Commit 32cdd3a8 authored by Vincent Mazenod's avatar Vincent Mazenod
Browse files

ansible wip

parent 95a97ab9
......@@ -69,29 +69,55 @@
* [inventory docs](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html)
```ini
localhost ansible_connection=local
[ovh]
duncan
ispconfig-duncan
gitlab-runner-duncan
[all:vars]
environment = production
ansible_python_interpreter = /usr/bin/python3
ansible_user = limosadm
```
[webservers]
jumper ansible_port=5555 ansible_host=192.0.2.50
bar.example.com ansible_user=limosadm
## tips ssh
[dbservers]
one.example.com
two.example.com
www[03:10].example.com
* utilisez ~/.ssh/config
```
Host duncan
User limosadm
IdentityFile ~/.ssh/keys/limosadm
Hostname duncan.isima.fr
Host ispconfig-duncan
User limosadm
Hostname 10.10.100.2
IdentityFile ~/.ssh/keys/limosadm
ProxyCommand ssh duncan -W %h:%p
```
## ansible / ad-hoc command
```
$ ansible all --inventory-file=inventory.ini \
--module-name ping -u root
$ ansible atlanta -a "/usr/bin/foo" \
-u username --become --become-user \
otheruser --ask-become-pass
$ ansible all --inventory-file=inventory.ini --module-name ping
$ ansible ovh -a "/usr/bin/uptime"
duncan | CHANGED | rc=0 >>
18:15:42 up 16 days, 43 min, 1 user, load average: 0,10, 0,10, 0,03
gitlab-runner-duncan | CHANGED | rc=0 >>
18:15:45 up 15 days, 1:00, 1 user, load average: 0.06, 0.03, 0.01
ispconfig-duncan | CHANGED | rc=0 >>
18:15:48 up 15 days, 1:00, 1 user, load average: 0.02, 0.02, 0.00
```
## ansible / ad-hoc command
* [docs ad-hoc command](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html)
* shell
* packages
......@@ -102,19 +128,30 @@ $ ansible atlanta -a "/usr/bin/foo" \
## playbook
[docs playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html)
```
ansible-playbook ansible/playbooks/ovh/duncan.yml
```
* `--check` simule les tâches à effectuer sans les effectuer (dry-run)
* `--diff` indique ce qui change
* `-v`, `-vv`, `-vvv`, `-vvvv` pour la verbosité
* `--list-tags` liste tous les tags disponibles dans le playbook
* `--tags debug` n'exécute que les tâches du playbook ayant un tag `debug`
* `--skip-tags` exécute toutes les tâches du playbook sauf celles ayant un tag `debug`
* `always` tag spécial exécuté à tous les coups
* ligne de commande
* --check --diff
* verbosité
[docs playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html)
## variable
* hierarchie
* pas de `-` pas de `.` pas de nuémrique pure dans les noms de variables
* dans l'inventaire
* dans les rôles
* [héritage des variables](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable)
* from env ou Vault
* acces dynamique
* ansible-vault : utiliser vault
* `ansible-vault` nous on utilise vault by HashiCorp
* https://docs.ansible.com/ansible/latest/user_guide/playbooks_prompts.html
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment