Commit 1782f856 authored by Vincent Mazenod's avatar Vincent Mazenod
Browse files

next prez init

parent 8b7f9a11
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>ansible</title>
<link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
<link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
<link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section data-markdown="md/ansible.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
data-charset="utf-8">
</section>
</div>
</div>
<script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
<script src="../../node_modules/reveal.js/js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: false,
dependencies: [
{ src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
{ src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
{ src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
{ src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
]
});
</script>
</body>
</html>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>aws</title>
<link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
<link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
<link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section data-markdown="md/aws.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
data-charset="utf-8">
</section>
</div>
</div>
<script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
<script src="../../node_modules/reveal.js/js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: false,
dependencies: [
{ src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
{ src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
{ src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
{ src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
]
});
</script>
</body>
</html>
# ansible
![ansible](images/ansible.png "ansible")<!-- .element width="30%" -->
* task
* register
* debug
* loop
* set_fact
* pre_task
* roles
* playbook
* ligne de commande
* --check --diff
* verbosité
* tags
* variable (see debug task)
* hierarchie
* from env ou Vault
* acces dynamique
* ansible-vault : utiliser vault
* plugin
* callback
* filter
* lookup
* modules ansible utile
* pexpect
* remote roles
### Récupérer les roles nécessaires
* mettre à jour `requirements.yml` avec les rôles nécessaires
* récupérer les rôles
```
ansible-galaxy install -f -r requirements.yml -p ansible/roles/public
```
# aws
![aws](images/aws.png "aws")<!-- .element width="30%" -->
aka **AW**esome **S**tack
# terraform
![terraform](images/terraform.png "terraform")<!-- .element width="30%" -->
# vault
**By HashiCorp**
![vault](images/vault.png "vault")<!-- .element width="30%" -->
[https://vault.isima.fr](https://vault.isima.fr)
# Secrets
Il existe deux étages deux secrets dans la stack
* les **secrets locaux**: sont gérés par la commande `ansible-vault` et peuvent être lus simplement avec la commande `avq` de la stack (accessible une fois l'environnement activé). Les **secrets locaux** sont chiffrés en local, mais le fait qu'ils ne soient pas versionnés rend ce chiffrement non indispensable.
* les **secrets globaux**: sont gérés par la commande `vault` de HashiCorp et peuvent être lus simplement avec la commande `hvq` de la stack (accessible une fois l'environnement activé). les secrets sont disponibles selon les permissions du jeton utilisés. les **secrets globaux** sont utilisés pour construire les **secrets locaux**
## Générer un secret
Un secret robuste en ligne de commande se génère avec la commande `openssl` comme suit
```
$ openssl rand -base64 256
```
écrire le secret dans un fichier
```
$ openssl rand -base64 256 > ~/.ansible_secrets/stack
```
Stocker le secret directement dans hashicorp vault
```
$ openssl rand -base64 256 @TODO
```
## Vault
```
vault login -method=ldap username=vimazeno # vault login token=<token>
vault kv put cri/clusters/ovh/duncan/proxmoxapi password=itsasecret
vault read cri/clusters/ovh/duncan/proxmoxapi
vault read cri/clusters/ovh/duncan/proxmoxapi -format=json
vault read cri/clusters/ovh/duncan/proxmoxapi -format=json | jq .data
vault read cri/clusters/ovh/duncan/proxmoxapi -format=json | jq .data.password
vault delete cri/clusters/ovh/duncan/proxmoxapi
```
l'authentification ldap créée un fichier dans ~/.vault-token contenant votre token utilisateur avec vos permissions associées
```
vault kv patch cri/clusters/ovh/duncan/proxmoxapi password="$(openssl rand -base64 25)"
```
**N.B.** patch met à jour l'entrée avec KV2 et écrase les autres avec KV1 (on a activé KV2)
## Stocker un secret
Ce secret devrait être stocké dans https://vault.isima.fr
Avec la commande `vault` [@TODO vault install] dans le path adéquat.
Interroger la structure du vault avec la command `vault-tree` avant de choisir le path du secret semble une bonne idée [vault-tree]().
Ces consignes sont valables pour tous le secrets de ce tutoriel
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>terraform</title>
<link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
<link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
<link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section data-markdown="md/terraform.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
data-charset="utf-8">
</section>
</div>
</div>
<script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
<script src="../../node_modules/reveal.js/js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: false,
dependencies: [
{ src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
{ src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
{ src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
{ src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
]
});
</script>
</body>
</html>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>vault</title>
<link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
<link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
<link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="../main.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section data-markdown="md/vault.md"
data-separator="^\n\n\n"
data-separator-vertical="^\n\n"
data-separator-notes="^Note:"
data-charset="utf-8">
</section>
</div>
</div>
<script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
<script src="../../node_modules/reveal.js/js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: false,
dependencies: [
{ src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
{ src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
{ src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
{ src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
]
});
</script>
</body>
</html>
......@@ -67,6 +67,10 @@
<h3>cri</h3>
<li><a href="cri/criprod.html">criprod</a></li>
<li><a href="cri/vault.html">vault</a></li>
<li><a href="cri/ansible.html">ansible</a></li>
<li><a href="cri/terraform.html">terraform</a></li>
<li><a href="cri/aws.html">aws</a></li>
<h3>privacy</h3>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment