bertrandjve
/
Road-to-DevOps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Resources attached to the Road To DevOps tutorial https://blog.noobtoroot.xyz/road-to-devops/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
0 Tags
22 MiB
Tree: 73fdb651bd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '73fdb651bd'
${ noResults }
Road-to-DevOps/Pepiniere/ansible/Formation/travaux-pratiques/tp-ansible-roles.md

346 lines
7.0 KiB
Raw Normal View History Unescape

(Fix) Bad files path
2 years ago
## TP Roles
* Reprendre le TP Wordpress et le découper en Roles.
* Exemple de rôles pouvant être définis :
<small>mariadb, db, httpd, apache, wordpress...</small>
* Gérer les variables par défaut.
* Gérer les variables liées à l'environnement.
* Gérer la dépendances de roles entre l'applicatif et le serveur web.
Arborescence du projet :
<!-- .slide: data-state="small-code" -->
```none
ansible
├── playbook.yaml
├── inventories
   └── formation
   ├── group_vars
     └── wordpress.yaml <--- vars mariadb, wordpress
   └── hosts
└── roles
├── apache
   ├── handlers
     └── main.yaml
   └── tasks
   └── main.yaml
├── mariadb
   ├── defaults
     └── main.yaml <--- vars par défaut mariadb
   └── tasks
   ├── add-database.yaml
   ├── install.yaml
   └── main.yaml
└── wordpress
├── meta
| └── main.yaml <--- dépendances de wordpress
└── tasks
├── configure.yaml
├── install.yaml
└── main.yaml
```
`inventories/formation/hosts`
```ini
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
[wordpress]
ansible-1
ansible-2
[all:vars]
ansible_become=yes
ansible_become_pass=ansible
```
`inventories/formation/group_vars/wordpress.yaml`
```yaml
DB_NAME: wordpress
DB_USER: wordpressuser
DB_PASSWORD: "12345"
DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}"
```
`playbook.yaml`
```yaml
- hosts: ansible-2
roles:
- role: mariadb
- hosts: ansible-1
roles:
- role: apache
- role: wordpress
```
### Role Mariadb
```none
roles
└── mariadb
   ├── defaults
     └── main.yaml
   └── tasks
   ├── add-database.yaml
   ├── install.yaml
   └── main.yaml
```
<!-- .slide: data-state="medium-code" -->
`roles/mariadb/tasks/install.yaml`
```yaml
- name: Installation of mariadb-server package
yum:
name: mariadb-server
state: present
update_cache: yes
- name: Ensure mariadb-server is running (and enabled at boot)
service:
name: mariadb
state: started
enabled: yes
- name: Allow mariadb traffic on port 3306
firewalld:
service: mysql
permanent: true
state: enabled
immediate: yes
```
<!-- .slide: data-state="medium-code" -->
`roles/mariadb/tasks/add-database.yaml`
```yaml
- name: Installation of MySQL-python package
# package required to use ansible mysql modules
yum:
name: MySQL-python
state: present
update_cache: yes
- name: Create a new database with name '{{ DB_NAME }}'
mysql_db:
name: '{{ DB_NAME }}'
state: present
- name: Create a new user with name '{{ DB_USER }}'
with full access to '{{ DB_NAME }} from '{{ WEB_HOST }}'
mysql_user:
name: '{{ DB_USER }}'
password: '{{ DB_PASSWORD }}'
priv: '{{ DB_NAME }}.*:ALL'
host: '{{ WEB_HOST }}'
state: present
```
<!-- .slide: data-state="medium-code" -->
`roles/mariadb/tasks/main.yaml`
```yaml
- import_tasks: install.yaml
- import_tasks: add-database.yaml
```
`roles/mariadb/defaults/main.yaml`
```yaml
DB_NAME: bob
DB_USER: mydb
DB_PASSWORD: 12345678
WEB_HOST: localhost
```
Les valeurs par défaut du role.
### Role Apache
```none
roles
└── apache
   ├── handlers
     └── main.yaml
   └── tasks
   └── main.yaml
```
<!-- .slide: data-state="medium-code" -->
`roles/apache/tasks/main.yaml`
```yaml
- name: Installation of apache package
yum:
name: httpd
state: present
update_cache: yes
- name: Installation of php package
yum:
name: php
state: present
update_cache: yes
- name: Installation of php-mysql package
yum:
name: php-mysql
state: present
update_cache: yes
- name: Installation of wget package
yum:
name: wget
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
```
### Role Wordpress
```none
roles
└── wordpress
└── tasks
├── configure.yaml
├── install.yaml
└── main.yaml
```
<!-- .slide: data-state="medium-code" -->
`roles/wordpress/tasks/install.yaml`
```yaml
- name: Download wordpress archive
get_url:
url: https://wordpress.org/latest.tar.gz
dest: /var/www/html/wordpress.tar.gz
mode: 0440
- name: Untar wordpress archive
unarchive:
src: /var/www/html/wordpress.tar.gz
dest: /var/www/html
remote_src: true
- name: Remove wordpress archive
file:
path: /var/www/html/wordpress.tar.gz
state: absent
```
<!-- .slide: data-state="medium-code" -->
`roles/wordpress/tasks/configure.yaml`
```yaml
- name: Create wordpress configuration file
copy:
src: /var/www/html/wordpress/wp-config-sample.php
dest: /var/www/html/wordpress/wp-config.php
remote_src: true
- name: Update wordpress configuration file with db name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'database_name_here'
replace: '{{ DB_NAME }}'
- name: Update wordpress configuration file with user name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'username_here'
replace: '{{ DB_USER }}'
- name: Update wordpress configuration file with user password
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'password_here'
replace: '{{ DB_PASSWORD }}'
- name: Update wordpress configuration file with host
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'localhost'
replace: '{{ DB_HOST }}'
```
<!-- .slide: data-state="medium-code" -->
`roles/wordpress/tasks/main.yaml`
```yaml
- import_tasks: install.yaml
- import_tasks: configure.yaml
```
<!-- .slide: data-state="medium-code" -->
* Générer un mot de passe aléatoirement pour l'accès à la base de données.
* Exemple :
```yaml
tasks:
- name: Generate random password
set_fact:
password: "{{ lookup('password', 'password.txt') }}"
- debug:
msg: "Randomly generated password is : {{ password }}"
```
`apache-wordpress-mariadb-roles-password.yaml`
<!-- .slide: data-state="medium-code" -->
```yaml
- hosts: centos7
tasks:
- name: Generate random password for DB access
set_fact:
DB_PASSWORD: "{{ lookup('password', 'passwords.txt') }}"
- hosts: ansible-2
roles:
- role: mariadb-install
- role: mariadb-configure
- hosts: ansible-1
roles:
- role: apache-install
- role: wordpress-install
- role: wordpress-configure
```
```none
$ ls -l passwords.txt
-rw------- 1 ansible ansible 21 oct. 29 16:48 passwords.txt
```
```none
$ cat passwords.txt
f2OLcLega8W,GC6vDiLn
```