Resources attached to the Road To DevOps tutorial
https://blog.noobtoroot.xyz/road-to-devops/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 KiB
12 KiB
TP Ansible
Les Playbooks
Créer un Playbook et l'exécuter sur des cibles.
- Créer dans le dossier de travail un fichier playbook nommé
get-user-id.yamlavec le contenu suivant :
- hosts: all
tasks:
- name: Get user id
command: id
-
Que va faire ce playbook ?
-
Exécuter le Playbook :
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml
PLAY [all] ********************************************************************
TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]
TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]
PLAY RECAP ********************************************************************
ansible-1 : ok=2 changed=1 unreachable=0 failed=0
ansible-2 : ok=2 changed=1 unreachable=0 failed=0
ansible-3 : ok=2 changed=1 unreachable=0 failed=0
L'action est bien effectuée même si on ne voit pas le détail.
- Relancer l'éxécution du Playbook en mode verbeux.
$ ansible-playbook -v -i inventories/formation/hosts playbooks/get-user-id.yaml
PLAY [all] ********************************************************************
TASK [Gathering Facts] ********************************************************
ok: [ansible-3]
ok: [ansible-2]
ok: [ansible-1]
TASK [Get user id] ************************************************************
changed: [ansible-3] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008768", "end": "2018-09-21 17:06:07.020080", "rc": 0, "start": "2018-09-21 17:06:07.011312", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),27(sudo)"]}
changed: [ansible-2] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.010668", "end": "2018-09-21 17:06:02.736220", "rc": 0, "start": "2018-09-21 17:06:02.725552", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}
changed: [ansible-1] => {"changed": true, "cmd": ["id"], "delta": "0:00:00.008940", "end": "2018-09-21 17:06:06.974383", "rc": 0, "start": "2018-09-21 17:06:06.965443", "stderr": "", "stderr_lines": [], "stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)", "stdout_lines": ["uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),10(wheel)"]}
PLAY RECAP ********************************************************************
ansible-1 : ok=2 changed=1 unreachable=0 failed=0
ansible-2 : ok=2 changed=1 unreachable=0 failed=0
ansible-3 : ok=2 changed=1 unreachable=0 failed=0
Pas très pratique...
-
Utiliser le paramètre
registerpour enregistrer le résultat de la commande. -
Créer une nouvelle tâche basée sur le module
debugpour afficher le résultat de la commande.
https://docs.ansible.com/ansible/latest/modules/debug_module.html
playbooks/get-user-id.yaml
- hosts: all
tasks:
- name: Get user id
command: id
register: user_id
- name: Display user id
debug:
var: user_id.stdout
$ ansible-playbook -i inventories/formation/hosts playbooks/get-user-id.yaml
...
TASK [Get user id] ************************************************************
changed: [ansible-3]
changed: [ansible-2]
changed: [ansible-1]
TASK [Display user id] ********************************************************
ok: [ansible-1] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
10(wheel)"
}
ok: [ansible-2] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
10(wheel)"
}
ok: [ansible-3] => {
"user_id.stdout": "uid=1001(ansible) gid=1001(ansible) groupes=1001(ansible),
27(sudo)"
}
PLAY RECAP ********************************************************************
ansible-1 : ok=3 changed=1 unreachable=0 failed=0
ansible-2 : ok=3 changed=1 unreachable=0 failed=0
ansible-3 : ok=3 changed=1 unreachable=0 failed=0
TP Installer Apache httpd
Installation d'un serveur web Apache httpd.
-
Créer un playbook qui exécutera les tâches suivantes sur la machine
ansible-1:-
Installe le paquet
httpdet lancer le servicehttpd, -
Configure le service
httpdpour qu'il se relance à chaque redémarrage du système, -
Créé et copie une page web statique à l'emplacement
/var/www/html/index.html, -
Configure firewalld pour autoriser le traffic
httpentrant,
-
-
Exécuter le Playbook sur la cible
ansible-1. -
Se connecter à l'application dans
le navigateur web.
- hosts: ansible-1
tasks:
- name: Installation of apache package
yum:
name: httpd
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Copying homepage
copy:
src: index.html
dest: /var/www/html/index.html
mode: 0444
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
TP Installer un Wordpress
Installation de l'outil de blog Wordpress.
-
Serveur de base de données :
ansible-2(centos 7)-
Installer le serveur Mariadb (mariadb-server)
-
Créer une base de donnée et un utilisateur (modules mysql_db, mysql_user)
-
-
Serveur web :
ansible-1(centos 8)-
Installer le serveur Apache httpd + php (httpd, php, php-mysqlnd)
-
Télécharger Wordpress 5.0.8 (https://wordpress.org/wordpress-5.0.8.tar.gz)
-
Décompresser le dossier dans /var/www/html/ avec les bon droits (module unarchive)
-
Editer la configuration de Wordpress pour qu'il accède à la bdd
-
1. Base de données
-
Installer le serveur Mariadb
-
Créer une base de donnée et un utilisateur
# Installation packages Mariadb
yum install mariadb-server
# Mise en place règles firewall
firewall-cmd --add-service=mysql --permanent
firewall-cmd --reload
# Options de démarrage de Mariadb
systemctl enable mariadb
systemctl start mariadb
# Création base et utilisateur
mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
FLUSH PRIVILEGES;
2. Apache
# Installation de Apache
yum install httpd php php-mysql wget
# Mise en place règles firewall
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
# Options de démarrage de Apache
systemctl enable httpd
systemctl start httpd
3. Wordpress
# Déploiement de wordpress :
cd /var/www/html && wget https://wordpress.org/latest.tar.gz
# Décompression de wordpress
tar -xzf /var/www/html/latest.tar.gz -C /var/www/html
rm -f /var/www/html/latest.tar.gz
# Configuration de Wordpress
cp /var/www/html/wordpress/wp-config-sample.php \
/var/www/html/wordpress/wp-config.php
vi /var/www/html/wordpress/wp-config.php
# define('DB_NAME', 'wordpress');
# define('DB_USER', 'wordpressuser');
# define('DB_PASSWORD', 'password');
# define('DB_HOST', 'localhost');
Quelques modules possibles...
- yum
- service
- command
- mysql_db
- mysql_user
- file
- get_url
- unarchive
- copy
- lineinfile
- replace
install-apache-wordpress-mariadb.yaml
- hosts: ansible-2
vars:
- DB_NAME: wordpress
- DB_USER: wordpressuser
- DB_PASSWORD: "12345"
- DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
- WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}"
tasks:
- name: Installation of mariadb-server package
yum:
name: mariadb-server
state: present
update_cache: yes
- name: Ensure mariadb-server is running (and enabled at boot)
service:
name: mariadb
state: started
enabled: yes
- name: Installation of MySQL-python package
# package required to use ansible mysql modules
yum:
name: MySQL-python
state: present
update_cache: yes
- name: Create a new database with name '{{ DB_NAME }}'
mysql_db:
name: '{{ DB_NAME }}'
state: present
- name: Create a new database user with name '{{ DB_USER }}'
mysql_user:
name: '{{ DB_USER }}'
password: '{{ DB_PASSWORD }}'
priv: '{{ DB_NAME }}.*:ALL'
host: '{{ WEB_HOST }}'
state: present
- name: Allow mariadb traffic on port 3306
firewalld:
service: mysql
permanent: true
state: enabled
immediate: yes
- hosts: ansible-1
vars:
- DB_NAME: wordpress
- DB_USER: wordpressuser
- DB_PASSWORD: "12345"
- DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
tasks:
- name: Installation of apache package
dnf:
name: httpd
state: present
update_cache: yes
- name: Installation of php package
dnf:
name: php
state: present
update_cache: yes
- name: Installation of php-mysqlnd package
dnf:
name: php-mysqlnd
state: present
update_cache: yes
notify: Reload Apache
- name: Installation of wget package
dnf:
name: wget
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Download worpress archive
get_url:
url: https://wordpress.org/wordpress-5.0.8.tar.gz
dest: /var/www/html/wordpress.tar.gz
mode: 0440
- name: Untar worpress archive
unarchive:
src: /var/www/html/wordpress.tar.gz
dest: /var/www/html
remote_src: true
- name: Remove wordpress archive
file:
path: /var/www/html/wordpress.tar.gz
state: absent
- name: Create wordpress configuration file
copy:
src: /var/www/html/wordpress/wp-config-sample.php
dest: /var/www/html/wordpress/wp-config.php
remote_src: true
- name: Update wordpress configuration file with db name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'database_name_here'
replace: '{{ DB_NAME }}'
- name: Update wordpress configuration file with user name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'username_here'
replace: '{{ DB_USER }}'
- name: Update wordpress configuration file with user password
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'password_here'
replace: '{{ DB_PASSWORD }}'
- name: Update wordpress configuration file with host
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'localhost'
replace: '{{ DB_HOST }}'
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
handlers:
- name: Reload Apache
service:
name: httpd
state: restarted