# TP Ansible

## Les Playbooks

Créer un Playbook et l'exécuter sur des cibles.


* Créer dans le dossier de travail un fichier playbook nommé `get-user-id.yaml` avec le contenu suivant :

```yaml
- hosts: all
  tasks:
  - name: Get user id
    command: id
```

* Que va faire ce playbook ?


* Exécuter le Playbook :

<!-- .slide: data-state="small-code" -->
```nohighlight
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml

PLAY [all] ********************************************************************

TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]

TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]

PLAY RECAP ********************************************************************
ansible-1          : ok=2    changed=1    unreachable=0    failed=0   
ansible-2          : ok=2    changed=1    unreachable=0    failed=0   
ansible-3          : ok=2    changed=1    unreachable=0    failed=0   
```

L'action est bien effectuée même si on ne voit pas le détail.


* Relancer l'éxécution du Playbook en mode verbeux.

<!-- .slide: data-state="small-code" -->
```nohighlight
$ ansible-playbook -v -i inventories/formation/hosts playbooks/get-user-id.yaml

PLAY [all] ********************************************************************

TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]

TASK [Get user id] ************************************************************
changed: [ansible-3] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008768", "end": "2018-09-21 17:06:07.020080", "rc": 0, "start": "2018-09-21 17:06:07.011312", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)"]}
changed: [ansible-2] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.010668", "end": "2018-09-21 17:06:02.736220", "rc": 0, "start": "2018-09-21 17:06:02.725552", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}
changed: [ansible-1] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008940", "end": "2018-09-21 17:06:06.974383", "rc": 0, "start": "2018-09-21 17:06:06.965443", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}

PLAY RECAP ********************************************************************
ansible-1          : ok=2    changed=1    unreachable=0    failed=0   
ansible-2          : ok=2    changed=1    unreachable=0    failed=0   
ansible-3          : ok=2    changed=1    unreachable=0    failed=0   
```

Pas très pratique...


* Utiliser le paramètre `register` pour enregistrer le résultat de la commande.

* Créer une nouvelle tâche basée sur le module `debug` pour afficher le résultat de la commande.

https://docs.ansible.com/ansible/latest/modules/debug_module.html


`playbooks/get-user-id.yaml`
```yaml
- hosts: all
  tasks:

  - name: Get user id
    command: id
    register: user_id

  - name: Display user id
    debug:
      var: user_id.stdout
```


<!-- .slide: data-state="small-code" -->
```nohighlight
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml
...

TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]

TASK [Display user id] ********************************************************
ok: [ansible-1] => {
    "user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
    10(wheel)"
}
ok: [ansible-2] => {
    "user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
    10(wheel)"
}
ok: [ansible-3] => {
    "user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
    27(sudo)"
}

PLAY RECAP ********************************************************************
ansible-1          : ok=3    changed=1    unreachable=0    failed=0   
ansible-2          : ok=3    changed=1    unreachable=0    failed=0   
ansible-3          : ok=3    changed=1    unreachable=0    failed=0   
```



## TP Installer Apache httpd

Installation d'un serveur web Apache httpd.


* Créer un playbook qui exécutera les tâches suivantes sur la machine `ansible-1` :

    - Installe le paquet `httpd` et lancer le service `httpd`,

    - Configure le service `httpd` pour qu'il se relance à chaque redémarrage du système,

    - Créé et copie une page web statique à l'emplacement `/var/www/html/index.html`,

    - Configure firewalld pour autoriser le traffic `http` entrant,


* Exécuter le Playbook sur la cible  
`ansible-1`.

* Se connecter à l'application dans  
le navigateur web.


```yaml
- hosts: ansible-1

  tasks:
   - name: Installation of apache package
     yum:
       name: httpd
       state: present
       update_cache: yes

   - name: Ensure apache is running (and enabled at boot)
     service:
       name: httpd
       state: started
       enabled: yes

   - name: Copying homepage
     copy:
       src: index.html
       dest: /var/www/html/index.html
       mode: 0444

   - name: Allow http traffic on port 80
     firewalld:
       service: http
       permanent: true
       state: enabled
       immediate: yes
```



## TP Installer un Wordpress

Installation de l'outil de blog Wordpress.


* Serveur de base de données : `ansible-2` (centos 7)

    * Installer le serveur Mariadb <small>(mariadb-server)</small>

    * Créer une base de donnée et un utilisateur <small>(modules mysql_db, mysql_user)</small>
---
* Serveur web : `ansible-1` (centos 8)

    * Installer le serveur Apache httpd + php <small>(httpd, php, php-mysqlnd)</small>

    * Télécharger Wordpress _5.0.8_ <small>(https://wordpress.org/wordpress-5.0.8.tar.gz)</small>

    * Décompresser le dossier dans _/var/www/html/_ avec les bon droits <small>(module unarchive)</small>

    * Editer la configuration de Wordpress pour qu'il accède à la bdd


### 1. Base de données

* Installer le serveur Mariadb

* Créer une base de donnée et un utilisateur

<!-- .slide: data-state="medium-code" -->
```bash
# Installation packages Mariadb
yum install mariadb-server

# Mise en place règles firewall
firewall-cmd --add-service=mysql --permanent
firewall-cmd --reload

# Options de démarrage de Mariadb
systemctl enable mariadb
systemctl start mariadb

# Création base et utilisateur
mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
FLUSH PRIVILEGES;
```


### 2. Apache

<!-- .slide: data-state="medium-code" -->
```bash
# Installation de Apache
yum install httpd php php-mysql wget

# Mise en place règles firewall
firewall-cmd --add-service=http --permanent
firewall-cmd --reload

# Options de démarrage de Apache
systemctl enable httpd
systemctl start httpd
```


### 3. Wordpress

<!-- .slide: data-state="medium-code" -->
```bash
# Déploiement de wordpress :
cd /var/www/html && wget  https://wordpress.org/latest.tar.gz

# Décompression de wordpress
tar -xzf /var/www/html/latest.tar.gz -C /var/www/html
rm -f /var/www/html/latest.tar.gz

# Configuration de Wordpress
cp /var/www/html/wordpress/wp-config-sample.php \
   /var/www/html/wordpress/wp-config.php
vi /var/www/html/wordpress/wp-config.php
    # define('DB_NAME', 'wordpress');
    # define('DB_USER', 'wordpressuser');
    # define('DB_PASSWORD', 'password');
    # define('DB_HOST', 'localhost');
```


Quelques modules possibles...

* yum
* service
* command
* mysql_db
* mysql_user
* file
* get_url
* unarchive
* copy
* lineinfile
* replace


<!-- .slide: data-state="medium-code" -->
`install-apache-wordpress-mariadb.yaml`
```yaml
- hosts: ansible-2
  vars:
   - DB_NAME: wordpress
   - DB_USER: wordpressuser
   - DB_PASSWORD: "12345"
   - DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
   - WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}"
  tasks:
   - name: Installation of mariadb-server package
     yum:
       name: mariadb-server
       state: present
       update_cache: yes

   - name: Ensure mariadb-server is running (and enabled at boot)
     service:
       name: mariadb
       state: started
       enabled: yes

   - name: Installation of MySQL-python package
     # package required to use ansible mysql modules
     yum:
       name: MySQL-python
       state: present
       update_cache: yes

   - name: Create a new database with name '{{ DB_NAME }}'
     mysql_db:
       name: '{{ DB_NAME }}'
       state: present

   - name: Create a new database user with name '{{ DB_USER }}'
     mysql_user:
       name: '{{ DB_USER }}'
       password: '{{ DB_PASSWORD }}'
       priv: '{{ DB_NAME }}.*:ALL'
       host: '{{ WEB_HOST }}'
       state: present

   - name: Allow mariadb traffic on port 3306
     firewalld:
       service: mysql
       permanent: true
       state: enabled
       immediate: yes

- hosts: ansible-1
  vars:
   - DB_NAME: wordpress
   - DB_USER: wordpressuser
   - DB_PASSWORD: "12345"
   - DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
  tasks:
   - name: Installation of apache package
     dnf:
       name: httpd
       state: present
       update_cache: yes

   - name: Installation of php package
     dnf:
       name: php
       state: present
       update_cache: yes

   - name: Installation of php-mysqlnd package
     dnf:
       name: php-mysqlnd
       state: present
       update_cache: yes
     notify: Reload Apache

   - name: Installation of wget package
     dnf:
       name: wget
       state: present
       update_cache: yes

   - name: Ensure apache is running (and enabled at boot)
     service:
       name: httpd
       state: started
       enabled: yes

   - name: Download worpress archive
     get_url:
       url: https://wordpress.org/wordpress-5.0.8.tar.gz
       dest: /var/www/html/wordpress.tar.gz
       mode: 0440

   - name: Untar worpress archive
     unarchive:
       src: /var/www/html/wordpress.tar.gz
       dest: /var/www/html
       remote_src: true

   - name: Remove wordpress archive
     file:
       path: /var/www/html/wordpress.tar.gz
       state: absent

   - name: Create wordpress configuration file
     copy:
       src: /var/www/html/wordpress/wp-config-sample.php
       dest: /var/www/html/wordpress/wp-config.php
       remote_src: true

   - name: Update wordpress configuration file with db name
     replace:
       dest: /var/www/html/wordpress/wp-config.php
       regexp: 'database_name_here'
       replace: '{{ DB_NAME }}'

   - name: Update wordpress configuration file with user name
     replace:
       dest: /var/www/html/wordpress/wp-config.php
       regexp: 'username_here'
       replace: '{{ DB_USER }}'

   - name: Update wordpress configuration file with user password
     replace:
       dest: /var/www/html/wordpress/wp-config.php
       regexp: 'password_here'
       replace: '{{ DB_PASSWORD }}'

   - name: Update wordpress configuration file with host
     replace:
       dest: /var/www/html/wordpress/wp-config.php
       regexp: 'localhost'
       replace: '{{ DB_HOST }}'

   - name: Allow http traffic on port 80
     firewalld:
       service: http
       permanent: true
       state: enabled
       immediate: yes

  handlers:
   - name: Reload Apache
     service:
       name: httpd
       state: restarted
```