1. TP1 : installation d’Ansible
1.1. Corrigé
1.1.1. Afficher la version d’Ansible
sudo yum install epel-release -y
sudo yum install ansible -y
#!/bin/bash
set -o nounset -o pipefail -o errexit
sudo apt install gnupg2 -y
sudo echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" > /etc/apt/sources.list.d/ansible.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt update
sudo apt install ansible -y
1.2. Corrigé complémentaire
1.2.1. Afficher les fichiers installés par le paquet ansible
rpm -ql ansible
dpkg -L ansible
1.2.2. Indiquer le répertoire où se trouve les modules
-
CentOS:
/usr/lib/python2.7/site-packages/ansible/modules
-
Debian:
/usr/lib/python2.7/dist-packages/ansible/modules
1.2.3. Installer la version de développement
Voir la documentation officielle d’Ansible.
3. TP3 : inventaire simple
3.1. Corrigé
[web]
node1-c7 ansible_host=10.42.0.11
node2-deb ansible_host=10.42.0.12
[paris]
node1-c7
[web:vars]
ansible_user=vagrant
ansible-inventory -i $HOME/ansible/inventory --graph --vars
3.2. Corrigé complémentaire
ansible-inventory -i $HOME/ansible/inventory --yaml --list
all:
children:
paris:
hosts:
node1-c7:
ansible_host: 10.42.0.11
ansible_user: vagrant
ungrouped: {}
web:
hosts:
node1-c7: {}
node2-deb:
ansible_host: 10.42.0.12
ansible_user: vagrant
4. TP4 : configuration d’Ansible
4.1. Corrigé
[defaults]
inventory = inventory
forks = 50
host_key_checking = False
4.2. Corrigé complémentaire
ansible.cfg
[privilege_escalation]
become=True
ansible-config list
5. TP5 : commandes Ad-Hoc
5.1. Corrigé
#!/bin/bash
set -o nounset -o pipefail -o errexit
ansible web --module-name ping
ansible web --module-name setup
# become to have root rights
ansible node1-c7 --become --module-name yum --args "name=httpd state=latest"
ansible node2-deb --become --module-name apt --args "name=apache2 state=latest"
# we can't use debug module because ansible command doesn't gather facts
ansible node2-deb --module-name setup --args "filter=ansible_distribution_release"
5.2. Corrigé complémentaire
#!/bin/bash
set -o nounset -o pipefail -o errexit
ansible web --become -m package -a "name=* state=latest"
ansible web --become -m package -a "name=tree state=present"
ansible web --become -m reboot
6. TP6 : découverte du langage YAML
6.1. Corrigé
- Quels sont les trois façons de réprésenter des données en YAML ?
-
scalaires, listes et dictionnaires
- Qu’est-ce qui définit la hiérarchie entre les différents éléments ?
-
C’est l’indentation
- Que faire d’un éditeur qui indente avec des tabulations ?
-
Changer son comportement
- Quelle est l’autre façon d’écrire la liste suivante ?
timesync_ntp_servers_inline: ['1.centos.pool.ntp.org','2.centos.pool.ntp.org','3.centos.pool.ntp.org']
- Quelle est l’autre façon d’écrire le tableau associatif (ou dictionnaire) suivant ?
roles:
role: apache
http_port: 8080
7. TP7 : configurer son éditeur de texte
7.1. Corrigé
7.1.1. Configurer son éditeur de texte
#!/bin/bash
set -o nounset -o pipefail -o errexit
sudo yum install vim vim-enhanced -y
echo -e "set softtabstop=2 expandtab shiftwidth=2 smarttab autoindent\nsyntax on" > ~/.vimrc
#!/bin/bash
set -o nounset -o pipefail -o errexit
sudo apt install vim -y
echo -e "set softtabstop=2 expandtab shiftwidth=2 smarttab autoindent\nsyntax on" > ~/.vimrc
8. TP8 : premier playbook
8.1. Corrigé
---
- name: install apache via ansible-playbook
hosts: node1-c7
become: True
tasks:
- name: install apache
yum:
name: httpd
state: latest
- name: copy index file
copy:
src: index.html
dest: /var/www/html/index.html
mode: 0444
owner: apache
group: apache
- name: activate and restart apache
service:
name: httpd
enabled: yes
state: started
8.2. Corrigé complémentaire
8.2.1. Réponse à la question
L’état restarted
provoque systématiquement un redémarrage du service en
question alors que l’état started
s’assure uniquement que le service est
démarré.
On privilégie l’utilisation de started
dans les playbooks, restarted
est
réservé aux handlers.
8.2.2. Second play
Identique au premier play en remplaçant :
-
module
yum
par moduleapt
-
httpd
parapache2
(paquet et démon) -
apache
parwww-data
9. TP9 : ansible-galaxy
9.1. Corrigé
#!/bin/bash
set -o nounset -o pipefail -o errexit
ansible-galaxy install geerlingguy.postfix
# to install role in a specific directory which is not part of your DEFAULT_ROLES_PATH
ansible-galaxy install geerlingguy.postfix -p roles
ansible-playbook site.yml
---
- hosts: web
become: true
name: install postfix
roles:
- role: geerlingguy.postfix
vars:
postfix_inet_protocols: ipv4
9.2. Corrigé complémentaire
#!/bin/bash
set -o nounset -o pipefail -o errexit
# to verify roles' job
ansible web -a "systemctl is-active postfix"
ansible web -a "grep ipv4 /etc/postfix/main.cf"
# download roles using a requirement file
ansible-galaxy install -r requirements.yml
---
roles:
- src: geerlingguy.postfix
collections:
- name: debops.debops
10. TP10 : import et tags
10.1. Corrigé
---
- hosts: web
become: true
name: install postfix
roles:
- role: geerlingguy.postfix
vars:
postfix_inet_protocols: ipv4
tags: postfix
- import_playbook: apache-simple-playbook/install-apache.yml
tags: apache
11. TP11 : convertir un playbook en rôle
11.1. Corrigé et corrigé complémentaires
Voir les extraits de code : https://gitlab.com/azyx/sib-tp//-/tree/master/codes/tp11
12. TP12 : nouvelles tâches
12.1. Corrigé
---
# tasks file for roles/apache
- name: install apache
yum:
name: httpd
state: present
- name: conf httpd
copy:
src: 'vhost.conf'
dest: '/etc/httpd/conf.d'
mode: 0640
owner: root
group: apache
notify: reload apache
- name: create documentroot
file:
name: /var/www/html/10.42.0.11.xip.io
state: directory
- name: copy index file
copy:
src: index.html
dest: /var/www/html/10.42.0.11.xip.io/index.html
mode: 0444
owner: apache
group: apache
- name: activate and restart apache
service:
name: httpd
enabled: yes
state: started
---
# handlers file for roles/apache
- name: reload apache
service:
name: httpd
state: reloaded
Les fichiers index.html
et vhost.conf
se trouvent sous roles/apache/files
.
12.2. Corrigé complémentaire
ansible node1-c7 -m file -a "path=/var/www/html/index.html state=absent" -b
13. TP13 : variables pour rôle apache
13.1. Corrigé
---
# defaults file for roles/apache
apache_pkg_name: httpd
apache_domain: 10.42.0.11.xip.io
apache_conf_dir: /etc/httpd/conf.d
apache_html_dir: /var/www/html
apache_user: apache
apache_group: apache
apache_service_name: httpd
---
# tasks file for roles/apache
- name: install apache
yum:
name: '{{ apache_pkg_name }}'
state: present
- name: conf httpd
copy:
src: 'vhost.conf'
dest: '{{ apache_conf_dir }}/{{ apache_domain }}.conf'
mode: 0640
owner: '{{ apache_user }}'
group: '{{ apache_group }}'
notify: reload apache
- name: create documentroot
file:
name: '{{ apache_html_dir }}/{{ apache_domain }}'
state: directory
- name: copy index file
copy:
src: index.html
dest: '{{ apache_html_dir }}/{{ apache_domain }}/index.html'
mode: 0444
owner: '{{ apache_user }}'
group: '{{ apache_group }}'
- name: activate and restart apache
service:
name: '{{ apache_service_name }}'
enabled: yes
state: started
---
# handlers file for roles/apache
- name: reload apache
service:
name: '{{ apache_service_name }}'
state: reloaded
15. TP15 : Templates
15.1. Corrigé
roles/apache/templates/index.html.j2
<html lang="en">
<head>
<meta charset="utf-8">
<title>It works !</title>
</head>
<body>
<pre>
--------------------------------------------
| It works ! {{ apache_domain }} |
-------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
</pre>
</body>
</html>
roles/apache/templates/vhost.conf.j2
<VirtualHost *:80>
ServerName {{ apache_domain }}
ServerAlias www.{{ apache_domain }}
ServerAlias 10.42.0.11
DocumentRoot /var/www/html/{{ apache_domain }}/
CustomLog /var/log/httpd/{{ apache_domain }}_access.log combined
ErrorLog /var/log/httpd/{{ apache_domain }}_error.log
<Directory />
Options none
Allowoverride none
Require all denied
</Directory>
<Directory /var/www/html/{{ apache_domain }}>
Require all granted
</Directory>
</VirtualHost>
roles/apache/tasks/main.yml
---
# tasks file for roles/apache
- name: install apache
yum:
name: '{{ apache_pkg_name }}'
state: present
- name: conf httpd
template:
src: 'vhost.conf.j2'
dest: '{{ apache_conf_dir }}/{{ apache_domain }}.conf'
mode: 0640
owner: '{{ apache_user }}'
group: '{{ apache_group }}'
notify: reload apache
- name: create documentroot
file:
name: '{{ apache_html_dir }}/{{ apache_domain }}'
state: directory
- name: copy index file
template:
src: index.html.j2
dest: '{{ apache_html_dir }}/{{ apache_domain }}/index.html'
mode: 0444
owner: '{{ apache_user }}'
group: '{{ apache_group }}'
- name: activate and restart apache
service:
name: '{{ apache_service_name }}'
enabled: yes
state: started
ansible-playbook site.yml -e "apache_domain=www.10.42.0.11.xip.io"