## TP Roles * Reprendre le TP Wordpress et le découper en Roles. * Exemple de rôles pouvant être définis : mariadb, db, httpd, apache, wordpress... * Gérer les variables par défaut. * Gérer les variables liées à l'environnement. * Gérer la dépendances de roles entre l'applicatif et le serveur web. Arborescence du projet : ```none ansible ├── playbook.yaml ├── inventories │ └── formation │ ├── group_vars │ │ └── wordpress.yaml <--- vars mariadb, wordpress │ └── hosts └── roles ├── apache │ ├── handlers │ │ └── main.yaml │ └── tasks │ └── main.yaml ├── mariadb │ ├── defaults │ │ └── main.yaml <--- vars par défaut mariadb │ └── tasks │ ├── add-database.yaml │ ├── install.yaml │ └── main.yaml └── wordpress ├── meta | └── main.yaml <--- dépendances de wordpress └── tasks ├── configure.yaml ├── install.yaml └── main.yaml ``` `inventories/formation/hosts` ```ini ansible-1 ansible_host=192.168.56.102 ansible-2 ansible_host=192.168.56.103 [wordpress] ansible-1 ansible-2 [all:vars] ansible_become=yes ansible_become_pass=ansible ``` `inventories/formation/group_vars/wordpress.yaml` ```yaml DB_NAME: wordpress DB_USER: wordpressuser DB_PASSWORD: "12345" DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}" WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}" ``` `playbook.yaml` ```yaml - hosts: ansible-2 roles: - role: mariadb - hosts: ansible-1 roles: - role: apache - role: wordpress ``` ### Role Mariadb ```none roles └── mariadb ├── defaults │ └── main.yaml └── tasks ├── add-database.yaml ├── install.yaml └── main.yaml ``` `roles/mariadb/tasks/install.yaml` ```yaml - name: Installation of mariadb-server package yum: name: mariadb-server state: present update_cache: yes - name: Ensure mariadb-server is running (and enabled at boot) service: name: mariadb state: started enabled: yes - name: Allow mariadb traffic on port 3306 firewalld: service: mysql permanent: true state: enabled immediate: yes ``` `roles/mariadb/tasks/add-database.yaml` ```yaml - name: Installation of MySQL-python package # package required to use ansible mysql modules yum: name: MySQL-python state: present update_cache: yes - name: Create a new database with name '{{ DB_NAME }}' mysql_db: name: '{{ DB_NAME }}' state: present - name: Create a new user with name '{{ DB_USER }}' with full access to '{{ DB_NAME }} from '{{ WEB_HOST }}' mysql_user: name: '{{ DB_USER }}' password: '{{ DB_PASSWORD }}' priv: '{{ DB_NAME }}.*:ALL' host: '{{ WEB_HOST }}' state: present ``` `roles/mariadb/tasks/main.yaml` ```yaml - import_tasks: install.yaml - import_tasks: add-database.yaml ``` `roles/mariadb/defaults/main.yaml` ```yaml DB_NAME: bob DB_USER: mydb DB_PASSWORD: 12345678 WEB_HOST: localhost ``` Les valeurs par défaut du role. ### Role Apache ```none roles └── apache ├── handlers │ └── main.yaml └── tasks └── main.yaml ``` `roles/apache/tasks/main.yaml` ```yaml - name: Installation of apache package yum: name: httpd state: present update_cache: yes - name: Installation of php package yum: name: php state: present update_cache: yes - name: Installation of php-mysql package yum: name: php-mysql state: present update_cache: yes - name: Installation of wget package yum: name: wget state: present update_cache: yes - name: Ensure apache is running (and enabled at boot) service: name: httpd state: started enabled: yes - name: Allow http traffic on port 80 firewalld: service: http permanent: true state: enabled immediate: yes ``` ### Role Wordpress ```none roles └── wordpress └── tasks ├── configure.yaml ├── install.yaml └── main.yaml ``` `roles/wordpress/tasks/install.yaml` ```yaml - name: Download wordpress archive get_url: url: https://wordpress.org/latest.tar.gz dest: /var/www/html/wordpress.tar.gz mode: 0440 - name: Untar wordpress archive unarchive: src: /var/www/html/wordpress.tar.gz dest: /var/www/html remote_src: true - name: Remove wordpress archive file: path: /var/www/html/wordpress.tar.gz state: absent ``` `roles/wordpress/tasks/configure.yaml` ```yaml - name: Create wordpress configuration file copy: src: /var/www/html/wordpress/wp-config-sample.php dest: /var/www/html/wordpress/wp-config.php remote_src: true - name: Update wordpress configuration file with db name replace: dest: /var/www/html/wordpress/wp-config.php regexp: 'database_name_here' replace: '{{ DB_NAME }}' - name: Update wordpress configuration file with user name replace: dest: /var/www/html/wordpress/wp-config.php regexp: 'username_here' replace: '{{ DB_USER }}' - name: Update wordpress configuration file with user password replace: dest: /var/www/html/wordpress/wp-config.php regexp: 'password_here' replace: '{{ DB_PASSWORD }}' - name: Update wordpress configuration file with host replace: dest: /var/www/html/wordpress/wp-config.php regexp: 'localhost' replace: '{{ DB_HOST }}' ``` `roles/wordpress/tasks/main.yaml` ```yaml - import_tasks: install.yaml - import_tasks: configure.yaml ``` * Générer un mot de passe aléatoirement pour l'accès à la base de données. * Exemple : ```yaml tasks: - name: Generate random password set_fact: password: "{{ lookup('password', 'password.txt') }}" - debug: msg: "Randomly generated password is : {{ password }}" ``` `apache-wordpress-mariadb-roles-password.yaml` ```yaml - hosts: centos7 tasks: - name: Generate random password for DB access set_fact: DB_PASSWORD: "{{ lookup('password', 'passwords.txt') }}" - hosts: ansible-2 roles: - role: mariadb-install - role: mariadb-configure - hosts: ansible-1 roles: - role: apache-install - role: wordpress-install - role: wordpress-configure ``` ```none $ ls -l passwords.txt -rw------- 1 ansible ansible 21 oct. 29 16:48 passwords.txt ``` ```none $ cat passwords.txt f2OLcLega8W,GC6vDiLn ```