# TP Ansible
## Les Playbooks
Créer un Playbook et l'exécuter sur des cibles.
* Créer dans le dossier de travail un fichier playbook nommé `get-user-id.yaml` avec le contenu suivant :
```yaml
- hosts: all
tasks:
- name: Get user id
command: id
```
* Que va faire ce playbook ?
* Exécuter le Playbook :
```nohighlight
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml
PLAY [all] ********************************************************************
TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]
TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]
PLAY RECAP ********************************************************************
ansible-1 : ok=2 changed=1 unreachable=0 failed=0
ansible-2 : ok=2 changed=1 unreachable=0 failed=0
ansible-3 : ok=2 changed=1 unreachable=0 failed=0
```
L'action est bien effectuée même si on ne voit pas le détail.
* Relancer l'éxécution du Playbook en mode verbeux.
```nohighlight
$ ansible-playbook -v -i inventories/formation/hosts playbooks/get-user-id.yaml
PLAY [all] ********************************************************************
TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]
TASK [Get user id] ************************************************************
changed: [ansible-3] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008768", "end": "2018-09-21 17:06:07.020080", "rc": 0, "start": "2018-09-21 17:06:07.011312", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)"]}
changed: [ansible-2] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.010668", "end": "2018-09-21 17:06:02.736220", "rc": 0, "start": "2018-09-21 17:06:02.725552", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}
changed: [ansible-1] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008940", "end": "2018-09-21 17:06:06.974383", "rc": 0, "start": "2018-09-21 17:06:06.965443", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}
PLAY RECAP ********************************************************************
ansible-1 : ok=2 changed=1 unreachable=0 failed=0
ansible-2 : ok=2 changed=1 unreachable=0 failed=0
ansible-3 : ok=2 changed=1 unreachable=0 failed=0
```
Pas très pratique...
* Utiliser le paramètre `register` pour enregistrer le résultat de la commande.
* Créer une nouvelle tâche basée sur le module `debug` pour afficher le résultat de la commande.
https://docs.ansible.com/ansible/latest/modules/debug_module.html
`playbooks/get-user-id.yaml`
```yaml
- hosts: all
tasks:
- name: Get user id
command: id
register: user_id
- name: Display user id
debug:
var: user_id.stdout
```
```nohighlight
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml
...
TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]
TASK [Display user id] ********************************************************
ok: [ansible-1] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
10(wheel)"
}
ok: [ansible-2] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
10(wheel)"
}
ok: [ansible-3] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
27(sudo)"
}
PLAY RECAP ********************************************************************
ansible-1 : ok=3 changed=1 unreachable=0 failed=0
ansible-2 : ok=3 changed=1 unreachable=0 failed=0
ansible-3 : ok=3 changed=1 unreachable=0 failed=0
```
## TP Installer Apache httpd
Installation d'un serveur web Apache httpd.
* Créer un playbook qui exécutera les tâches suivantes sur la machine `ansible-1` :
- Installe le paquet `httpd` et lancer le service `httpd`,
- Configure le service `httpd` pour qu'il se relance à chaque redémarrage du système,
- Créé et copie une page web statique à l'emplacement `/var/www/html/index.html`,
- Configure firewalld pour autoriser le traffic `http` entrant,
* Exécuter le Playbook sur la cible
`ansible-1`.
* Se connecter à l'application dans
le navigateur web.
```yaml
- hosts: ansible-1
tasks:
- name: Installation of apache package
yum:
name: httpd
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Copying homepage
copy:
src: index.html
dest: /var/www/html/index.html
mode: 0444
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
```
## TP Installer un Wordpress
Installation de l'outil de blog Wordpress.
* Serveur de base de données : `ansible-2` (centos 7)
* Installer le serveur Mariadb (mariadb-server)
* Créer une base de donnée et un utilisateur (modules mysql_db, mysql_user)
---
* Serveur web : `ansible-1` (centos 8)
* Installer le serveur Apache httpd + php (httpd, php, php-mysqlnd)
* Télécharger Wordpress _5.0.8_ (https://wordpress.org/wordpress-5.0.8.tar.gz)
* Décompresser le dossier dans _/var/www/html/_ avec les bon droits (module unarchive)
* Editer la configuration de Wordpress pour qu'il accède à la bdd
### 1. Base de données
* Installer le serveur Mariadb
* Créer une base de donnée et un utilisateur
```bash
# Installation packages Mariadb
yum install mariadb-server
# Mise en place règles firewall
firewall-cmd --add-service=mysql --permanent
firewall-cmd --reload
# Options de démarrage de Mariadb
systemctl enable mariadb
systemctl start mariadb
# Création base et utilisateur
mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
FLUSH PRIVILEGES;
```
### 2. Apache
```bash
# Installation de Apache
yum install httpd php php-mysql wget
# Mise en place règles firewall
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
# Options de démarrage de Apache
systemctl enable httpd
systemctl start httpd
```
### 3. Wordpress
```bash
# Déploiement de wordpress :
cd /var/www/html && wget https://wordpress.org/latest.tar.gz
# Décompression de wordpress
tar -xzf /var/www/html/latest.tar.gz -C /var/www/html
rm -f /var/www/html/latest.tar.gz
# Configuration de Wordpress
cp /var/www/html/wordpress/wp-config-sample.php \
/var/www/html/wordpress/wp-config.php
vi /var/www/html/wordpress/wp-config.php
# define('DB_NAME', 'wordpress');
# define('DB_USER', 'wordpressuser');
# define('DB_PASSWORD', 'password');
# define('DB_HOST', 'localhost');
```
Quelques modules possibles...
* yum
* service
* command
* mysql_db
* mysql_user
* file
* get_url
* unarchive
* copy
* lineinfile
* replace
`install-apache-wordpress-mariadb.yaml`
```yaml
- hosts: ansible-2
vars:
- DB_NAME: wordpress
- DB_USER: wordpressuser
- DB_PASSWORD: "12345"
- DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
- WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}"
tasks:
- name: Installation of mariadb-server package
yum:
name: mariadb-server
state: present
update_cache: yes
- name: Ensure mariadb-server is running (and enabled at boot)
service:
name: mariadb
state: started
enabled: yes
- name: Installation of MySQL-python package
# package required to use ansible mysql modules
yum:
name: MySQL-python
state: present
update_cache: yes
- name: Create a new database with name '{{ DB_NAME }}'
mysql_db:
name: '{{ DB_NAME }}'
state: present
- name: Create a new database user with name '{{ DB_USER }}'
mysql_user:
name: '{{ DB_USER }}'
password: '{{ DB_PASSWORD }}'
priv: '{{ DB_NAME }}.*:ALL'
host: '{{ WEB_HOST }}'
state: present
- name: Allow mariadb traffic on port 3306
firewalld:
service: mysql
permanent: true
state: enabled
immediate: yes
- hosts: ansible-1
vars:
- DB_NAME: wordpress
- DB_USER: wordpressuser
- DB_PASSWORD: "12345"
- DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
tasks:
- name: Installation of apache package
dnf:
name: httpd
state: present
update_cache: yes
- name: Installation of php package
dnf:
name: php
state: present
update_cache: yes
- name: Installation of php-mysqlnd package
dnf:
name: php-mysqlnd
state: present
update_cache: yes
notify: Reload Apache
- name: Installation of wget package
dnf:
name: wget
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Download worpress archive
get_url:
url: https://wordpress.org/wordpress-5.0.8.tar.gz
dest: /var/www/html/wordpress.tar.gz
mode: 0440
- name: Untar worpress archive
unarchive:
src: /var/www/html/wordpress.tar.gz
dest: /var/www/html
remote_src: true
- name: Remove wordpress archive
file:
path: /var/www/html/wordpress.tar.gz
state: absent
- name: Create wordpress configuration file
copy:
src: /var/www/html/wordpress/wp-config-sample.php
dest: /var/www/html/wordpress/wp-config.php
remote_src: true
- name: Update wordpress configuration file with db name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'database_name_here'
replace: '{{ DB_NAME }}'
- name: Update wordpress configuration file with user name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'username_here'
replace: '{{ DB_USER }}'
- name: Update wordpress configuration file with user password
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'password_here'
replace: '{{ DB_PASSWORD }}'
- name: Update wordpress configuration file with host
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'localhost'
replace: '{{ DB_HOST }}'
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
handlers:
- name: Reload Apache
service:
name: httpd
state: restarted
```