Resources attached to the Road To DevOps tutorial
https://blog.noobtoroot.xyz/road-to-devops/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7.0 KiB
7.0 KiB
TP Roles
-
Reprendre le TP Wordpress et le découper en Roles.
-
Exemple de rôles pouvant être définis :
mariadb, db, httpd, apache, wordpress... -
Gérer les variables par défaut.
-
Gérer les variables liées à l'environnement.
-
Gérer la dépendances de roles entre l'applicatif et le serveur web.
Arborescence du projet :
ansible
├── playbook.yaml
├── inventories
│ └── formation
│ ├── group_vars
│ │ └── wordpress.yaml <--- vars mariadb, wordpress
│ └── hosts
└── roles
├── apache
│ ├── handlers
│ │ └── main.yaml
│ └── tasks
│ └── main.yaml
├── mariadb
│ ├── defaults
│ │ └── main.yaml <--- vars par défaut mariadb
│ └── tasks
│ ├── add-database.yaml
│ ├── install.yaml
│ └── main.yaml
└── wordpress
├── meta
| └── main.yaml <--- dépendances de wordpress
└── tasks
├── configure.yaml
├── install.yaml
└── main.yaml
inventories/formation/hosts
ansible-1 ansible_host=192.168.56.102
ansible-2 ansible_host=192.168.56.103
[wordpress]
ansible-1
ansible-2
[all:vars]
ansible_become=yes
ansible_become_pass=ansible
inventories/formation/group_vars/wordpress.yaml
DB_NAME: wordpress
DB_USER: wordpressuser
DB_PASSWORD: "12345"
DB_HOST: "{{ hostvars['ansible-2']['ansible_host'] }}"
WEB_HOST: "{{ hostvars['ansible-1']['ansible_host'] }}"
playbook.yaml
- hosts: ansible-2
roles:
- role: mariadb
- hosts: ansible-1
roles:
- role: apache
- role: wordpress
Role Mariadb
roles
└── mariadb
├── defaults
│ └── main.yaml
└── tasks
├── add-database.yaml
├── install.yaml
└── main.yaml
roles/mariadb/tasks/install.yaml
- name: Installation of mariadb-server package
yum:
name: mariadb-server
state: present
update_cache: yes
- name: Ensure mariadb-server is running (and enabled at boot)
service:
name: mariadb
state: started
enabled: yes
- name: Allow mariadb traffic on port 3306
firewalld:
service: mysql
permanent: true
state: enabled
immediate: yes
roles/mariadb/tasks/add-database.yaml
- name: Installation of MySQL-python package
# package required to use ansible mysql modules
yum:
name: MySQL-python
state: present
update_cache: yes
- name: Create a new database with name '{{ DB_NAME }}'
mysql_db:
name: '{{ DB_NAME }}'
state: present
- name: Create a new user with name '{{ DB_USER }}'
with full access to '{{ DB_NAME }} from '{{ WEB_HOST }}'
mysql_user:
name: '{{ DB_USER }}'
password: '{{ DB_PASSWORD }}'
priv: '{{ DB_NAME }}.*:ALL'
host: '{{ WEB_HOST }}'
state: present
roles/mariadb/tasks/main.yaml
- import_tasks: install.yaml
- import_tasks: add-database.yaml
roles/mariadb/defaults/main.yaml
DB_NAME: bob
DB_USER: mydb
DB_PASSWORD: 12345678
WEB_HOST: localhost
Les valeurs par défaut du role.
Role Apache
roles
└── apache
├── handlers
│ └── main.yaml
└── tasks
└── main.yaml
roles/apache/tasks/main.yaml
- name: Installation of apache package
yum:
name: httpd
state: present
update_cache: yes
- name: Installation of php package
yum:
name: php
state: present
update_cache: yes
- name: Installation of php-mysql package
yum:
name: php-mysql
state: present
update_cache: yes
- name: Installation of wget package
yum:
name: wget
state: present
update_cache: yes
- name: Ensure apache is running (and enabled at boot)
service:
name: httpd
state: started
enabled: yes
- name: Allow http traffic on port 80
firewalld:
service: http
permanent: true
state: enabled
immediate: yes
Role Wordpress
roles
└── wordpress
└── tasks
├── configure.yaml
├── install.yaml
└── main.yaml
roles/wordpress/tasks/install.yaml
- name: Download wordpress archive
get_url:
url: https://wordpress.org/latest.tar.gz
dest: /var/www/html/wordpress.tar.gz
mode: 0440
- name: Untar wordpress archive
unarchive:
src: /var/www/html/wordpress.tar.gz
dest: /var/www/html
remote_src: true
- name: Remove wordpress archive
file:
path: /var/www/html/wordpress.tar.gz
state: absent
roles/wordpress/tasks/configure.yaml
- name: Create wordpress configuration file
copy:
src: /var/www/html/wordpress/wp-config-sample.php
dest: /var/www/html/wordpress/wp-config.php
remote_src: true
- name: Update wordpress configuration file with db name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'database_name_here'
replace: '{{ DB_NAME }}'
- name: Update wordpress configuration file with user name
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'username_here'
replace: '{{ DB_USER }}'
- name: Update wordpress configuration file with user password
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'password_here'
replace: '{{ DB_PASSWORD }}'
- name: Update wordpress configuration file with host
replace:
dest: /var/www/html/wordpress/wp-config.php
regexp: 'localhost'
replace: '{{ DB_HOST }}'
roles/wordpress/tasks/main.yaml
- import_tasks: install.yaml
- import_tasks: configure.yaml
-
Générer un mot de passe aléatoirement pour l'accès à la base de données.
-
Exemple :
tasks:
- name: Generate random password
set_fact:
password: "{{ lookup('password', 'password.txt') }}"
- debug:
msg: "Randomly generated password is : {{ password }}"
apache-wordpress-mariadb-roles-password.yaml
- hosts: centos7
tasks:
- name: Generate random password for DB access
set_fact:
DB_PASSWORD: "{{ lookup('password', 'passwords.txt') }}"
- hosts: ansible-2
roles:
- role: mariadb-install
- role: mariadb-configure
- hosts: ansible-1
roles:
- role: apache-install
- role: wordpress-install
- role: wordpress-configure
$ ls -l passwords.txt
-rw------- 1 ansible ansible 21 oct. 29 16:48 passwords.txt
$ cat passwords.txt
f2OLcLega8W,GC6vDiLn