Bonsoir,
merci @GDX2 , mais bon après plus de 15 ans dans l’IT et passionné, on a plus trop de mérite 
@Clemalex je peux te partager quelques playbooks, j’utilise quotidiennement Ansible dans mon boulot, donc pourquoi pas l’utiliser à la maison.
Ca ne va pas être simple, car il y a beaucoup de code, je vais juste copier certains exemples parlant.
j’utilise Ansible souvent en 3 parties:
- Installer mes machines (update, conf SSH, etc …)
- Installer mes softs (je compile souvent mes softs)
- Configurer mes softs
J’ai tjs un playbook par grande famille d’utilisation, en perso ça se limite à 2 surtout:
- glusterfs-install-config.yml
- docker-server-install-config.yml
Ex docker-server-install-config.yml:
- name: Docker-servers-install-config
hosts: docker_servers
gather_facts: yes
strategy: free
become: yes
roles:
- { role: base_install, tags: [never,base] }
- { role: docker_install, tags: [never,install] }
- { role: docker_config, tags: [never,config] }
- { role: docker_deploy, tags: [never,deploy] }
Ensuite je choisie ce que je veux executer comme rôle avec les tags, soit j’utilise:
- base => des machines (SSH, IP, etc …)
- install => j’installe mes softs (ici seulement docker)
- config => je configure mes réseaux swarm, etc …
- deploy => je déploie mes services (swarm ou non)
Ex de role base:
---
- name: deploy resolv.conf template
template:
src: resolv.conf.j2
dest: /etc/resolv.conf
owner: root
group: root
mode: 0644
backup: yes
- name: Update all packages and upgrade server
apt:
update_cache: yes
cache_valid_time: 3600
upgrade: yes
- name: Install base packages
package:
name: "{{ base_packages }}"
state: present
- name: Install python package
ansible.builtin.pip:
name: "{{ python_packages }}"
state: present
executable: "/usr/bin/pip3"
- name: Ensure a locale exists
community.general.locale_gen:
name: "{{ item }}"
state: present
with_items:
- "fr_FR.UTF-8"
#- "fr_FR.ISO-8859-1"
- name: Update Root user's Password
user:
name: root
update_password: always
password: "{{ default_root_password }}"
- name: Ensure group "somegroup" exists
ansible.builtin.group:
name: "{{ user }}"
state: present
- name: Create a mike user
user:
name: "{{ user }}"
password: "{{ default_mike_password }}"
groups:
- "{{ user }}"
state: present
- name: Add public key to authorized_keys
authorized_key:
user: "{{ user }}"
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- name: Add {{ user }} to sudoers file
ansible.builtin.lineinfile:
path: /etc/sudoers
regexp: '^{{ user }}'
line: '{{ user }} ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: copy base files
copy:
src: "{{ item.src }}"
dest: "{{ item.dstdir }}/{{ item.dstfile }}"
owner: "root"
group: "root"
mode: "u=rwx,g=r,o=r"
with_items:
- { dstfile: ".bashrc", src: "bashrc", dstdir: "/root" }
- { dstfile: ".vimrc", src: "vimrc", dstdir: "/root" }
- { dstfile: ".bashrc", src: "bashrc", dstdir: "/home/mike" }
- { dstfile: ".vimrc", src: "vimrc", dstdir: "/home/mike" }
- { dstfile: ".screenrc", src: "screenrc", dstdir: "/home/mike" }
- name: Adding banner info in sshd.conf
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#Banner'
line: "Banner /etc/ssh/ssh-banner-message.txt"
- name: Update ssh banner
template:
src: ssh-banner.txt.j2
dest: /etc/ssh/ssh-banner-message.txt
mode: 0644
notify: restart ssh
Ex: pour ma conf docker:
- name: Create overlay network
community.docker.docker_network:
name: "{{ item.name }}"
attachable: true
driver: "overlay"
scope: "swarm"
with_items:
- "{{ docker_network_overlay_config }}"
when: docker_type == "manager"
Ex: Déployer les services:
- name: copy docker-compose files for stack
ansible.builtin.template:
src: "docker-compose/{{ item.file }}"
dest: "/tmp/{{ item.file }}"
with_items:
- "{{ deploy_services }}"
when: inventory_hostname == "docker1"
- name: Deploy services
docker_stack:
state: present
name: "{{ item.name }}"
compose:
- "/tmp/{{ item.file }}"
resolve_image: never
with_items:
- "{{ deploy_services }}"
when: inventory_hostname == "docker1"
Ca donne une petite idée de comment j’articule Ansible.
j’espère que ça pourra t’aider un peu.
++
