Resources attached to the Road To DevOps tutorial https://blog.noobtoroot.xyz/road-to-devops/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

13 KiB

Logo Ansible

Commandes Ad-Hoc

Exécuter des actions simples
sur un ensemble de machines.

Les commandes Ad-Hoc ?

  • Commandes permettant l'exécution simple, rapide et ponctuelle de commandes unitaires.

  • Elles peuvent cibler

    • une seule machine,

    • un groupe de machines spécifique,

    • l'ensemble des machines présentes dans l'inventaire.

  • Elles se reposent sur les Modules Ansible.

Les Modules Ansible

  • Unités de traitement réutilisables.

  • Permettent la réalisation d’une tâche précise.

  • Écrits en Python.

  • Code éprouvé.

  • Nombreux modules disponibles.

  • Possibilité d'écrire ses propres modules.

Des centaines de modules disponibles !

Cloud Modules • Clustering Modules • Commands Modules • Crypto Modules • Database Modules • Files Modules • Identity Modules • Inventory Modules • Messaging Modules • Monitoring Modules • Network Modules • Notification Modules • Packaging Modules • Source Control Modules • Storage Modules • System Modules • Utilities Modules • Web Infrastructure Modules • Windows Modules • ...

https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html https://docs.ansible.com/ansible/latest/collections/index.html

Utilisation de modules

$ ansible <pattern> -m <module> [-a <params>]

  • <pattern> peut représenter :

    • une machine

    • toutes les machines (alias all)

    • un groupe

    • une expression

$ ansible formation:\!web -m command -a "uname -r"
bdd.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64

lb.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64

Module Command

  • À utiliser :

    • pour des commandes simples
    • Pour recueillir des informations
  • Exemples :

    • Éteindre/redémarrer des serveurs
    • Copier des fichiers
    • Créer des users/groups
    • Installer des packages

Exemple

Création rapide d'un utilisateur
sur un ensemble de machines

$ ansible -m command -a "sudo useradd donald" 'formation'
10.6.214.70 | SUCCESS | rc=0 >>
10.6.214.73 | SUCCESS | rc=0 >>
10.6.214.74 | SUCCESS | rc=0 >>
10.6.214.72 | SUCCESS | rc=0 >>

$ ansible -m command -a "useradd donald" 'formation' --become

--become permet de passer changer d'utilisateur
pour jouer la commande.

Exemple

Affichage des utilisateurs créés

$ ansible -m command -a "grep donald /etc/passwd" 'formation'
10.6.214.74 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.70 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.72 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

10.6.214.73 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash

Documentation des modules

  • Recherche "ansible module nom-module" (Google)

  • $ ansible-doc <nom-module> (CLI)

Travaux pratiques

Travaux pratiques

TP Ansible : commandes ad-hoc bases

Modules de commandes

Module (2.9) | Module (2.10) | Description

  •         | -                           | -
    

command | ansible.builtin.command | Executes a command on a remote node expect | ansible.builtin.expect | Executes a command and responds to prompts. psexec | community.windows.psexec | Runs commands on a remote Windows host based on the PsExec model raw | ansible.builtin.raw | Executes a low-down and dirty SSH command script | ansible.builtin.script | Runs a local script on a remote node after transferring it shell | ansible.builtin.shell | Execute commands in nodes. telnet | ansible.netcommon.telnet | Executes a low-down and dirty telnet command

https://docs.ansible.com/ansible/2.9/modules/list_of_commands_modules.html

Modules de gestion de fichiers

Module (2.9) | Module (2.10) | Description

  •          | -                              | -
    

blockinfile | ansible.builtin.blockinfile | Insert/update/remove a text block surrounded by marker lines copy | ansible.builtin.copy | Copies files to remote locations fetch | ansible.builtin.fetch | Fetches a file from remote nodes file | ansible.builtin.file | Sets attributes of files lineinfile | ansible.builtin.lineinfile | Manage lines in text files replace | ansible.builtin.replace | Replace all instances of a particular string in a file using a back-referenced regular expression. stat | ansible.builtin.stat | Retrieve file or file system status template | ansible.builtin.template | Templates a file out to a remote server ... | ... | ...

https://docs.ansible.com/ansible/2.9/modules/list_of_files_modules.html

Exemple

Modifier les attributs d'un fichier sur les machines
du groupe formation

$ ansible -m file -a "dest=/etc/foo mode=0660 owner=root group=root" \
    formation

10.6.214.72 | SUCCESS => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0660",
    "owner": "root",
    "path": "/etc/foo",
    "secontext": "system_u:object_r:net_conf_t:s0",
    "size": 158,
    "state": "file",
    "uid": 0
...
}

Modules de gestion de paquets

https://docs.ansible.com/ansible/2.9/modules/list_of_packaging_modules.html

Paquets Debian / Ubuntu

Module (2.9) | Module (2.10) | Description

  •              | -                                  | -
    

apt | ansible.builtin.apt | Manages apt-packages apt_key | ansible.builtin.apt_key | Add or remove an apt key apt_repository | ansible.builtin.apt_repository | Add and remove APT repositories dpkg_selections | ansible.builtin.dpkg_selections | Dpkg package selection selections package | ansible.builtin.package | Generic OS package manager package_facts | ansible.builtin.package_facts | Package information as facts

Paquets RedHat / CentOS / Fedora

Module (2.9) | Module (2.10) | Description

  •                  | -                                        | -
    

dnf | ansible.builtin.dnf | Manages packages with the dnf package manager yum | ansible.builtin.yum | Manages packages with the yum package manager yum_repository | ansible.builtin.yum_repository |Add or remove YUM repositories redhat_subscription | community.general.redhat_subscription | Manage registration and subscriptions to RHSM using subscription-manager rhn_channel | community.general.rhn_channel | Adds or removes Red Hat software channels rhn_register | community.general.rhn_register | Manage RHN registration using rhnreg_ks rhsm_repository | community.general.rhsm_repository | Manage RHSM repositories using subscription-manager rpm_key | ansible.builtin.rpm_key | Adds or removes a gpg key from the rpm db package | ansible.builtin.package | Generic OS package manager package_facts | ansible.builtin.package_facts | Package information as facts

Paquets Suse / OpenSuse

Module (2.9) | Module (2.10) | Description

  •                | -                                    | -
    

zypper | community.general.zypper | Manage packages on SUSE and openSUSE zypper_repository |community.general.zypper_repository | Add and remove Zypper repositories package | ansible.builtin.package | Generic OS package manager package_facts | ansible.builtin.package_facts | Package information as facts

Paquets relatifs à des langages de programmation

Module (2.9) | Module (2.10) | Description

  •         | -                          | -
    

cpanm | community.general.cpanm | Manages Perl library dependencies. gem | community.general.gem | Manage Ruby gems npm | community.general.npm | Manage node.js packages with npm pip |ansible.builtin.pip | Manages Python library dependencies ... | ... | ...

Exemple

Vérification de la présence d'un paquet

$ ansible -m yum -a "name=vim state=present" 'formation'
10.6.214.70 | SUCCESS => {
    "changed": true,
    "rc": 0,
    "results": [
        ...
          Installing :
          2:vim-filesystem-7.4.160-1.el7_3.1.x86_64
          2:vim-common-7.4.160-1.el7_3.1.x86_64
          gpm-libs-1.20.7-5.el7.x86_64
          2:vim-enhanced-7.4.160-1.el7_3.1.x86_64

          Installed:
          vim-enhanced.x86_64 2:7.4.160-1.el7_3.1
          Dependency Installed:
          gpm-libs.x86_64 0:1.20.7-5.el7
          vim-common.x86_64 2:7.4.160-1.el7_3.1
          vim-filesystem.x86_64 2:7.4.160-1.el7_3.1

          Complete!"
    ]
}

Modules de gestion de code

  • git
  • subversion
  • hg

Ces modules permettent de cloner des dépôts de code.

https://docs.ansible.com/ansible/2.9/modules/list_of_source_control_modules.html

Modules de gestion du système

https://docs.ansible.com/ansible/2.9/modules/list_of_system_modules.html

Utilisateurs et groupes

Module (2.9) | Module (2.10) | Description

  •         | -                        | -
    

user | ansible.builtin.user | Manage user accounts group | ansible.builtin.group | Add or remove groups

Stockage

Module (2.9) | Module (2.10) | Description

  •         | -                               | -
    

parted | community.general.parted | Configure block device partitions lvg | community.general.lvg | Configure LVM volume groups lvol | community.general.lvol | Configure LVM logical volumes filesystem | community.general.filesystem | Makes a filesystem

Services

Module (2.9) | Module (2.10) | Description

  •           | -                                | -
    

service | ansible.builtin.service | Manage services service_facts | ansible.builtin.service_facts | Return service state information as fact data systemd | ansible.builtin.systemd | Manage services sysvinit | ansible.builtin.sysvinit | Manage SysV services

Réseau

Module (2.9) | Module (2.10) | Description

  •         | -                           | -
    

ping | ansible.builtin.ping | Try to connect to host, verify a usable python and return pong on success hostname | ansible.builtin.hostname | Manage hostname firewalld | ansible.posix.firewalld | Manage arbitrary ports/services with firewalld iptables | ansible.builtin.iptables | Modify the systems iptables

Configuration SSH

Module (2.9) | Module (2.10) | Description

  •            | -                               | -
    

authorized_key | ansible.posix.authorized_key | Adds or removes an SSH authorized key known_hosts | ansible.builtin.known_hosts | Add or remove a host from the known_hosts file

Divers

Module (2.9) | Module (2.10) | Description

  •         | -                             | -
    

cron | ansible.builtin.cron | Manage cron.d and crontab entries reboot | ansible.builtin.reboot | Reboot a machine setup | ansible.builtin.setup | Gathers facts about remote hosts timezone | community.general.timezone | Configure timezone setting

Exemple

Récupération des facts de machines distantes

$ ansible -m setup 'formation'
10.6.214.70 | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
            "10.6.214.70"
        ],
        "ansible_all_ipv6_addresses": [
            "fe80::250:56ff:fe9d:1ae5"
        ],
        "ansible_architecture": "x86_64",
        "ansible_bios_date": "09/17/2015",
        "ansible_bios_version": "6.00",
        "ansible_cmdline": {
            "BOOT_IMAGE": "/vmlinuz-3.10.0-327.28.3.el7.x86_64",
            "LANG": "fr_FR.UTF-8",
            "crashkernel": "auto",
            "quiet": true,
            "rd.lvm.lv": "rootvg/slashlv",
            "rhgb": true,