add finished excesile

2025-04-11 07:52:16 +00:00 · 2025-04-11 07:52:16 +00:00 · 5fd628a7d8
commit 5fd628a7d8
parent 7f5aa23b3c
23 changed files with 210 additions and 53 deletions
--- a/1-1.practice-k8s.cloud.html
+++ b/1-1.practice-k8s.cloud.html
@ -1,12 +0,0 @@
-<html>
-  <head>
-    <title>Machine 1-1.practice-k8s.cloud</title>
-  </head>
-  <body>
-    <p>Cette machine s’appelle 1-1.practice-k8s.cloud</p>
-    <p>Ci-dessous la liste de ces adresses :</p>
-    <ul>
-     IP : 10.75.40.101
-    </ul>
-  </body>
-</html>
--- a/1-2.practice-k8s.cloud.html
+++ b/1-2.practice-k8s.cloud.html
@ -1,12 +0,0 @@
-<html>
-  <head>
-    <title>Machine 1-2.practice-k8s.cloud</title>
-  </head>
-  <body>
-    <p>Cette machine s’appelle 1-2.practice-k8s.cloud</p>
-    <p>Ci-dessous la liste de ces adresses :</p>
-    <ul>
-     IP : 10.76.132.143
-    </ul>
-  </body>
-</html>
--- a/8-1.practice-k8s.cloud.html
+++ b/8-1.practice-k8s.cloud.html
@ -0,0 +1,12 @@
+<html>
+  <head>
+    <title>Machine 8-1.practice-k8s.cloud</title>
+  </head>
+  <body>
+    <p>Cette machine s’appelle 8-1.practice-k8s.cloud</p>
+    <p>Ci-dessous la liste de ces adresses :</p>
+    <ul>
+     IP : 51.68.83.215
+    </ul>
+  </body>
+</html>
--- a/8-2.practice-k8s.cloud.html
+++ b/8-2.practice-k8s.cloud.html
@ -0,0 +1,12 @@
+<html>
+  <head>
+    <title>Machine 8-2.practice-k8s.cloud</title>
+  </head>
+  <body>
+    <p>Cette machine s’appelle 8-2.practice-k8s.cloud</p>
+    <p>Ci-dessous la liste de ces adresses :</p>
+    <ul>
+     IP : 217.182.93.152
+    </ul>
+  </body>
+</html>
--- a/ansible.cfg
+++ b/ansible.cfg
@ -12,10 +12,11 @@

 [defaults]
 inventory = inventory.ini
-#remote_user = user-ansible
+remote_user = user-ansible
 host_key_checking = false
-#vault_password_file = /root/ansible/vault.key
+vault_password_file = /root/workspace/ansible-practice/vault.key
 #callbacks_enabled = timer, profile_roles, profile_tasks
+log_path=/tmp/ansible_log.txt

 [privilege_escalation] 
 become = True
--- a/ansible_vault_key_1.txt
+++ b/ansible_vault_key_1.txt
@ -0,0 +1 @@
+dany
--- a/ansible_vault_key_2.txt
+++ b/ansible_vault_key_2.txt
@ -0,0 +1 @@
+lxsang
--- a/apache-inventaire.conf.tag.yml
+++ b/apache-inventaire.conf.tag.yml
@ -1,6 +1,6 @@
 ---
 - name: "Apache installation" 
-  hosts: 1-1.practice-k8s.cloud
+  hosts: 8-1.practice-k8s.cloud
  tasks: 
    - name: "Apache package installation" 
      yum: 
--- a/apache-inventaire.conf.yml
+++ b/apache-inventaire.conf.yml
@ -1,6 +1,6 @@
 ---
 - name: "Apache installation" 
-  hosts: 1-1.practice-k8s.cloud
+  hosts: 8-1.practice-k8s.cloud
  tasks: 
    - name: "Apache package installation" 
      yum: 
--- a/apache-when.yml
+++ b/apache-when.yml
@ -1,6 +1,6 @@
 ---
 - name: "Apache installation" 
-  hosts: 1-1.practice-k8s.cloud
+  hosts: 8-1.practice-k8s.cloud
  tasks: 
    - name: "Apache package installation" 
      yum: 
--- a/block-example.yml
+++ b/block-example.yml
@ -0,0 +1,46 @@
+---
+- name: Create user {{ user }}
+  hosts: labs
+  vars:
+    user: webadmin
+    sshkey: /home/rocky/.ssh/id_rsa.pub
+  tasks:
+    - name: Execute block
+      block:
+        - name: Create user {{ user }}
+          ansible.builtin.user:
+            name: "{{ user }}"
+            create_home: true
+            state: present
+
+        - name: Set authorized key taken from file
+          ansible.posix.authorized_key:
+            user: "{{ user }}"
+            key: "{{ lookup('file', '{{ sshkey }}') }}"
+            state: present
+
+        - name: Test ssh connexion
+          ansible.builtin.command: su - rocky -c 'ssh -o StrictHostKeyChecking=no {{ user }}@{{ item }} "exit 0"'
+          delegate_to: localhost
+          become: false
+          register: ssh_out
+          changed_when: false
+          with_items:
+            - "{{ groups['labs'] }}"
+
+      rescue:
+        - name: Delete user {{ user }}
+          ansible.builtin.user:
+            name: "{{ user }}"
+            state: absent
+      always:
+        - name: Show user info
+          ansible.builtin.command: id {{ user }}
+          changed_when: false
+          register: info
+
+        - name: Write log to file
+          ansible.builtin.lineinfile:
+            line: "{{ info }}"
+            path: /tmp/ansible.log
+          delegate_to: localhost
--- a/install-apache.yml
+++ b/install-apache.yml
@ -2,23 +2,40 @@
 # name : le nom du playbook (apporte de la clarté au code)
 - name: "Apache Installation"
  # hosts : la liste des machines sur lesquels nous allons travailler
-  hosts: 1-1.practice-k8s.cloud
+  hosts:
+    - "{{targethost}}"
+  vars:
+    targethost: 8-1.practice-k8s.cloud
  # tasks : une liste d’instructions à dérouler
  tasks:
    - name: "Install apache package"
      # module pour l’installation du package
-      dnf:
+      ansible.builtin.dnf:
        # Les differentes options
        name: "httpd"
        state: "present"
    - name: "Start apache service"
-      service:
+      ansible.builtin.service:
        name: "httpd"
        state: "started"
        enabled: yes
    - name: "Copy www.html"
-      copy:
+      ansible.builtin.copy:
        src: "www.html"
        dest: "/var/www/html"
        owner: "apache"
        group: "apache"
+    - name: "Test web server connection"
+      ansible.builtin.uri:
+        url: http://{{targethost}}/www.html
+        status_code: 200
+      register: response
+      ignore_errors: true
+    - name: show response
+      ansible.builtin.debug:
+        var: response
+    - name: Check result code
+      ansible.builtin.assert:
+        that: response.status == 200
+        success_msg: "OK"
+        fail_msg: "NOK"
--- a/intranet-pass.yml
+++ b/intranet-pass.yml
@ -1,6 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-65376531313239623939643133356639373562356264326464396437313436376562626435333164
-6364363234356264353131366165656564376264306162360a303431616164613666646564663030
-35646439613736383763663831613130383536353934333331393031316333656666363163383066
-3639623834353531350a363035633661396438643332393331373536623163373265346333623832
-35613039623163646536646164336139336231643031666364393934316461653163
+30653865313062653836366530316565613438363032333963353433393436613137643662636562
+3132323239373166663338383066663938386562393933650a633133353862613833323766353238
+37643064316662633261363464356236326465303338363764363161616464613237316239646236
+3235383438663632340a363534303736613539323432623166376465326239363664343365643237
+64376339373835346536666432623238616464643334353238303661303964353432636339383833
+3939366431616435626562613365383939663061656464383966
--- a/inventory.ini
+++ b/inventory.ini
@ -1,17 +1,17 @@
 [labs]
-1-1.practice-k8s.cloud
-1-2.practice-k8s.cloud
+8-1.practice-k8s.cloud
+8-2.practice-k8s.cloud

 [all:vars] # Prend le dessus sur tout !
-ansible_ssh_user=rocky  
+# ansible_ssh_user=rocky  
 ansible_ssh_private_key_file=/home/rocky/.ssh/id_rsa

 [apache] 
-1-1.practice-k8s.cloud
+8-1.practice-k8s.cloud

 [mysql] 
-1-2.practice-k8s.cloud
+8-2.practice-k8s.cloud

 [dockerhost]
-1-2.practice-k8s.cloud
+8-2.practice-k8s.cloud

--- a/jinja4.yml
+++ b/jinja4.yml
@ -3,7 +3,7 @@
  hosts: all
  gather_facts: yes
  vars:
-    host_inventory: "1-1.practice-k8s.cloud"
+    host_inventory: "8-1.practice-k8s.cloud"
    inventory_dir:  "/var/www/html/inventory"
  tasks:
    - name: "Create template directory"
--- a/jinja5.yml
+++ b/jinja5.yml
@ -3,7 +3,7 @@
  hosts: all
  gather_facts: yes
  vars:
-    host_inventory: "1-1.practice-k8s.cloud"
+    host_inventory: "8-1.practice-k8s.cloud"
    inventory_dir:  "/var/www/html/inventory"
  tasks:
    - name: "Create template directory"
--- a/partial-vault.yml
+++ b/partial-vault.yml
@ -1,8 +1,8 @@
 user: "alex"
 pass : !vault |
          $ANSIBLE_VAULT;1.1;AES256
-          31643465373363646639363831636564363362663631653566353139343466653438333830636332
-          6137626364373038626663636630363366326631656532320a383761626130343037393762376638
-          31363666616134633533636133663431396565356462633461373935633634643831376430306563
-          6334613131626562370a633263366539653439383434303966616432313933313962366335323831
-          6264
+          32373038623334303065613963653032333233366339323034303532366638376334313263326266
+          3334386566643937306436623562393030383161626365370a343830376538336166623065613936
+          32363637666366396261316135336236323131313836336664636565333161356138386362363465
+          3738373637366430340a313030663733343263356462346137383161383264333330633635346534
+          6138
--- a/secret1.yml
+++ b/secret1.yml
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+33313038313931316263346263303766656637376365343031323135613461353364373932373534
+3862386434396162333333306239636531393064656437310a343738336239343463316133636230
+30616462353066653563316635373363623261626565636161636361333962613432316362376362
+3238353362366630650a613261333830383234386230613839313639326462336236303965356363
+65613832343538633939373430666134393765323434633234623430336336353631
--- a/secret2.yml
+++ b/secret2.yml
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+37663262313464386637646565303964663937336464353730633233323161666362393235653432
+3933613166633735386531643166616138633234623133370a386638303037326431343532623331
+31656230306164306638373934356238663938313536656339326237616433343230333963646262
+3835633662653331320a333764646137393865363362343961386536306136393961326166386366
+61363439623163386536663934633133656538313966656238643239616136363338
--- a/setup_user.yml
+++ b/setup_user.yml
@ -0,0 +1,58 @@
+---
+- name: Create user {{ user }}
+  hosts: labs
+  vars:
+    user: user-ansible
+    sshkey: /home/rocky/.ssh/id_rsa.pub
+    sshpriv: /home/rocky/.ssh/id_rsa
+  tasks:
+
+    - name: Create user {{ user }}
+      ansible.builtin.user:
+        name: "{{ user }}"
+        create_home: true
+        state: present
+
+    - name: Add user to sudoer {{ user }}
+      community.general.sudoers:
+        name: "{{ user }}"
+        user: "{{ user }}"
+        nopassword: true
+        commands: ALL
+        state: present
+
+    - name: Set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: "{{ user }}"
+        key: "{{ lookup('file', '{{ sshkey }}') }}"
+        state: present
+
+    - name: Test ssh connexion
+      ansible.builtin.command: ssh -i {{ sshpriv }} {{ user }}@{{ item }} sudo -l
+      delegate_to: localhost
+      become: false
+      register: ssh_out
+      changed_when: false
+      ignore_errors: true
+      with_items:
+        - "{{ groups['labs'] }}"
+
+    - name: Log SSH command result
+      ansible.builtin.debug:
+        var: item
+      when: item.rc == 0
+      with_items:
+        - "{{ ssh_out['results'] }}"
+
+    - name: Check if user can execute sudo
+      ansible.builtin.command: sudo -l
+      become: true
+      become_user: "{{ user }}"
+      register: sudo_out
+      changed_when: false
+      ignore_errors: true
+
+    - name: Log sudo -l command
+      ansible.builtin.debug:
+        var: sudo_out
+      when: sudo_out.rc == 0
--- a/show-secrets.yml
+++ b/show-secrets.yml
@ -0,0 +1,20 @@
+---
+- name: Show secrets
+  hosts: localhost
+  vars:
+    secrets:
+        - secret1.yml
+        - secret2.yml 
+  tasks:
+    - name: load secrets
+      ansible.builtin.include_vars:
+        file: "{{ item }}"
+      with_items:
+        - "{{ secrets }}"
+      register: clear_secrets
+
+    - name: Afficher variables
+      ansible.builtin.debug:
+        var: item.ansible_facts
+      with_items:
+        - "{{ clear_secrets['results'] }}"
--- a/vault.key
+++ b/vault.key
@ -1 +1 @@
-alexandre
+dany
--- a/www.html
+++ b/www.html
@ -1 +1 @@
-Ansible <> Bonjour !
+Ansible <> Bonjour 14:08!