bertrandjve
/
Road-to-DevOps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Resources attached to the Road To DevOps tutorial https://blog.noobtoroot.xyz/road-to-devops/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
0 Tags
22 MiB
Tree: 73fdb651bd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '73fdb651bd'
${ noResults }
Road-to-DevOps/Pepiniere/ansible/Formation/travaux-pratiques/tp-ansible-les-commandes-ad...

288 lines
7.8 KiB
Raw Normal View History Unescape

(Fix) Bad files path
2 years ago
# TP Ansible
## Les commandes ad-hoc
Exécuter rapidement des commandes simples.
## Execution de commandes à l'aide de modules
<small>`$ ansible <host-pattern> -m <module> [-a <params>]`</small>
* <small>`-m` nom du module</small>
* <small>`-a <params>` paramètres du module (optionnel)</small>
* Exécuter sur toutes les machines la commande `uname -a` via le module `command`.
<!-- .slide: data-state="medium-code" -->
```none
$ ansible all -i inventories/formation/hosts -m command -a "uname -a"
ansible-3 | SUCCESS | rc=0 >>
Linux ansible-3 4.9.0-8-amd64 #1 SMP Debian
4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux
ansible-2 | SUCCESS | rc=0 >>
Linux ansible-2 3.10.0-862.11.6.el7.x86_64 #1
SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ansible-1 | SUCCESS | rc=0 >>
Linux ansible-1 3.10.0-862.11.6.el7.x86_64 #1
SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
```
<!-- .element: class="fragment" data-fragment-index="1" -->
* Copier le fichier `/etc/passwd` de la machine maître à l'emplacement `~/passwd` sur les machines `centos` en utilisant le module `copy`.
* Vérifier la présence du fichier à l'aide du module `command`.
* Copie du fichier :
<!-- .slide: data-state="small-code" -->
```none
$ ansible centos -i inventories/formation/hosts -m copy \
-a "src=/etc/passwd dest=~/passwd"
ansible-2 | SUCCESS => {
"changed": true,
"checksum": "1e9317514c0769f49ec9439f9811675ac19d89ee",
"dest": "/home/ansible/passwd",
"gid": 1001,
"group": "ansible",
"md5sum": "b8bbe17a63c7bb500c89dc5e29351fc5",
"mode": "0664",
"owner": "ansible",
"size": 1574,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1537539186.68-18012403191...",
"state": "file",
"uid": 1001
}
ansible-1 | SUCCESS => {
"changed": true,
"checksum": "1e9317514c0769f49ec9439f9811675ac19d89ee",
"dest": "/home/ansible/passwd",
"gid": 1001,
"group": "ansible",
"md5sum": "b8bbe17a63c7bb500c89dc5e29351fc5",
"mode": "0664",
"owner": "ansible",
"size": 1574,
"src": "/home/ansible/.ansible/tmp/ansible-tmp-1537539186.66-20188089735...",
"state": "file",
"uid": 1001
}
```
* Vérification à l'aide du module `command` :
<!-- .slide: data-state="medium-code" -->
```none
$ ansible centos7 -i inventories/formation/hosts -m command \
-a "ls -l ~"
ansible-2 | SUCCESS | rc=0 >>
total 4
-rw-rw-r-- 1 ansible ansible 1574 21 sept. 16:13 passwd
ansible-1 | SUCCESS | rc=0 >>
total 4
-rw-rw-r-- 1 ansible ansible 1574 21 sept. 16:13 passwd
```
## Variables dans l'inventaire
<!-- .slide: data-state="medium-code" -->
`inventories/formation/hosts`
```ini
$ cat inventories/formation/hosts
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
ansible-3 ansible_host=192.168.56.104 tata=tutu # variable
# de machine
[centos7]
ansible-1
ansible-2
[debian9]
ansible-3
[centos7:vars] # variable
titi=toto # de groupe
[all:vars]
ansible_become=yes
ansible_become_pass=ansible
```
<!-- .slide: data-state="small-code" -->
```yaml
$ ansible-inventory -i inventories/formation/hosts --list --yaml
all:
children:
centos7:
hosts:
ansible-1:
ansible_become: 'yes'
ansible_become_pass: ansible
ansible_host: 192.168.56.102
titi: toto
ansible-2:
ansible_become: 'yes'
ansible_become_pass: ansible
ansible_host: 192.168.56.103
titi: toto
debian9:
hosts:
ansible-3:
ansible_become: 'yes'
ansible_become_pass: ansible
ansible_host: 192.168.56.104
tata: tutu
ungrouped: {}
```
## Obtenir les droits root
* Essayer de créer sur chaque machine un fichier dans le homedir de l'utilisateur `root`.
<!-- .slide: data-state="small-code" -->
```none
$ ansible all -i inventories/formation/hosts -m command -a "touch /root/pas-le-droit"
ansible-3 | FAILED | rc=1 >>
touch: impossible de faire un touch '/root/pas-le-droit':
Permission non accordéenon-zero return code
ansible-2 | FAILED | rc=1 >>
touch: impossible de faire un touch « /root/pas-le-droit »:
Permission non accordéenon-zero return code
ansible-1 | FAILED | rc=1 >>
touch: impossible de faire un touch « /root/pas-le-droit »:
Permission non accordéenon-zero return code
```
<!-- .element: class="fragment" data-fragment-index="1" -->
<!-- .slide: data-state="medium-code" -->
* Ajouter des variables `ansible_become` dans l'inventaire pour permettre l'exécution via `sudo` ou `su`.
```none
...
# Par défaut sudo est utilisé, il faut donc que
# l'utilisateur soit déclaré dans les sudoers
[all:vars]
ansible_become=yes
ansible_become_pass=ansible
```
<!-- .element: class="fragment" data-fragment-index="1" -->
* Essayer de nouveau de créer sur chaque machine un fichier dans le homedir de l'utilisateur `root`.
* Vérifier la bonne création du fichier à l'aide de la commande `ls`.
<!-- .slide: data-state="small-code" -->
```none
$ ansible all -i inventories/formation/hosts -m command -a "touch /root/fichier"
ansible-3 | SUCCESS | rc=0 >>
ansible-2 | SUCCESS | rc=0 >>
ansible-1 | SUCCESS | rc=0 >>
```
<!-- .element: class="fragment" data-fragment-index="1" -->
```none
$ ansible all -i inventories/formation/hosts -m command -a "ls -l /root/fichier"
ansible-3 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 sept. 20 16:20 /root/fichier
ansible-2 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 20 sept. 16:20 /root/fichier
ansible-1 | SUCCESS | rc=0 >>
-rw-r--r-- 1 root root 0 20 sept. 16:20 /root/fichier
```
<!-- .element: class="fragment" data-fragment-index="2" -->
## Récupérer des informations sur les machines
* Utiliser le module `setup` pour lister les "facts" de chaque machine.
<!-- .slide: data-state="medium-code" -->
```none
$ ansible all -i inventories/formation/hosts -m setup
ansible-3 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.0.2.15",
"192.168.56.5"
],
"ansible_all_ipv6_addresses": [
"fe80::a00:27ff:fe51:f40c",
"fe80::a00:27ff:fe38:cf21"
],
"ansible_apparmor": {
"status": "disabled"
},
"ansible_architecture": "x86_64",
"ansible_bios_date": "12/01/2006",
"ansible_bios_version": "VirtualBox",
"ansible_cmdline": {
"BOOT_IMAGE": "/boot/vmlinuz-4.9.0-8-amd64",
```
<!-- .element: class="fragment" data-fragment-index="2" -->
* Appliquer un filtre pour n'afficher que
les adresses IP v4 de chaque machine
en ajoutant l'option `-a 'filter=<field>'`.
<!-- .slide: data-state="medium-code" -->
```none
$ ansible all -i inventories/formation/hosts -m setup \
-a 'filter=ansible_all_ipv4_addresses' --one-line
ansible-3 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses":
["10.0.2.15", "192.168.56.104"]}, "changed": false}
ansible-2 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses":
["192.168.56.103", "10.0.2.15"]}, "changed": false}
ansible-1 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses":
["192.168.56.102", "10.0.2.15"]}, "changed": false}
```
<!-- .element: class="fragment" data-fragment-index="1" -->
* Appliquer un filtre pour n'afficher que la famille d'OS.
<!-- .slide: data-state="medium-code" -->
```none
$ ansible all -i inventories/formation/hosts -m setup \
-a 'filter=ansible_os_family' --one-line
ansible-3 | SUCCESS => {"ansible_facts": {"ansible_os_family":
"Debian"}, "changed": false}
ansible-1 | SUCCESS => {"ansible_facts": {"ansible_os_family":
"RedHat"}, "changed": false}
ansible-2 | SUCCESS => {"ansible_facts": {"ansible_os_family":
"RedHat"}, "changed": false}
```
<!-- .element: class="fragment" data-fragment-index="1" -->