diff --git a/1-1.practice-k8s.cloud.html b/1-1.practice-k8s.cloud.html
deleted file mode 100644
index 0a60894..0000000
--- a/1-1.practice-k8s.cloud.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
- Machine 1-1.practice-k8s.cloud
-
-
- Cette machine s’appelle 1-1.practice-k8s.cloud
- Ci-dessous la liste de ces adresses :
-
-
-
\ No newline at end of file
diff --git a/1-2.practice-k8s.cloud.html b/1-2.practice-k8s.cloud.html
deleted file mode 100644
index 772a3c5..0000000
--- a/1-2.practice-k8s.cloud.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
- Machine 1-2.practice-k8s.cloud
-
-
- Cette machine s’appelle 1-2.practice-k8s.cloud
- Ci-dessous la liste de ces adresses :
-
-
-
\ No newline at end of file
diff --git a/8-1.practice-k8s.cloud.html b/8-1.practice-k8s.cloud.html
new file mode 100644
index 0000000..40f6b30
--- /dev/null
+++ b/8-1.practice-k8s.cloud.html
@@ -0,0 +1,12 @@
+
+
+ Machine 8-1.practice-k8s.cloud
+
+
+ Cette machine s’appelle 8-1.practice-k8s.cloud
+ Ci-dessous la liste de ces adresses :
+
+
+
\ No newline at end of file
diff --git a/8-2.practice-k8s.cloud.html b/8-2.practice-k8s.cloud.html
new file mode 100644
index 0000000..dde4b44
--- /dev/null
+++ b/8-2.practice-k8s.cloud.html
@@ -0,0 +1,12 @@
+
+
+ Machine 8-2.practice-k8s.cloud
+
+
+ Cette machine s’appelle 8-2.practice-k8s.cloud
+ Ci-dessous la liste de ces adresses :
+
+
+
\ No newline at end of file
diff --git a/ansible.cfg b/ansible.cfg
index 6d2c3ee..25e9141 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -12,10 +12,11 @@
[defaults]
inventory = inventory.ini
-#remote_user = user-ansible
+remote_user = user-ansible
host_key_checking = false
-#vault_password_file = /root/ansible/vault.key
+vault_password_file = /root/workspace/ansible-practice/vault.key
#callbacks_enabled = timer, profile_roles, profile_tasks
+log_path=/tmp/ansible_log.txt
[privilege_escalation]
become = True
diff --git a/ansible_vault_key_1.txt b/ansible_vault_key_1.txt
new file mode 100644
index 0000000..9ff6e25
--- /dev/null
+++ b/ansible_vault_key_1.txt
@@ -0,0 +1 @@
+dany
\ No newline at end of file
diff --git a/ansible_vault_key_2.txt b/ansible_vault_key_2.txt
new file mode 100644
index 0000000..b2c6cb6
--- /dev/null
+++ b/ansible_vault_key_2.txt
@@ -0,0 +1 @@
+lxsang
\ No newline at end of file
diff --git a/apache-inventaire.conf.tag.yml b/apache-inventaire.conf.tag.yml
index 03509c3..d997ba8 100644
--- a/apache-inventaire.conf.tag.yml
+++ b/apache-inventaire.conf.tag.yml
@@ -1,6 +1,6 @@
---
- name: "Apache installation"
- hosts: 1-1.practice-k8s.cloud
+ hosts: 8-1.practice-k8s.cloud
tasks:
- name: "Apache package installation"
yum:
diff --git a/apache-inventaire.conf.yml b/apache-inventaire.conf.yml
index 6bc8aa3..e0f416a 100644
--- a/apache-inventaire.conf.yml
+++ b/apache-inventaire.conf.yml
@@ -1,6 +1,6 @@
---
- name: "Apache installation"
- hosts: 1-1.practice-k8s.cloud
+ hosts: 8-1.practice-k8s.cloud
tasks:
- name: "Apache package installation"
yum:
diff --git a/apache-when.yml b/apache-when.yml
index d4a2961..f550cbd 100644
--- a/apache-when.yml
+++ b/apache-when.yml
@@ -1,6 +1,6 @@
---
- name: "Apache installation"
- hosts: 1-1.practice-k8s.cloud
+ hosts: 8-1.practice-k8s.cloud
tasks:
- name: "Apache package installation"
yum:
diff --git a/block-example.yml b/block-example.yml
new file mode 100644
index 0000000..aa15e45
--- /dev/null
+++ b/block-example.yml
@@ -0,0 +1,46 @@
+---
+- name: Create user {{ user }}
+ hosts: labs
+ vars:
+ user: webadmin
+ sshkey: /home/rocky/.ssh/id_rsa.pub
+ tasks:
+ - name: Execute block
+ block:
+ - name: Create user {{ user }}
+ ansible.builtin.user:
+ name: "{{ user }}"
+ create_home: true
+ state: present
+
+ - name: Set authorized key taken from file
+ ansible.posix.authorized_key:
+ user: "{{ user }}"
+ key: "{{ lookup('file', '{{ sshkey }}') }}"
+ state: present
+
+ - name: Test ssh connexion
+ ansible.builtin.command: su - rocky -c 'ssh -o StrictHostKeyChecking=no {{ user }}@{{ item }} "exit 0"'
+ delegate_to: localhost
+ become: false
+ register: ssh_out
+ changed_when: false
+ with_items:
+ - "{{ groups['labs'] }}"
+
+ rescue:
+ - name: Delete user {{ user }}
+ ansible.builtin.user:
+ name: "{{ user }}"
+ state: absent
+ always:
+ - name: Show user info
+ ansible.builtin.command: id {{ user }}
+ changed_when: false
+ register: info
+
+ - name: Write log to file
+ ansible.builtin.lineinfile:
+ line: "{{ info }}"
+ path: /tmp/ansible.log
+ delegate_to: localhost
diff --git a/install-apache.yml b/install-apache.yml
index 78bf7b7..2d443e4 100644
--- a/install-apache.yml
+++ b/install-apache.yml
@@ -2,23 +2,40 @@
# name : le nom du playbook (apporte de la clarté au code)
- name: "Apache Installation"
# hosts : la liste des machines sur lesquels nous allons travailler
- hosts: 1-1.practice-k8s.cloud
+ hosts:
+ - "{{targethost}}"
+ vars:
+ targethost: 8-1.practice-k8s.cloud
# tasks : une liste d’instructions à dérouler
tasks:
- name: "Install apache package"
# module pour l’installation du package
- dnf:
+ ansible.builtin.dnf:
# Les differentes options
name: "httpd"
state: "present"
- name: "Start apache service"
- service:
+ ansible.builtin.service:
name: "httpd"
state: "started"
enabled: yes
- name: "Copy www.html"
- copy:
+ ansible.builtin.copy:
src: "www.html"
dest: "/var/www/html"
owner: "apache"
group: "apache"
+ - name: "Test web server connection"
+ ansible.builtin.uri:
+ url: http://{{targethost}}/www.html
+ status_code: 200
+ register: response
+ ignore_errors: true
+ - name: show response
+ ansible.builtin.debug:
+ var: response
+ - name: Check result code
+ ansible.builtin.assert:
+ that: response.status == 200
+ success_msg: "OK"
+ fail_msg: "NOK"
diff --git a/intranet-pass.yml b/intranet-pass.yml
index 13cdc04..7bd2866 100644
--- a/intranet-pass.yml
+++ b/intranet-pass.yml
@@ -1,6 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
-65376531313239623939643133356639373562356264326464396437313436376562626435333164
-6364363234356264353131366165656564376264306162360a303431616164613666646564663030
-35646439613736383763663831613130383536353934333331393031316333656666363163383066
-3639623834353531350a363035633661396438643332393331373536623163373265346333623832
-35613039623163646536646164336139336231643031666364393934316461653163
+30653865313062653836366530316565613438363032333963353433393436613137643662636562
+3132323239373166663338383066663938386562393933650a633133353862613833323766353238
+37643064316662633261363464356236326465303338363764363161616464613237316239646236
+3235383438663632340a363534303736613539323432623166376465326239363664343365643237
+64376339373835346536666432623238616464643334353238303661303964353432636339383833
+3939366431616435626562613365383939663061656464383966
diff --git a/inventory.ini b/inventory.ini
index 2025422..46a0875 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -1,17 +1,17 @@
[labs]
-1-1.practice-k8s.cloud
-1-2.practice-k8s.cloud
+8-1.practice-k8s.cloud
+8-2.practice-k8s.cloud
[all:vars] # Prend le dessus sur tout !
-ansible_ssh_user=rocky
+# ansible_ssh_user=rocky
ansible_ssh_private_key_file=/home/rocky/.ssh/id_rsa
[apache]
-1-1.practice-k8s.cloud
+8-1.practice-k8s.cloud
[mysql]
-1-2.practice-k8s.cloud
+8-2.practice-k8s.cloud
[dockerhost]
-1-2.practice-k8s.cloud
+8-2.practice-k8s.cloud
diff --git a/jinja4.yml b/jinja4.yml
index 8cc91f4..73c1962 100644
--- a/jinja4.yml
+++ b/jinja4.yml
@@ -3,7 +3,7 @@
hosts: all
gather_facts: yes
vars:
- host_inventory: "1-1.practice-k8s.cloud"
+ host_inventory: "8-1.practice-k8s.cloud"
inventory_dir: "/var/www/html/inventory"
tasks:
- name: "Create template directory"
diff --git a/jinja5.yml b/jinja5.yml
index f775c3c..5485caa 100644
--- a/jinja5.yml
+++ b/jinja5.yml
@@ -3,7 +3,7 @@
hosts: all
gather_facts: yes
vars:
- host_inventory: "1-1.practice-k8s.cloud"
+ host_inventory: "8-1.practice-k8s.cloud"
inventory_dir: "/var/www/html/inventory"
tasks:
- name: "Create template directory"
diff --git a/partial-vault.yml b/partial-vault.yml
index ea2fab8..d102c74 100644
--- a/partial-vault.yml
+++ b/partial-vault.yml
@@ -1,8 +1,8 @@
user: "alex"
pass : !vault |
$ANSIBLE_VAULT;1.1;AES256
- 31643465373363646639363831636564363362663631653566353139343466653438333830636332
- 6137626364373038626663636630363366326631656532320a383761626130343037393762376638
- 31363666616134633533636133663431396565356462633461373935633634643831376430306563
- 6334613131626562370a633263366539653439383434303966616432313933313962366335323831
- 6264
+ 32373038623334303065613963653032333233366339323034303532366638376334313263326266
+ 3334386566643937306436623562393030383161626365370a343830376538336166623065613936
+ 32363637666366396261316135336236323131313836336664636565333161356138386362363465
+ 3738373637366430340a313030663733343263356462346137383161383264333330633635346534
+ 6138
diff --git a/secret1.yml b/secret1.yml
new file mode 100644
index 0000000..b45297a
--- /dev/null
+++ b/secret1.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+33313038313931316263346263303766656637376365343031323135613461353364373932373534
+3862386434396162333333306239636531393064656437310a343738336239343463316133636230
+30616462353066653563316635373363623261626565636161636361333962613432316362376362
+3238353362366630650a613261333830383234386230613839313639326462336236303965356363
+65613832343538633939373430666134393765323434633234623430336336353631
diff --git a/secret2.yml b/secret2.yml
new file mode 100644
index 0000000..e527d87
--- /dev/null
+++ b/secret2.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+37663262313464386637646565303964663937336464353730633233323161666362393235653432
+3933613166633735386531643166616138633234623133370a386638303037326431343532623331
+31656230306164306638373934356238663938313536656339326237616433343230333963646262
+3835633662653331320a333764646137393865363362343961386536306136393961326166386366
+61363439623163386536663934633133656538313966656238643239616136363338
diff --git a/setup_user.yml b/setup_user.yml
new file mode 100644
index 0000000..1a82c43
--- /dev/null
+++ b/setup_user.yml
@@ -0,0 +1,58 @@
+---
+- name: Create user {{ user }}
+ hosts: labs
+ vars:
+ user: user-ansible
+ sshkey: /home/rocky/.ssh/id_rsa.pub
+ sshpriv: /home/rocky/.ssh/id_rsa
+ tasks:
+
+ - name: Create user {{ user }}
+ ansible.builtin.user:
+ name: "{{ user }}"
+ create_home: true
+ state: present
+
+ - name: Add user to sudoer {{ user }}
+ community.general.sudoers:
+ name: "{{ user }}"
+ user: "{{ user }}"
+ nopassword: true
+ commands: ALL
+ state: present
+
+ - name: Set authorized key taken from file
+ ansible.posix.authorized_key:
+ user: "{{ user }}"
+ key: "{{ lookup('file', '{{ sshkey }}') }}"
+ state: present
+
+ - name: Test ssh connexion
+ ansible.builtin.command: ssh -i {{ sshpriv }} {{ user }}@{{ item }} sudo -l
+ delegate_to: localhost
+ become: false
+ register: ssh_out
+ changed_when: false
+ ignore_errors: true
+ with_items:
+ - "{{ groups['labs'] }}"
+
+ - name: Log SSH command result
+ ansible.builtin.debug:
+ var: item
+ when: item.rc == 0
+ with_items:
+ - "{{ ssh_out['results'] }}"
+
+ - name: Check if user can execute sudo
+ ansible.builtin.command: sudo -l
+ become: true
+ become_user: "{{ user }}"
+ register: sudo_out
+ changed_when: false
+ ignore_errors: true
+
+ - name: Log sudo -l command
+ ansible.builtin.debug:
+ var: sudo_out
+ when: sudo_out.rc == 0
diff --git a/show-secrets.yml b/show-secrets.yml
new file mode 100644
index 0000000..aa4836e
--- /dev/null
+++ b/show-secrets.yml
@@ -0,0 +1,20 @@
+---
+- name: Show secrets
+ hosts: localhost
+ vars:
+ secrets:
+ - secret1.yml
+ - secret2.yml
+ tasks:
+ - name: load secrets
+ ansible.builtin.include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ secrets }}"
+ register: clear_secrets
+
+ - name: Afficher variables
+ ansible.builtin.debug:
+ var: item.ansible_facts
+ with_items:
+ - "{{ clear_secrets['results'] }}"
diff --git a/vault.key b/vault.key
index 3131e80..8dc2828 100644
--- a/vault.key
+++ b/vault.key
@@ -1 +1 @@
-alexandre
+dany
diff --git a/www.html b/www.html
index e151180..2fd21ac 100644
--- a/www.html
+++ b/www.html
@@ -1 +1 @@
-Ansible <> Bonjour !
\ No newline at end of file
+Ansible <> Bonjour 14:08!
\ No newline at end of file