Ansible est une plateforme logicielle libre pour la configuration et la gestion des ordinateurs.

Elle
combine le déploiement de logiciels multinœuds, l'exécution des tâches ad-hoc et la gestion de
configuration

SETTING UP SSH

Pre-requis :

-OpenSSH installed in Ansible control host and the servers (Create SSH key pair )

Command to connect to servers : ssh ‘ipOfServer’

Generate ssh key : ssh-keygen –t ed25519 –C “msg”

Key ed25519 : more secure and simplified

Bon pratique : ajout du passphrase mais pas pour le key de ansible

Envoie du ssh key public to server : ssh-copy-id –I “chemin.pub” “@ip”

( envoie du key de workstation et du ansible )

Utilisé ansible key pour connecter au srv: ssh –i « cheminRepertoireAnsible» « @ip »

Ssh-agent : eval$(ssh-agnet) pour savoir si t’as le ssh-agent

Ssh-add

SETTING UP GIT REPO

check if git is installed : which git

to install it (only on workstation/control host): sudo apt update

sudo apt install git

in Gitlab/github : Settings –SSH and GPG keys – New SSH key then add the public key

enter your name and email to windows/linux git:

git config –global user.name “test”

git config –global user.mail “mail”

SETTING UP ANSIBLE

To install ansible : sudo apt install ansible

Create a new inventory file in the git rep -> put your servers @ip/name(if u have DNS) in it -> and
commit
Command to make sure everything is working and ansible can establish a connection btw the srvs:

ansible all –key-file “cheminAnsibleKey” –i “file created” –m ping

-m ping : to try if connecting to servers via ssh works

Create new ansible config file : ansible.cfg

Contains : [defaults]

Inventory = “inventoryFile”

Private_key_file = “cheminAnsibleKey”

 Now we can use a shorten command to test because we created the config file :
 Ansible all –m ping

Command to fetch infos about a server via ansible : ansible all –m gather_facts –limit “@ip”

SOME AD-HOC COMMANDS

Update de package index in all servers :

- ansible all -m apt -a update_cache=true --become --ask-become-pass

Install a package [ Update to the last version (“name=vim-nox state=latest”) ]

- ansible all -m apt -a name=vim-nox --become --ask-become-pass

Upgrade all the package update that are available :

- ansible all -m apt -a “upgrade=dist” --become --ask-become-pass

CREATING PLAYBOOK

Create .yml file to install apache for

example : nano install_apache.yml
Run the playbook :

- ansible-playbook --ask-become-pass install_apache.yml

Second version du .yml :

-to remove a package :

State: absent

CONDITION : WHEN

Apt for Debian/Ubuntu distribution

Dnf for CentOs distribution

Use this command to gather facts about a host, that can be used in the when ( when can use the
“and” and “or” operator inside the when ) and make sure that the package name is the right one for
the distribution at hand
Ex: ansible_distribution

- ansible all -m gather_facts --limit 172.16.250.248

Improving your Playbook

Compact everything in one line using variables :

1. Change the playboot file :

---

- hosts: all

become: true

tasks:

- name: install apache and php

package:

name:

- "{{apache package}}"

- "{{php package}}"

state: latest

update_cache: yes

2. Change the inventory file to give value to the variables for each host:
TARGETING SPECIFIC NODES

to create groups in your inventory file :

and then in our playbook .yml file we can specify the groups and what command do we cant to run :

!!! we can change “tasks” to

“pre-tasks” if we want it to be run
before anything else

TAGS:

To know the tags your ansible playbook have is :

- Ansible-playbook –list-tags playbook.yml

To run ansible play for a specific tag :

- Ansible-playbook –tags tag –ask-become-pass

playbook.yml
- To specify more tags : “ubunto,db,centos”
 COPY FILES TO SRVS:

Local file :

Remote file :

MANAGE SERVICES

Add a section to start de service and enable it to start at every reboot :