Compare revisions

12c34d1d · 12c34d1d · 12c34d1d · 12c34d1d · 12c34d1d · a557b931
--- a/content/slides/cri/ansible-role.html
+++ b/content/slides/cri/ansible-role.html
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>ansible rôle</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/ansible-role.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+  </body>
+</html>
--- a/content/slides/cri/cri.html
+++ b/content/slides/cri/cri.html
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>CRI INP / ISIMA / LIMOS</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/cri.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+  </body>
+</html>
--- a/content/slides/cri/devops.html
+++ b/content/slides/cri/devops.html
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>DevOps</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/devops.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/vagrant.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/ansible.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/vault.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/pve.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/terraform.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/stack.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/gitlab.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/my.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/backup.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/monitoring.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+      <div class="slides">
+        <section data-markdown="md/openstack.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+  </body>
+</html>
--- a/content/slides/cri/gitlab.html
+++ b/content/slides/cri/gitlab.html
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>gitlab</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/gitlab.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+  </body>
+</html>
--- a/content/slides/cri/images/80columns.jpg
+++ b/content/slides/cri/images/80columns.jpg
--- a/content/slides/cri/images/aws.png
+++ b/content/slides/cri/images/aws.png
--- a/content/slides/cri/images/batiments.png
+++ b/content/slides/cri/images/batiments.png
--- a/content/slides/cri/images/cri.jpeg
+++ b/content/slides/cri/images/cri.jpeg
--- a/content/slides/cri/images/devops-toolchain.png
+++ b/content/slides/cri/images/devops-toolchain.png
--- a/content/slides/cri/images/devops-tools.png
+++ b/content/slides/cri/images/devops-tools.png
--- a/content/slides/cri/images/gitlab.png
+++ b/content/slides/cri/images/gitlab.png
--- a/content/slides/cri/images/preservatif-darvador.jpg
+++ b/content/slides/cri/images/preservatif-darvador.jpg
--- a/content/slides/cri/images/proxmox.png
+++ b/content/slides/cri/images/proxmox.png
--- a/content/slides/cri/images/stack.png
+++ b/content/slides/cri/images/stack.png
--- a/content/slides/cri/images/vault-auth.png
+++ b/content/slides/cri/images/vault-auth.png
--- a/content/slides/cri/images/vault-ci.png
+++ b/content/slides/cri/images/vault-ci.png
--- a/content/slides/cri/images/vault-secrets-engines.png
+++ b/content/slides/cri/images/vault-secrets-engines.png
--- a/content/slides/cri/manifest.html
+++ b/content/slides/cri/manifest.html
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+
+    <title>manifest</title>
+
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/reveal.css">
+    <link rel="stylesheet" href="../../node_modules/reveal.js/css/theme/white.css">
+
+    <!-- Theme used for syntax highlighting of code -->
+    <link rel="stylesheet" href="../../node_modules/reveal.js/lib/css/zenburn.css">
+    <link rel="stylesheet" href="../../node_modules/font-awesome/css/font-awesome.min.css">
+    <link rel="stylesheet" href="../main.css">
+
+    <!-- Printing and PDF exports -->
+    <script>
+      var link = document.createElement( 'link' );
+      link.rel = 'stylesheet';
+      link.type = 'text/css';
+      link.href = window.location.search.match( /print-pdf/gi ) ? '../../node_modules/reveal.js/css/print/pdf.css' : '../../node_modules/reveal.js/css/print/paper.css';
+      document.getElementsByTagName( 'head' )[0].appendChild( link );
+    </script>
+  </head>
+  <body>
+    <div class="reveal">
+      <div class="slides">
+        <section data-markdown="md/manifest.md"
+         data-separator="^\n\n\n"
+         data-separator-vertical="^\n\n"
+         data-separator-notes="^Note:"
+         data-charset="utf-8">
+       </section>
+      </div>
+    </div>
+
+    <script src="../../node_modules/reveal.js/lib/js/head.min.js"></script>
+    <script src="../../node_modules/reveal.js/js/reveal.js"></script>
+
+    <script>
+      // More info about config & dependencies:
+      // - https://github.com/hakimel/reveal.js#configuration
+      // - https://github.com/hakimel/reveal.js#dependencies
+      Reveal.initialize({
+        controls: true,
+        progress: true,
+        history: true,
+        center: false,
+        dependencies: [
+          { src: '../../node_modules/reveal.js/plugin/markdown/marked.js' },
+          { src: '../../node_modules/reveal.js/plugin/markdown/markdown.js' },
+          { src: '../../node_modules/reveal.js/plugin/notes/notes.js', async: true },
+          { src: '../../node_modules/reveal.js/plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
+        ]
+      });
+    </script>
+  </body>
+</html>
--- a/content/slides/cri/md/ansible-role.md
+++ b/content/slides/cri/md/ansible-role.md
+## boilerplate
+
+[ansible-role-boilerplate](https://gitlab.isima.fr/cri/ansible-role-boilerplate)
+
+* Tous les rôles dervaient se tester aussi simplement que ça, en standalone, sans avoir peur de rien casser
+* En pratique il faut parfois y réfléchir un peu
+    * path vault
+    * point de montage
+    * dépendance à des services existants
+
+
+## Directory Layout
+
+[Directory Layout (ansible best practice)](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#directory-layout)
+
+```shell
+ tasks/            #
+  - main.yml        #  <- tasks file can include smaller files if warranted
+ handlers/       #
+  - main.yml      #  <- handlers file
+ templates/      #  <- files for use with the template resource
+  - ntp.conf.j2   #  <- templates end in .j2
+ files/          #
+  - bar.txt       #  <- files for use with the copy resource
+  - foo.sh        #  <- script files for use with the script resource
+ vars/           #
+  - main.yml      #  <- variables associated with this role
+ defaults/       #
+  - main.yml      #  <- default lower priority variables for this role
+ meta/           #
+  - main.yml      #  <- role dependencies
+ library/        # roles can also include custom modules
+ module_utils/   # roles can also include custom module_utils
+ lookup_plugins/ # or other types of plugins, like lookup in this case
+```
+
+
+## Directory Layout Bonus
+
+* Vagrantfile -> cross OS
+* vagrant.rb
+* role.yml
+* .gitignore
+* README.md
+
+
+## TODO
+
+pacakger les box vagrant de manière synchrone avec les templates pve
\ No newline at end of file
--- a/content/slides/cri/md/ansible.md
+++ b/content/slides/cri/md/ansible.md
@@ -13,32 +13,38 @@
 * racheté par RedHat en octobre 2015

 * outils équivalents
-  * puppet, chief, salt ...
+  * [puppet](https://puppet.com/), [chef](https://www.chef.io/#/), [SaltStack](https://www.saltstack.com/) ...


 ## ansible Φ

-* idempotence
-* héritage
+* automatisation
 * réutilisabilité
 * parallélisation
+* idempotence
+
+<br />
+
+#### toute intervention manuelle sur un système est une faute ...<!-- .element class="fragment" -->
+
+## ... GRAVE!<!-- .element class="fragment" -->


 ## ansible

 * écrit en python
  * python 2 par défaut
-  * marche bien en python 3
+  * marche bien en python 3 <i class="fa fa-hand-o-left" aria-hidden="true"></i>
    * virtualenv

-* [ansible docs](https://docs.ansible.com/)
+[<i class="fa fa-book" aria-hidden="true"></i> ansible doc](https://docs.ansible.com/)


 ## ansible

 * prérequis
  * sur la machine pilote (mgmt node)
-    * ansible
+    * ansible (donc python)
  * sur le(s) noeud(s)
    * une connextion ssh ou PowerShell
    * python
@@ -51,197 +57,828 @@

 ## terminologie

-* **mgmt node** (machine pilote) machine surlaquelle ansible est installé et responsable de la configuration de toutes les machines gérées.
-* **inventory** (inventaire) fichier contenant les ip de tous les serveurs à configurer
-* **playbook** gère la configuration à déployer sur chaque serveur
-* **task** fichier où sont définies les actions réalisées par le playbook
+* **mgmt node** (machine pilote)
+  * machine sur laquelle ansible est installé
+  * pilote la configuration de toutes les machines de l'inventaire
+* **inventory** (inventaire)
+  * fichier contenant les ip ou les noms de domaine de toutes les machines à configurer
+* **playbook**
+  * gère la configuration à déployer sur chaque machine


 ## terminologie

-* **module** actions plus ou moins complexe utilisables à partir des **tasks**. ansible possède de [nombreux modules natifs](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html). Il est possible d'écrire ses propres modules.
-* **role** permet d'organiser les playbooks en parties claires et réutilisables
+* **task**
+  * fichier où sont définies les actions réalisées par le playbook
+* **module**
+  * actions plus ou moins complexes, utilisables à partir des **tasks**
+  * ansible possède de nombreux [<i class="fa fa-book" aria-hidden="true"></i> modules natifs](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html)
+  * il est possible d'écrire ses propres modules.
+* **role**
+  * permet d'organiser les playbooks en parties claires et réutilisables


 ## terminologie

-* **play** est l'exécution d'un playbook sur un serveur
-* **facts** information collectée par ansible sur le système du serveur à configurer
-* **handlers** similaire aux **tasks** mais appelable à partir d'une **task** (redémarrage de service par exemple)
+* **facts**
+  * information collectée par ansible sur le système d'une machine à configurer
+  * peuvent être enrichis
+* **handlers**
+  * similaire aux **tasks** mais appelables à partir d'une **task**
+    * typiquement redémarrage de service par exemple


 ## inventory

+* liste des machines accessibles via ssh
+  * organisées par groupes
+  * possibilité de fixer des configurations
+    * pour tous / par groupe / par machine
+  * possibilité de déclarer des variables
+    * pour tous / par groupe / par machine
 * fichier texte au format *ini*
-* organiser par groupes
-* [inventory docs](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html)
+
+[<i class="fa fa-book" aria-hidden="true"></i> inventory](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html)
+
+
+## inventory
+
+dans `./inventory.ini`

 ```ini
+[criprod]
+ansible-test.criprod.isima.fr
+
 [ovh]
-duncan
-ispconfig-duncan
-gitlab-runner-duncan
+ansible-test.ovh.isima.fr

-[all:vars]
+[criprod:vars]
 environment                = production
+
+[all:vars]
 ansible_python_interpreter = /usr/bin/python3
 ansible_user               = limosadm
 ```


-## tips ssh
-
-* utilisez ~/.ssh/config
+## inventory

 ```
-Host duncan
-  User limosadm
-  IdentityFile ~/.ssh/keys/limosadm
-  Hostname duncan.isima.fr
+Host ansible-test.criprod.isima.fr
+   User limosadm
+   Hostname 192.168.220.243
+   IdentityFile ~/.ssh/ids/duncan.isima.fr/limosadm/id_rsa

-Host ispconfig-duncan
+Host ansible-test.ovh.isima.fr
  User limosadm
  Hostname 10.10.100.2
-  IdentityFile ~/.ssh/keys/limosadm
+  IdentityFile ~/.ssh/ids/duncan.isima.fr/limosadm/id_rsa
  ProxyCommand ssh duncan -W %h:%p
 ```

+la connexion ssh doit se faire sans mot de passe sur le système
+
+```shell
+export ANSIBLE_HOST_KEY_CHECKING=False
+```
+
+
+## ad-hoc command
+
+```shell
+$ ansible criprod --inventory-file=inventory.ini  \
+                  -a "/usr/bin/uptime"
+
+other1.isima.fr | CHANGED | rc=0 >>
+ 13:12:02 up 21 days, 21:11,  2 users,  load average: 0.13, 0.88, 0.13
+
+pvecriprod2.isima.fr | CHANGED | rc=0 >>
+ 16:18:08 up 41 days, 23:11,  3 users,  load average: 0.63, 0.18, 0.10

-## ansible / ad-hoc command
+py.criprod.isima.fr | CHANGED | rc=0 >>
+ 15:18:15 up 1 day, 21:51,  1 user,  load average: 0.13, 0.03, 0.01

+gitlab-runner1.criprod.isima.fr | CHANGED | rc=0 >>
+ 15:18:15 up 1 day, 22:14,  1 user,  load average: 0.00, 0.00, 0.00
 ```
-$ ansible all --inventory-file=inventory.ini --module-name ping
-$ ansible ovh -a "/usr/bin/uptime"

-duncan | CHANGED | rc=0 >>
- 18:15:42 up 16 days, 43 min,  1 user,  load average: 0,10, 0,10, 0,03

-gitlab-runner-duncan | CHANGED | rc=0 >>
- 18:15:45 up 15 days,  1:00,  1 user,  load average: 0.06, 0.03, 0.01
+## ad-hoc command

-ispconfig-duncan | CHANGED | rc=0 >>
- 18:15:48 up 15 days,  1:00,  1 user,  load average: 0.02, 0.02, 0.00
+fonctionne avec les modules ansible
+
+```shell
+$ ansible ovh --inventory-file=inventory.ini \
+              --module-name ping
+
+ansible-test.ovh.isima.fr | SUCCESS => {
+    "changed": false,
+    "ping": "pong"
+}
 ```

+avec le module raw python n'est pas nécessaire ;)
+
+```shell
+ansible ovh --inventory-file=inventory.ini \
+-m raw -a "sudo apt update && sudo apt install -y python"
+```

-## ansible / ad-hoc command

-* [docs ad-hoc command](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html)
-  * shell
-  * packages
-  * users / groups
-  * déploiement (git)
-  * services
+## ad-hoc command
+
+* [<i class="fa fa-book" aria-hidden="true"></i> ad-hoc command](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html)
+  * [Parallelism and Shell Commands](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#parallelism-and-shell-commands)
+  * [File Transfer](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#file-transfer)
+  * [Managing Packages](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#managing-packages)
+  * [Users and Groups](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#users-and-groups)
+  * [Deploying From Source Control](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#deploying-from-source-control)
+  * [Managing Services](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#managing-services)
+  * [Time Limited Background Operations](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#time-limited-background-operations)
+  * [Gathering Facts](https://docs.ansible.com/ansible/latest/user_guide/intro_adhoc.html#gathering-facts)


 ## playbook

+[<i class="fa fa-book" aria-hidden="true"></i> playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html)
+
+my-playbook.yml
+
+```yaml
+- name: my-playbook # ce que vous voulez
+  hosts: ovh # ou all
+                 # ou n'importe quel nom de machine
+                 # ou n'importe quel nom de groupe
+  remote_user: limosadm # prioritaire sur ansible_user de l'inventaire
+
+```
+
+
+## playbook
+
+```shell
+$ ansible-playbook my-playbook.yml \
+    --inventory-file=inventory.ini
+```
+
+* exécute le playbook
+  * sur toutes les machines définies dans `hosts:`
+  * en parallèle
+
+```shell
+PLAY [my-playbook] ****************************************************************************
+
+TASK [Gathering Facts] ************************************************************************
+ok: [ansible-test.ovh.isima.fr]
+
+PLAY RECAP ************************************************************************************
+ansible-test.ovh.isima.fr  : ok=1    changed=0    unreachable=0    failed=0
+```
+
+
+## variables
+
+* nommage
+  * pas de `-` pas de `.`
+  * pas de numérique pure
+
+
+## variables
+
+`my-playbook.yml`
+
+```yaml
+- name: my-playbook
+  hosts: ovh
+  remote_user: limosadm
+
+  vars:
+    awesomevar: awesome
+```
+
+`group_vars/all.yml`
+
+```yaml
+coolvar: Coool
+```
+
+
+## variables
+
+[<i class="fa fa-book" aria-hidden="true"></i> debug](https://docs.ansible.com/ansible/latest/modules/debug_module.html)
+
+```yaml
+  tasks:
+
+    - name: display awesome message
+      debug:
+        msg: "{{ awesomevar }}"
+
+    - name: display cool message
+      debug:
+        msg: "{{ coolvar }}"
+```
+
+
+## variables
+
+```shell
+PLAY [my-playbook] ****************************************************************************
+
+TASK [Gathering Facts] ************************************************************************
+ok: [ansible-test.ovh.isima.fr]
+
+TASK [display awesome message] ****************************************************************
+ok: [ansible-test.ovh.isima.fr] => {
+    "msg": "awesome"
+}
+
+TASK [display cool message] *******************************************************************
+ok: [ansible-test.ovh.isima.fr] => {
+    "msg": "Coool"
+}
+
+PLAY RECAP ************************************************************************************
+ansible-test.ovh.isima.fr  : ok=3    changed=0    unreachable=0    failed=0
+```
+
+
+## variables
+
+lit une valeur à partir Vault (<strike>`ansible-vault`</strike>)
+
+```yaml
+vars_prompt:
+  - name: "name"
+    prompt: "what is your name?"
+```
+
+les [<i class="fa fa-book" aria-hidden="true"></i> var_prompts](https://docs.ansible.com/ansible/latest/user_guide/playbooks_prompts.html)
+permettent de lire les variables à partir de l'entrée standard.
+
+
+## variables
+
+* role
+  * [<i class="fa fa-book" aria-hidden="true"></i> `default`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html#role-default-variables)
+* [<i class="fa fa-book" aria-hidden="true"></i>  inventaire](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#defining-variables-in-inventory)
+* [<i class="fa fa-book" aria-hidden="true"></i> `group_vars`, `host_vars`, ou `inventaire.ini`](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#hosts-and-groups)
+* [<i class="fa fa-book" aria-hidden="true"></i> playbook](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#defining-variables-in-a-playbook)
+* [<i class="fa fa-book" aria-hidden="true"></i> ligne de commande](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#passing-variables-on-the-command-line)
+
+#### [précédence des variables](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable)
+
+
+## facts
+
+* valeurs collectées par ansible à l'exécution du playbook
+
+```yaml
+- name: display hostname
+  debug:
+    msg: "System {{ inventory_hostname }}"
+
+- name: display os family
+  debug:
+    msg: "comes from family {{ ansible_os_family }}"
+
+- name: HOSTVARS (ANSIBLE GATHERED, group_vars, host_vars)
+  debug:
+    msg: "{{ hostvars | to_yaml }}"
+```
+
+[<i class="fa fa-book" aria-hidden="true"></i> Variables discovered from systems: Facts](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variables-discovered-from-systems-facts)
+
+
+## jinja
+
+[<i class="fa fa-book" aria-hidden="true"></i> templating](https://docs.ansible.com/ansible-container/container_yml/template.html)
+
+utilisable partout (playbook, role, tasks, template)
+
+
+## filters
+
+[<i class="fa fa-book" aria-hidden="true"></i> filters](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html)
+
+```yaml
+"{{ item_path[:4] | replace('/', '-') }}"
+```
+
+* renvoie le contenu de la variable (un path)
+  * sans les 4 derniers caractères
+  * avec les `/` remplacés par des `-`
+
+[<i class="fa fa-book" aria-hidden="true"></i> developing filters](https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#developing-particular-plugin-types)
+
+
+## lookup
+
+[<i class="fa fa-book" aria-hidden="true"></i> lookup](https://docs.ansible.com/ansible/latest/plugins/lookup.html)
+
+```yaml
+vars:
+  file_contents: "{{lookup('file', 'path/to/file.txt')}}"
+```
+
+```yaml
+- name: lit un secret dans vault (mais on fera pas comme ça)
+  debug:
+    msg: "{{ lookup('hashi_vault', 'secret=secret/hi:value token=xxx url=http://myvault')}}"
+```
+
+```yaml
+- name: lit une variable d'environnement sur le noeud pilote
+  debug:
+    msg: "{{ lookup('env','PVE_NODE') }}"
+```
+
+[<i class="fa fa-book" aria-hidden="true"></i> lookup list](https://docs.ansible.com/ansible/latest/plugins/lookup.html#plugin-list)
+
+[<i class="fa fa-book" aria-hidden="true"></i> developing lookups](https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#developing-particular-plugin-types)
+
+
+## task
+
+[<i class="fa fa-book" aria-hidden="true"></i> loop](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html)
+
+```yaml
+- user:
+    name: "{{ item }}"
+    state: present
+  loop:
+     - testuser1
+     - testuser2
+  loop_control:
+    index_var: key_index
+```
+
+* marche avec
+  * n'importe quelle variable itérable    
+  * [fileglob](https://docs.ansible.com/ansible/latest/plugins/lookup/fileglob.html) - fichiers par pattern
+  * [filetree](https://docs.ansible.com/ansible/latest/plugins/lookup/filetree.html) - tous les fichiers récursivement
+  * ...
+
+
+## task
+
+[<i class="fa fa-book" aria-hidden="true"></i> when](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html)
+
+[<i class="fa fa-book" aria-hidden="true"></i> conditions](https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html)
+
+```yaml
+- name: affiche un message sur la vezrison de l'os
+  shell: echo "only on Red Hat 6, derivatives, and later"
+  when: |
+    ansible_facts['os_family'] == "RedHat" 
+    and ansible_facts['lsb']['major_release']|int >= 6
+```
+
+conditions jinja, à la python:
+* not, is, empty, in ...
+
+
+## ignore_errors
+
+* permet de continuer l'exécution du playbook 
+    * même en cas de retour d'erreur d'une commande
+
+```yaml
+- name: get mysqladmin status
+  shell: mysqladmin status
+  ignore_errors: True
 ```
-ansible-playbook ansible/playbooks/ovh/duncan.yml
+
+
+## failed_when
+
+* permet de forcer à stopper l'exécution du playbook 
+    * sur une condition
+
+```yaml
+- name: get mysqladmin
+  shell: mysqladmin status
+  failed_when: "'FAILED' in command_result.stderr"
 ```

-* `--check` simule les tâches à effectuer sans les effectuer (dry-run)
-* `--diff` indique ce qui change
-* `-v`, `-vv`, `-vvv`, `-vvvv` pour la verbosité
-* `--list-tags` liste tous les tags disponibles dans le playbook
-* `--tags debug` n'exécute que les tâches du playbook ayant un tag `debug`
-* `--skip-tags` exécute toutes les tâches du playbook sauf celles ayant un  tag `debug`
-* `always` tag spécial exécuté à tous les coups
+[<i class="fa fa-book" aria-hidden="true"></i> fail - Fail with custom message](https://docs.ansible.com/ansible/latest/modules/fail_module.html)
+
+* parfois ignorer l'erreur ne suffit pas pour continuer
+    * il faut ajouter `failed_when`
+
+```yaml
+- name: get mysqladmin
+  shell: mysqladmin status
+  ignore_errors: True
+  failed_when: no
+```

-[docs playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks.html)

+## [command modules](https://docs.ansible.com/ansible/latest/modules/list_of_commands_modules.html)

-## variable
+* [<i class="fa fa-book" aria-hidden="true"></i> raw](https://docs.ansible.com/ansible/latest/modules/raw_module.html)
+  * n'utilise que ssh et pas python
+    * permet d'installer python

-* pas de `-` pas de `.` pas de nuémrique pure dans les noms de variables
-* via la ligne de commande
-* dans les rôles
-  * default
-* dans l'inventaire
-* `group_vars`, `host_vars`
-* extra vars (gagne toujours à la précédence)
-* [héritage des variables](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable)
+* [<i class="fa fa-book" aria-hidden="true"></i> command](https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module)
+* [<i class="fa fa-book" aria-hidden="true"></i> shell](https://docs.ansible.com/ansible/latest/modules/shell_module.html)
+  * comme **command** mais au travers d'un shell

+```yaml
+- name: redirige la sortie de somescript.sh dans somelog.txt
+  shell: somescript.sh >> somelog.txt
+  args:
+    chdir: somedir/ifcon
+    creates: somelog.txt
+```

-## variable & secret

-* from env ou Vault
-* acces dynamique
-* `ansible-vault` nous on utilise vault by HashiCorp
+## register

+[<i class="fa fa-book" aria-hidden="true"></i> register](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#registering-variables)

-## variable & secret
+dans une variable

-* [var_prompts](https://docs.ansible.com/ansible/latest/user_guide/playbooks_prompts.html)
-  * ceux là devraient être dans un keepass
-    * gitlab
-    * vault
+```yaml
+- name: le service pam est il lancé
+  shell: "ps -aux | grep pam"
+  register: pam_status
+```

+dans une liste

-## task / basic
+```yaml
+- name: les services sshd, systemd, dbus sont ils lancés
+  shell: "ps -aux | grep {{ item }}"
+  register: services_status
+  loop:
+    - sshd
+    - systemd
+    - dbus
+```

-* [debug](https://docs.ansible.com/ansible/latest/modules/debug_module.html)
-* [raw](https://docs.ansible.com/ansible/latest/modules/raw_module.html)
-* [command](https://docs.ansible.com/ansible/latest/modules/command_module.html#command-module)
-* [shell](https://docs.ansible.com/ansible/latest/modules/shell_module.html)

+## register (<i class="fa fa-gift" aria-hidden="true"></i>)
+
+[<i class="fa fa-book" aria-hidden="true"></i> Return Values](https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html)
+
+```json
+"msg": {
+        "changed": true,
+        "cmd": "ps -aux | grep pam",
+        "delta": "0:00:00.011674",
+        "end": "2019-01-23 20:27:24.836966",
+        "failed": false,
+        "rc": 0,
+        "start": "2019-01-23 20:27:24.825292",
+        "stderr": "",
+        "stderr_lines": [],
+        "stdout": "limosadm 22227  0.0  0.1 193868  2688 ?        S    20:27   0:00 (sd-pam)\nlimosadm 22359  0.0  0.0   4628   856 pts/0    S+   20:27   0:00 /bin/sh -c ps -aux | grep pam\nlimosadm 22361  0.0  0.0  14856  1100 pts/0    S+   20:27   0:00 grep pam",
+        "stdout_lines": [
+            "limosadm 22227  0.0  0.1 193868  2688 ?        S    20:27   0:00 (sd-pam)",
+            "limosadm 22359  0.0  0.0   4628   856 pts/0    S+   20:27   0:00 /bin/sh -c ps -aux | grep pam",
+            "limosadm 22361  0.0  0.0  14856  1100 pts/0    S+   20:27   0:00 grep pam"
+        ]
+    }
+```

-## task / basic

-* register
-* loop
-* set_fact
-* pre_task
-* when
-* tags
+## register (<i class="fa fa-gift" aria-hidden="true"></i>)
+
+afficher l'output
+
+```yaml
+- name: afficher la sortie de la commande
+  debug:
+    msg: pam_status.stdout
+```
+
+itérer sur une liste
+
+```yaml
+- name:  afficher la sortie de chaque commande
+  debug:
+    msg: "{{ services_status.results[item].stdout }}"
+  loop: "{{ range(0, 3)|list }}"
+```
+
+ou
+
+```yaml
+- name:  afficher la sortie de chaque commande
+  debug:
+    msg: "{{ item.stdout }}"
+  loop: "{{ services_status.results }}"
+```
+
+
+## register (<i class="fa fa-gift" aria-hidden="true"></i>)
+
+```yaml
+- name: register foo
+  shell: echo "foo"
+  register: txt
+```
+
+```yaml
+- name: register bar
+  shell: echo "bar"
+  register: txt
+  when: False
+```
+
+If a task fails or is skipped, **the variable still is registered with a failure or skipped status**


 ## modules

-* file
-* infile
-* copy
-* template
-* package
-* stat
-* get_url
-* unarchive
-* user
-* systemd
-* pip
-* pexpect (require pexcpect)
+* [<i class="fa fa-book" aria-hidden="true"></i> file](https://docs.ansible.com/ansible/latest/modules/file_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> lineinfile](https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> copy](https://docs.ansible.com/ansible/latest/modules/copy_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> template](https://docs.ansible.com/ansible/latest/modules/template_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> stat](https://docs.ansible.com/ansible/latest/modules/stat_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> get_url](https://docs.ansible.com/ansible/latest/modules/get_url_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> unarchive](https://docs.ansible.com/ansible/latest/modules/unarchive_module.html)

-## roles

+## modules
+
+* [<i class="fa fa-book" aria-hidden="true"></i> package](https://docs.ansible.com/ansible/latest/modules/package_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> user](https://docs.ansible.com/ansible/latest/modules/user_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> systemd](https://docs.ansible.com/ansible/latest/modules/systemd_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> expect](https://docs.ansible.com/ansible/latest/modules/exepect_module.html)
+  * `pip install pexpect`
+* [<i class="fa fa-book" aria-hidden="true"></i> windows modules](https://docs.ansible.com/ansible/latest/modules/list_of_windows_modules.html)
+* [<i class="fa fa-book" aria-hidden="true"></i> ...](https://docs.ansible.com/ansible/latest/modules/modules_by_category.html)
+
+
+## handlers
+
+```yaml
+  handlers:
+    - name: restart apache
+      service:
+        name: apache2
+        state: restarted
+      listen: "restart apache"
+
+  tasks:
+    - name: enable some apache modules
+      apache2_module:
+        state: present
+        name: "{{ item }}"
+      notify: restart apache
+```
+
+
+## pre / post tasks
+
+```yaml
+pre_tasks:
+  - name: update sources
+    apt:
+      update_cache: yes
+    tags: [base]
+
+...
+
+post_tasks:
+
+...
+```
+
+
+## tags
+
+tags au niveau tâches
+
+```yaml
+- name: MySQL to listen on all interfaces, not just localhost
+      lineinfile:
+        dest: /etc/mysql/mariadb.conf.d/50-server.cnf
+        regexp: "^bind-address            = 127.0.0.1"
+        line: "#bind-address            = 127.0.0.1"
+  tags: [database]
+```
+
+`always` tag spécial exécuté à tous les coups
+
+```yaml
+  pre_tasks:
+
+    - name: update sources
+      apt:
+        update_cache: yes
+      tags: [always]
+```
+
+
+## tags
+
+```shell
+$ ansible-playbook my-playbook.yml --list-tags
+```
+
+liste tous les tags disponibles dans le playbook
+
+```shell
+$ ansible-playbook my-playbook.yml --tags database
+```
+
+n'exécute que les tâches du playbook ayant un tag `database`
+
+```shell
+$ ansible-playbook my-playbook.yml --skip-tags database
+```
+
+exécute toutes les tâches du playbook sauf celles ayant un  tag `database`
+
+
+## dry run

-## remote roles
+```shell
+$ ansible-playbook my-playbook.yml --check --diff
+```
+
+`--check`

+simule les tâches à effectuer sans les effectuer (dry-run)

-### Récupérer les roles nécessaires
+`--diff`

-* mettre à jour `requirements.yml` avec les rôles nécessaires
+indique ce qui change

-* récupérer les rôles

+## verbosity
+
+```shell
+$ ansible-playbook my-playbook.yml -vvv
 ```
-ansible-galaxy install -f -r requirements.yml -p ansible/roles/public
+
+`-v`, `-vv`, `-vvv`, `-vvvv`
+
+pour la verbosité
+
+
+## limit
+
+```shell
+$ ansible-playbook my-playbook.yml --limit=py.isima.fr
 ```

+exécute toutes les tâches du playbook sur py.isima.fr uniquement

-## plugins
+<i class="fa fa-hand-o-down" aria-hidden="true"></i>

-* callback
-* filter
-* lookup
-* module_utils
+[<i class="fa fa-book" aria-hidden="true"></i> ansible-playbook](https://docs.ansible.com/ansible/latest/ansible-playbook.html)


-## skeleton
+## roles
+
+```yaml
+- name: my-playbook # ce que vous voulez
+  hosts: criprod # ou all
+                 # ou n'importe quel nom de machine
+                 # ou n'importe quel nom de groupe
+  remote_user: limosadm # prioritaire sur ansible_user de l'inventaire

-* https://github.com/mrjk/ansible-skel
+  roles:
+
+    - role: debug # le rôle debug sera exécuté par le playbook
+      tags: debug # le tag debug sera ajouté à toutes les tâches du role debug
+      my-variable: "pipo" # il ya d'autres endroit où mettre les variables
+                          # à suivre ...
+    - role: vault-cli # le rôle vault-cli sera exécuté par le playbook
+      tags: vault # le tag vault sera ajouté à toutes les tâches du role vault-cli

 ```
-ansible-galaxy init --role-skeleton /path/to/stack/ansible/roles/skeletons/role-with-vagrant gitlab
+
+
+## layout
+
+[<i class="fa fa-book" aria-hidden="true"></i> Directory Layout](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#directory-layout)
+
+[<i class="fa fa-book" aria-hidden="true"></i> Alternative Directory Layout](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#alternative-directory-layout)
+
+[<i class="fa fa-gitlab" aria-hidden="true"></i> cri/ansible-role-boilerplate](https://gitlab.isima.fr/cri/ansible-role-boilerplate)
+
+
+## roles
+
+* [<i class="fa fa-gitlab" aria-hidden="true"></i> cri/ansible-role-vault](https://gitlab.isima.fr/cri/ansible-role-vault)
+
+* [<i class="fa fa-gitlab" aria-hidden="true"></i> cri/ansible-role-gitlab](https://gitlab.isima.fr/cri/ansible-role-gitlab)
+
+* [<i class="fa fa-gitlab" aria-hidden="true"></i> cri/ansible-role-ispconfig](https://gitlab.isima.fr/cri/ansible-role-ispconfig/)
+
+* [<i class="fa fa-book" aria-hidden="true"></i> debops](https://docs.debops.org/en/master/)
+
+* [<i class="fa fa-github" aria-hidden="true"></i> bau-sec/ansible-openvpn-hardened](https://github.com/bau-sec/ansible-openvpn-hardened)
+* [<i class="fa fa-github" aria-hidden="true"></i> ...](https://github.com/)
+
+
+### skeleton
+
+```shell
+$ git clone git@gitlab.isima.fr:cri/ansible-role-boilerplate.git
+$ ansible-galaxy init --role-skeleton ansible-role-boilerplate gitlab
 ```

+* dev
+
+```shell
+$ ./bin/setup
+$ source ./.venv/bin/activate
+$ vagrant up
+```
+
+* utilisation dans un playbook 
+
+`requirements.yml`
+
+```yaml
+- name: vault
+  src: git+ssh://git@gitlab.isima.fr/cri/ansible-role-vault.git
+  path: ./roles/remotes
+```
+
+```
+$ ansible-galaxy install -f -r requirements.yml
+```
+
+
+## [<i class="fa fa-book" aria-hidden="true"></i> callback](https://docs.ansible.com/ansible/latest/plugins/callback.html)
+
+```shell
+[20:59:19] Install unixODBC | default | CHANGED | 2162ms
+[20:59:21] Install Vlogger, Webalizer, and AWstats | default | SUCCESS | 6727ms
+[20:59:28] comment awstas croned jobs | default | CHANGED | 1410ms
+[20:59:30] Debconf for roundcube-core | default | CHANGED | 1510ms
+[20:59:31] Install roundcube and dependencies | default | SUCCESS | 10607ms
+[20:59:42] remove the # in front of the first 2 alias line | default | CHANGED | 452ms
+[20:59:42] add the line "AddType application/x-httpd-php .php" right after the "<Directory /var/lib/roundcube>" line | default | SUCCESS | 558ms
+[20:59:43] change the default host to localhost | default | CHANGED | 587ms
+[20:59:44] Install Vlogger, Webalizer, and AWstats | default | SUCCESS | 10966ms
+[20:59:55] download jailkit | default | SUCCESS | 862ms
+[20:59:55] untar jailkit | default | CHANGED | 1119ms
+[20:59:57] untar jailkit | default | CHANGED | 176ms
+[20:59:57] build jailkit deb | default | CHANGED | 2655ms
+[20:59:59] Install jailkit .deb package | default | CHANGED | 2067ms
+[21:00:02] remove jailkit stufff | default | CHANGED | 177ms
+[21:00:02] install fail2ban | default | SUCCESS | 1584ms
+```
+
+
 ## ansible.cfg
+
+```ini
+[defaults]
+roles_path = ./ansible/roles/remotes:./ansible/roles/apps:./ansible/roles/commons:./ansible/roles/services
+inventory = ./ansible/inventory.ini
+filter_plugins = ./ansible/plugins/filter:
+lookup_plugins = ./ansible/plugins/lookup:
+callback_plugins = ./ansible/plugins/callback:
+module_utils = ./ansible/module_utils:
+stdout_callback = anstomlog
+deprecation_warnings = False
+
+[privilege_escalation]
+become: yes
+become_user: root
+become_method: sudo
+```
+
+
+## [<i class="fa fa-book" aria-hidden="true"></i> set_fact](https://docs.ansible.com/ansible/latest/modules/set_fact_module.html) & pre_tasks
+
+```yaml
+criprod:
+  pvecriprod1:
+    api_users:
+      - proxmoxapi
+      - vimazeno
+```
+
+```yaml
+- name: provisionner l'environnement du noeud (pour y accéder plus facilement dans les roles)
+  set_fact:
+    _pve: "{ 'cluster': '{{ lookup('env','PVE_CLUSTER') }}', 'node': '{{ lookup('env','PVE_NODE') }}', 'host': '{{ lookup('env','PVE_HOST') }}'}"
+
+- name: provisionner les utilisateurs d'api pve uniquement du noeud (pour y accéder plus facilement dans les roles)
+  set_fact:
+    api_users: "{ 'api_users': {{ hostvars[inventory_hostname][_pve.cluster][_pve.node]['api_users'] }}}"
+
+- name: fusionner l'environnement du noeud (pour y accéder plus facilement dans les roles)
+  set_fact:
+    pve: "{{ _pve | combine(api_users) }}"
+```
+
+[<i class="fa fa-gitlab" aria-hidden="true"></i> réorganiser les variables dans une pre_task](https://gitlab.isima.fr/cri/stack/blob/master/ansible/pre-tasks/set-pve-vars.yml)
+
+
+## extend
+
+[<i class="fa fa-book" aria-hidden="true"></i> developing plugins](https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html)
+
+[<i class="fa fa-book" aria-hidden="true"></i> developing modules](https://docs.ansible.com/ansible/latest/dev_guide/developing_modules.html)
No results found