13 KiB
Commandes Ad-Hoc
Exécuter des actions simples
sur un ensemble de machines.
Les commandes Ad-Hoc ?
-
Commandes permettant l'exécution simple, rapide et ponctuelle de commandes unitaires.
-
Elles peuvent cibler
-
une seule machine,
-
un groupe de machines spécifique,
-
l'ensemble des machines présentes dans l'inventaire.
-
-
Elles se reposent sur les Modules Ansible.
Les Modules Ansible
-
Unités de traitement réutilisables.
-
Permettent la réalisation d’une tâche précise.
-
Écrits en Python.
-
Code éprouvé.
-
Nombreux modules disponibles.
-
Possibilité d'écrire ses propres modules.
Des centaines de modules disponibles !
Cloud Modules • Clustering Modules • Commands Modules • Crypto Modules • Database Modules • Files Modules • Identity Modules • Inventory Modules • Messaging Modules • Monitoring Modules • Network Modules • Notification Modules • Packaging Modules • Source Control Modules • Storage Modules • System Modules • Utilities Modules • Web Infrastructure Modules • Windows Modules • ...https://docs.ansible.com/ansible/2.9/modules/modules_by_category.html https://docs.ansible.com/ansible/latest/collections/index.html
Utilisation de modules
$ ansible <pattern> -m <module> [-a <params>]
-
<pattern>
peut représenter :-
une machine
-
toutes les machines (alias
all
) -
un groupe
-
une expression
-
$ ansible formation:\!web -m command -a "uname -r"
bdd.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64
lb.formation.sii.fr | SUCCESS | rc=0 >>
3.10.0-327.28.3.el7.x86_64
Module Command
-
À utiliser :
- pour des commandes simples
- Pour recueillir des informations
-
Exemples :
- Éteindre/redémarrer des serveurs
- Copier des fichiers
- Créer des users/groups
- Installer des packages
Exemple
Création rapide d'un utilisateur
sur un ensemble de machines
$ ansible -m command -a "sudo useradd donald" 'formation'
10.6.214.70 | SUCCESS | rc=0 >>
10.6.214.73 | SUCCESS | rc=0 >>
10.6.214.74 | SUCCESS | rc=0 >>
10.6.214.72 | SUCCESS | rc=0 >>
$ ansible -m command -a "useradd donald" 'formation' --become
--become
permet de passer changer d'utilisateur
pour jouer la commande.
Exemple
Affichage des utilisateurs créés
$ ansible -m command -a "grep donald /etc/passwd" 'formation'
10.6.214.74 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash
10.6.214.70 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash
10.6.214.72 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash
10.6.214.73 | SUCCESS | rc=0 >>
donald:x:1009:1010::/home/donald:/bin/bash
Documentation des modules
-
Recherche "ansible module nom-module" (Google)
-
$ ansible-doc <nom-module>
(CLI)
Travaux pratiques
TP Ansible : commandes ad-hoc bases
Modules de commandes
Module (2.9) | Module (2.10) | Description
-
| - | -
command
| ansible.builtin.command
| Executes a command on a remote node
expect
| ansible.builtin.expect
| Executes a command and responds to prompts.
psexec
| community.windows.psexec
| Runs commands on a remote Windows host based on the PsExec model
raw
| ansible.builtin.raw
| Executes a low-down and dirty SSH command
script
| ansible.builtin.script
| Runs a local script on a remote node after transferring it
shell
| ansible.builtin.shell
| Execute commands in nodes.
telnet
| ansible.netcommon.telnet
| Executes a low-down and dirty telnet command
https://docs.ansible.com/ansible/2.9/modules/list_of_commands_modules.html
Modules de gestion de fichiers
Module (2.9) | Module (2.10) | Description
-
| - | -
blockinfile
| ansible.builtin.blockinfile
| Insert/update/remove a text block surrounded by marker lines
copy
| ansible.builtin.copy
| Copies files to remote locations
fetch
| ansible.builtin.fetch
| Fetches a file from remote nodes
file
| ansible.builtin.file
| Sets attributes of files
lineinfile
| ansible.builtin.lineinfile
| Manage lines in text files
replace
| ansible.builtin.replace
| Replace all instances of a particular string in a file using a back-referenced regular expression.
stat
| ansible.builtin.stat
| Retrieve file or file system status
template
| ansible.builtin.template
| Templates a file out to a remote server
... | ... | ...
https://docs.ansible.com/ansible/2.9/modules/list_of_files_modules.html
Exemple
Modifier les attributs d'un fichier sur les machines
du groupe formation
$ ansible -m file -a "dest=/etc/foo mode=0660 owner=root group=root" \
formation
10.6.214.72 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0660",
"owner": "root",
"path": "/etc/foo",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 158,
"state": "file",
"uid": 0
...
}
Modules de gestion de paquets
https://docs.ansible.com/ansible/2.9/modules/list_of_packaging_modules.html
Paquets Debian / Ubuntu
Module (2.9) | Module (2.10) | Description
-
| - | -
apt
| ansible.builtin.apt
| Manages apt-packages
apt_key
| ansible.builtin.apt_key
| Add or remove an apt key
apt_repository
| ansible.builtin.apt_repository
| Add and remove APT repositories
dpkg_selections
| ansible.builtin.dpkg_selections
| Dpkg package selection selections
package
| ansible.builtin.package
| Generic OS package manager
package_facts
| ansible.builtin.package_facts
| Package information as facts
Paquets RedHat / CentOS / Fedora
Module (2.9) | Module (2.10) | Description
-
| - | -
dnf
| ansible.builtin.dnf
| Manages packages with the dnf package manager
yum
| ansible.builtin.yum
| Manages packages with the yum package manager
yum_repository
| ansible.builtin.yum_repository
|Add or remove YUM repositories
redhat_subscription
| community.general.redhat_subscription
| Manage registration and subscriptions to RHSM using subscription-manager
rhn_channel
| community.general.rhn_channel
| Adds or removes Red Hat software channels
rhn_register
| community.general.rhn_register
| Manage RHN registration using rhnreg_ks
rhsm_repository
| community.general.rhsm_repository
| Manage RHSM repositories using subscription-manager
rpm_key
| ansible.builtin.rpm_key
| Adds or removes a gpg key from the rpm db
package
| ansible.builtin.package
| Generic OS package manager
package_facts
| ansible.builtin.package_facts
| Package information as facts
Paquets Suse / OpenSuse
Module (2.9) | Module (2.10) | Description
-
| - | -
zypper
| community.general.zypper
| Manage packages on SUSE and openSUSE
zypper_repository
|community.general.zypper_repository
| Add and remove Zypper repositories
package
| ansible.builtin.package
| Generic OS package manager
package_facts
| ansible.builtin.package_facts
| Package information as facts
Paquets relatifs à des langages de programmation
Module (2.9) | Module (2.10) | Description
-
| - | -
cpanm
| community.general.cpanm
| Manages Perl library dependencies.
gem
| community.general.gem
| Manage Ruby gems
npm
| community.general.npm
| Manage node.js packages with npm
pip
|ansible.builtin.pip
| Manages Python library dependencies
... | ... | ...
Exemple
Vérification de la présence d'un paquet
$ ansible -m yum -a "name=vim state=present" 'formation'
10.6.214.70 | SUCCESS => {
"changed": true,
"rc": 0,
"results": [
...
Installing :
2:vim-filesystem-7.4.160-1.el7_3.1.x86_64
2:vim-common-7.4.160-1.el7_3.1.x86_64
gpm-libs-1.20.7-5.el7.x86_64
2:vim-enhanced-7.4.160-1.el7_3.1.x86_64
Installed:
vim-enhanced.x86_64 2:7.4.160-1.el7_3.1
Dependency Installed:
gpm-libs.x86_64 0:1.20.7-5.el7
vim-common.x86_64 2:7.4.160-1.el7_3.1
vim-filesystem.x86_64 2:7.4.160-1.el7_3.1
Complete!"
]
}
Modules de gestion de code
- git
- subversion
- hg
Ces modules permettent de cloner des dépôts de code.
https://docs.ansible.com/ansible/2.9/modules/list_of_source_control_modules.html
Modules de gestion du système
https://docs.ansible.com/ansible/2.9/modules/list_of_system_modules.html
Utilisateurs et groupes
Module (2.9) | Module (2.10) | Description
-
| - | -
user
| ansible.builtin.user
| Manage user accounts
group
| ansible.builtin.group
| Add or remove groups
Stockage
Module (2.9) | Module (2.10) | Description
-
| - | -
parted
| community.general.parted
| Configure block device partitions
lvg
| community.general.lvg
| Configure LVM volume groups
lvol
| community.general.lvol
| Configure LVM logical volumes
filesystem
| community.general.filesystem
| Makes a filesystem
Services
Module (2.9) | Module (2.10) | Description
-
| - | -
service
| ansible.builtin.service
| Manage services
service_facts
| ansible.builtin.service_facts
| Return service state information as fact data
systemd
| ansible.builtin.systemd
| Manage services
sysvinit
| ansible.builtin.sysvinit
| Manage SysV services
Réseau
Module (2.9) | Module (2.10) | Description
-
| - | -
ping
| ansible.builtin.ping
| Try to connect to host, verify a usable python and return pong on success
hostname
| ansible.builtin.hostname
| Manage hostname
firewalld
| ansible.posix.firewalld
| Manage arbitrary ports/services with firewalld
iptables
| ansible.builtin.iptables
| Modify the systems iptables
Configuration SSH
Module (2.9) | Module (2.10) | Description
-
| - | -
authorized_key
| ansible.posix.authorized_key
| Adds or removes an SSH authorized key
known_hosts
| ansible.builtin.known_hosts
| Add or remove a host from the known_hosts file
Divers
Module (2.9) | Module (2.10) | Description
-
| - | -
cron
| ansible.builtin.cron
| Manage cron.d and crontab entries
reboot
| ansible.builtin.reboot
| Reboot a machine
setup
| ansible.builtin.setup
| Gathers facts about remote hosts
timezone
| community.general.timezone
| Configure timezone setting
Exemple
Récupération des facts de machines distantes
$ ansible -m setup 'formation'
10.6.214.70 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.6.214.70"
],
"ansible_all_ipv6_addresses": [
"fe80::250:56ff:fe9d:1ae5"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "09/17/2015",
"ansible_bios_version": "6.00",
"ansible_cmdline": {
"BOOT_IMAGE": "/vmlinuz-3.10.0-327.28.3.el7.x86_64",
"LANG": "fr_FR.UTF-8",
"crashkernel": "auto",
"quiet": true,
"rd.lvm.lv": "rootvg/slashlv",
"rhgb": true,