineinfile:
path: /etc/motd
create: yes
line: "Host is managed by ansible, manual interaction not recommended"
state: present
- name: history
lineinfile:
path: /etc/history
line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
state: present
create: true
- name: generate ssh keys
openssh_keypair:
path: "~/.ssh/id_rsa"
size: 2048
delegate_to: localhost
become: false
- name: create account
user:
name: "{{ item }}"
password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
create_home: yes
home: /home/{{item}}
loop: "{{ setup_users }}"
- name: configure sudo
lineinfile:
line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
path: /etc/sudoers.d/ansible
validate: "/usr/sbin/visudo -cf %s"
loop: "{{ setup_users }}"
- name: deploy ssh key
authorized_key:
user: "{{ item[0] }}"
key: "{{ item[1] }}"
with_nested:
- "{{ setup_users }}"
- [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]

48
setup_5.yml
View File

@@ -1,48 +0,0 @@
---
- name: setup target to be managed by ansible
hosts: cibles
tasks:
- name: warn people
lineinfile:
path: /etc/motd
create: yes
line: "Host is managed by ansible, manual interaction not recommended"
state: present
- name: history
lineinfile:
path: /etc/history
line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
state: present
create: true
- name: generate ssh keys
openssh_keypair:
path: "~/.ssh/id_rsa"
size: 2048
delegate_to: localhost
become: false
- name: create account
user:
name: "{{ item.login }}"
password: "{{ item.password }}"
create_home: yes
home: /home/{{item.login }}
loop: "{{ setup_user_hash }}"
- name: configure sudo
lineinfile:
line: "{{ item.login }} ALL=(ALL) NOPASSWD: ALL"
path: /etc/sudoers.d/ansible
validate: "/usr/sbin/visudo -cf %s"
loop: "{{ setup_user_hash }}"
- name: deploy ssh key
authorized_key:
user: "{{ item[0].login }}"
key: "{{ item[1] }}"
with_nested:
- "{{ setup_user_hash }}"
- [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]