<!-- .slide: data-state="nologo-slide" style="text-align: center" -->
![Logo Ansible](images/logo-ansible.svg)
# Commandes Ad-Hoc

Exécuter des actions simples  
sur un ensemble de machines.


## Les commandes Ad-Hoc ?

* Commandes permettant l'exécution simple, rapide et ponctuelle de commandes unitaires.

* Elles peuvent cibler

    - une seule machine,

    - un groupe de machines spécifique,

    - l'ensemble des machines présentes dans l'inventaire.

* Elles se reposent sur les Modules Ansible.


## Les Modules Ansible

* Unités de traitement réutilisables.

* Permettent la réalisation d’une tâche précise.

* Écrits en Python.

* Code éprouvé.

* Nombreux modules disponibles.

* Possibilité d'écrire ses propres modules.


## Des centaines de modules disponibles !

<small>
Cloud Modules • Clustering Modules • Commands Modules • Crypto Modules •
Database Modules • Files Modules • Identity Modules • Inventory Modules •
Messaging Modules • Monitoring Modules • Network Modules • Notification
Modules • Packaging Modules • Source Control Modules • Storage Modules •
System Modules • Utilities Modules • Web Infrastructure Modules • Windows
Modules • ...

</small>

<small>https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html</small>
<small>https://docs.ansible.com/ansible/latest/collections/index.html</small>


## Utilisation de modules

`$ ansible <pattern> -m <module> [-a <params>]`

* `<pattern>` peut représenter :

    - une machine

    - toutes les machines (alias `all`)

    - un groupe

    - une expression

<!-- .slide: data-state="small-code" -->
```none
$ ansible formation:\!web -m command -a "uname -r"
bdd.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64

lb.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64
```


## Module Command

* À utiliser :

    * pour des commandes simples
    * Pour recueillir des informations

* Exemples :

    * Éteindre/redémarrer des serveurs
    * Copier des fichiers
    * Créer des users/groups
    * Installer des packages


### Exemple
<!-- .slide: data-state="medium-code" -->
Création rapide d'un utilisateur  
sur un ensemble de machines
```none
$ ansible -m command -a "sudo useradd donald" 'formation'
10.6.214.70 | SUCCESS | rc=0 >>
10.6.214.73 | SUCCESS | rc=0 >>
10.6.214.74 | SUCCESS | rc=0 >>
10.6.214.72 | SUCCESS | rc=0 >>

$ ansible -m command -a "useradd donald" 'formation' --become
```

`--become` permet de passer changer d'utilisateur  
pour jouer la commande.


### Exemple
<!-- .slide: data-state="medium-code" -->
Affichage des utilisateurs créés
```none
$ ansible -m command -a "grep donald /etc/passwd" 'formation'
10.6.214.74 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.70 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.72 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.73 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash
```


## Documentation des modules

* Recherche "ansible module nom-module" (Google)

* `$ ansible-doc <nom-module>` (CLI)


<!-- .slide: data-state="nologo-slide" style="text-align: center" -->
## Travaux pratiques

![Travaux pratiques](images/tp.gif)

<small>[TP Ansible : commandes ad-hoc bases](travaux-pratiques/tp-ansible-les-commandes-ad-hoc.html)</small>


## Modules de commandes

<!-- .slide: data-state="small-table" -->
Module (2.9)  | Module (2.10)               | Description
-             | -                           | -
`command`     | `ansible.builtin.command`   | Executes a command on a remote node
`expect`      | `ansible.builtin.expect`    | Executes a command and responds to prompts.
`psexec`      | `community.windows.psexec`  | Runs commands on a remote Windows host based on the PsExec model
`raw`         | `ansible.builtin.raw`       | Executes a low-down and dirty SSH command
`script`      | `ansible.builtin.script`    | Runs a local script on a remote node after transferring it
`shell`       | `ansible.builtin.shell`     | Execute commands in nodes.
`telnet`      | `ansible.netcommon.telnet`  | Executes a low-down and dirty telnet command

<small>https://docs.ansible.com/ansible/2.9/modules/list_of_commands_modules.html</small>


## Modules de gestion de fichiers
<!-- .slide: data-state="small-table" -->
Module (2.9)   | Module (2.10)                  | Description
-              | -                              | -
`blockinfile`  | `ansible.builtin.blockinfile`  | Insert/update/remove a text block surrounded by marker lines
`copy`         | `ansible.builtin.copy`         | Copies files to remote locations
`fetch`        | `ansible.builtin.fetch`        | Fetches a file from remote nodes
`file`         | `ansible.builtin.file`         | Sets attributes of files
`lineinfile`   | `ansible.builtin.lineinfile`   | Manage lines in text files
`replace`      | `ansible.builtin.replace`      | Replace all instances of a particular string in a file using a back-referenced regular expression.
`stat`         | `ansible.builtin.stat`         | Retrieve file or file system status
`template`     | `ansible.builtin.template`     | Templates a file out to a remote server
...  | ...  | ... 

<small>https://docs.ansible.com/ansible/2.9/modules/list_of_files_modules.html</small>


### Exemple

Modifier les attributs d'un fichier sur les machines  
du groupe formation

<!-- .slide: data-state="small-code" -->
```none
$ ansible -m file -a "dest=/etc/foo mode=0660 owner=root group=root" \
    formation

10.6.214.72 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0660",
    "owner": "root",
    "path": "/etc/foo",
    "secontext": "system_u:object_r:net_conf_t:s0",
    "size": 158,
    "state": "file",
    "uid": 0
...
}
```


## Modules de gestion de paquets

<small>https://docs.ansible.com/ansible/2.9/modules/list_of_packaging_modules.html</small>


### Paquets Debian / Ubuntu
<!-- .slide: data-state="small-table" -->
Module (2.9)       | Module (2.10)                      | Description
-                  | -                                  | -
`apt`              | `ansible.builtin.apt`              | Manages apt-packages
`apt_key`          | `ansible.builtin.apt_key`          | Add or remove an apt key
`apt_repository`   | `ansible.builtin.apt_repository`   | Add and remove APT repositories
`dpkg_selections`  | `ansible.builtin.dpkg_selections`  | Dpkg package selection selections
`package`          | `ansible.builtin.package`          | Generic OS package manager
`package_facts`    | `ansible.builtin.package_facts`    | Package information as facts


<!-- .slide: data-state="small-table" -->
### Paquets RedHat / CentOS / Fedora
Module (2.9)           | Module (2.10)                            | Description
-                      | -                                        | -
`dnf`                  | `ansible.builtin.dnf`                    | Manages packages with the dnf package manager
`yum`                  | `ansible.builtin.yum`                    | Manages packages with the yum package manager
`yum_repository`       | `ansible.builtin.yum_repository`         |Add or remove YUM repositories
`redhat_subscription`  | `community.general.redhat_subscription`  | Manage registration and subscriptions to RHSM using subscription-manager
`rhn_channel`          | `community.general.rhn_channel`          | Adds or removes Red Hat software channels
`rhn_register`         | `community.general.rhn_register`         | Manage RHN registration using rhnreg_ks
`rhsm_repository`      | `community.general.rhsm_repository`      | Manage RHSM repositories using subscription-manager
`rpm_key`              | `ansible.builtin.rpm_key`                | Adds or removes a gpg key from the rpm db
`package`              | `ansible.builtin.package`                | Generic OS package manager
`package_facts`        | `ansible.builtin.package_facts`          | Package information as facts


<!-- .slide: data-state="small-table" -->
### Paquets Suse / OpenSuse
Module (2.9)          | Module (2.10)                       | Description
-                    | -                                    | -
`zypper`             | `community.general.zypper`           | Manage packages on SUSE and openSUSE
`zypper_repository`  |`community.general.zypper_repository` | Add and remove Zypper repositories
`package`            | `ansible.builtin.package`            | Generic OS package manager
`package_facts`      | `ansible.builtin.package_facts`      | Package information as facts


<!-- .slide: data-state="small-table" -->
### Paquets relatifs à des langages de programmation
Module (2.9)  | Module (2.10)              | Description
-             | -                          | -
`cpanm`       | `community.general.cpanm`  | Manages Perl library dependencies.
`gem`         | `community.general.gem`    | Manage Ruby gems
`npm`         | `community.general.npm`    | Manage node.js packages with npm
`pip`         |`ansible.builtin.pip`       | Manages Python library dependencies
...  | ...  | ... 


### Exemple
Vérification de la présence d'un paquet
<!-- .slide: data-state="small-code" -->
```none
$ ansible -m yum -a "name=vim state=present" 'formation'
10.6.214.70 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "results": [
        ...
          Installing :
          2:vim-filesystem-7.4.160-1.el7_3.1.x86_64
          2:vim-common-7.4.160-1.el7_3.1.x86_64
          gpm-libs-1.20.7-5.el7.x86_64
          2:vim-enhanced-7.4.160-1.el7_3.1.x86_64

          Installed:
          vim-enhanced.x86_64 2:7.4.160-1.el7_3.1
          Dependency Installed:
          gpm-libs.x86_64 0:1.20.7-5.el7
          vim-common.x86_64 2:7.4.160-1.el7_3.1
          vim-filesystem.x86_64 2:7.4.160-1.el7_3.1

          Complete!"
    ]
}
```


## Modules de gestion de code
* git
* subversion
* hg

Ces modules permettent de cloner des dépôts de code.

<small>https://docs.ansible.com/ansible/2.9/modules/list_of_source_control_modules.html</small>


## Modules de gestion du système

<small>https://docs.ansible.com/ansible/2.9/modules/list_of_system_modules.html</small>


<!-- .slide: data-state="small-table" -->
### Utilisateurs et groupes
Module (2.9)  | Module (2.10)            | Description
-             | -                        | -
`user`        | `ansible.builtin.user`   | Manage user accounts
`group`       | `ansible.builtin.group`  | Add or remove groups


<!-- .slide: data-state="small-table" -->
### Stockage
Module (2.9)  | Module (2.10)                   | Description
-             | -                               | -
`parted`      | `community.general.parted`      | Configure block device partitions
`lvg`         | `community.general.lvg`         | Configure LVM volume groups
`lvol`        | `community.general.lvol`        | Configure LVM logical volumes
`filesystem`  | `community.general.filesystem`  | Makes a filesystem


<!-- .slide: data-state="small-table" -->
### Services
Module (2.9)    | Module (2.10)                    | Description
-               | -                                | -
`service`       | `ansible.builtin.service`        | Manage services
`service_facts` | `ansible.builtin.service_facts`  | Return service state information as fact data
`systemd`       | `ansible.builtin.systemd`        | Manage services
`sysvinit`      | `ansible.builtin.sysvinit`       | Manage SysV services


<!-- .slide: data-state="small-table" -->
### Réseau
Module (2.9)  | Module (2.10)               | Description
-             | -                           | -
`ping`        | `ansible.builtin.ping`      | Try to connect to host, verify a usable python and return pong on success
`hostname`    | `ansible.builtin.hostname`  | Manage hostname
`firewalld`   | `ansible.posix.firewalld`   | Manage arbitrary ports/services with firewalld
`iptables`    | `ansible.builtin.iptables`  | Modify the systems iptables


<!-- .slide: data-state="small-table" -->
### Configuration SSH
Module (2.9)     | Module (2.10)                   | Description
-                | -                               | -
`authorized_key` | `ansible.posix.authorized_key`  | Adds or removes an SSH authorized key
`known_hosts`    | `ansible.builtin.known_hosts`   | Add or remove a host from the known_hosts file


### Divers
<!-- .slide: data-state="small-table" -->
Module (2.9)  | Module (2.10)                 | Description
-             | -                             | -
`cron`        | `ansible.builtin.cron`        | Manage cron.d and crontab entries
`reboot`      | `ansible.builtin.reboot`      | Reboot a machine
`setup`       | `ansible.builtin.setup`       | Gathers facts about remote hosts
`timezone`    | `community.general.timezone`  | Configure timezone setting


### Exemple
<!-- .slide: data-state="small-code" -->
Récupération des _facts_ de machines distantes
```none
$ ansible -m setup 'formation'
10.6.214.70 | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "10.6.214.70"
        ],
        "ansible_all_ipv6_addresses": [
            "fe80::250:56ff:fe9d:1ae5"
        ],
        "ansible_architecture": "x86_64",
        "ansible_bios_date": "09/17/2015",
        "ansible_bios_version": "6.00",
        "ansible_cmdline": {
            "BOOT_IMAGE": "/vmlinuz-3.10.0-327.28.3.el7.x86_64",
            "LANG": "fr_FR.UTF-8",
            "crashkernel": "auto",
            "quiet": true,
            "rd.lvm.lv": "rootvg/slashlv",
            "rhgb": true,
```