Ceci est une ancienne révision du document !
Table des matières
Version - 2020.01
Dernière mise-à-jour : 2020/04/12 13:24
DOF506 - Ansible par la Pratique
Arrêter les Machines Virtuelles non Indisponsables
Formations en FFP
Utilisez l'interface graphique de VirtualBox et arrêtez les machines virtuelles Ansible et Windows10.
Restaurez ensuite les machines virtuelles Ansible et Windows10 vers leurs états d'origine en revenant à snapshot1.
Formations en FAD
Utilisez les commandes suivantes pour arrêter les machines virtuelles les machines virtuelles Ansible et Windows10 :
trainee@ansible:~$ exit déconnexion Connection to localhost closed. desktop@server16:~$ VBoxManage controlvm Ansible poweroff 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% desktop@server16:~$ VBoxManage controlvm Windows10 poweroff 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Restaurez l'état d'origine des machines virtuelles :
desktop@server16:~$ VBoxManage snapshot Ansible restorecurrent Restoring snapshot 'snapshot1' (bf8d10aa-a81c-4d5e-b91e-f853062fa328) 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% desktop@server16:~$ VBoxManage snapshot Windows10 restorecurrent Restoring snapshot 'snapshot1' (242b74ad-bf5b-4a1b-ae74-6b7e14ff131d) 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Lancez la machine virtuelle CentOS_7. Si vous êtes en FAD, utilisez la commande suivante :
Connectez-vous à la VM en ssh en utilisant localhost:3022 avec le compte trainee et le mot de passe trainee. Vous n'avez pas besoin de mettre la machine dans le NatNetwork. La carte réseau doit être en Nat dans la configuration de VirtualBox.
Il vous est demandé d'automatiser avec Ansible :
- l'installation du serveur vsftpd,
- la mise à jour éventuelle de firewalld,
- la création d'une règle dans firewalld pour le trafic vers le serveur vsfptd,
- la création sécurisée de deux comptes ftp :
- user : mike
- mot de passe : toto
- user : bob
- mot de passe : tata
Installez donc Ansible à partir des dépôts :
[trainee@centos7 ~]$ su - Mot de passe : fenestros Dernière connexion : jeudi 5 septembre 2019 à 18:28:51 CEST sur pts/0 [root@centos7 ~]# yum install ansible
Vérifiez ensuite la présence des exécutables :
[root@centos7 ~]# which ansible /bin/ansible [root@centos7 ~]# which ansible-playbook /bin/ansible-playbook
Afin de vous aider, on vous fournit deux fichiers :
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
name: firewalld
state: latest
- name: vsftpd
service:
name vsftpd
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
[root@centos7 ~]# ansible-vault view secrets.yml
Vault password: fenestros
ftp_users:
- { username: mike, password: toto }
- { username: bob, password: tata }
Lors de l'exécution de la commande ansible-playback, vous obtenez le résultat suivant :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
ERROR! Syntax Error while loading YAML.
The error appears to have been in '/root/vsftpd.yml': line 14, column 13, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: latest firewalld version
name: firewalld
^ here
exception type: <class 'yaml.scanner.ScannerError'>
exception: mapping values are not allowed in this context
in "<unicode string>", line 14, column 13
A vous de jouer !
Erreur #1
Editez le fichier vsftpd.yml :
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name vsftpd
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
Relancez la commande ansible-playbook :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
ERROR! Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/root/vsftpd.yml': line 20, column 16, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
name vsftpd
enabled: true
^ here
Erreur #2
Editez le fichier vsftpd.yml :
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name: vsftpd <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter le caractère : après name
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
Relancez la commande ansible-playbook :
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! vars file users.yml was not found Could not find file on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option
Erreur #3
Créez le fichier users.yml :
[root@centos7 ~]# vi users.yml
[root@centos7 ~]# cat users.yml
ftp_users:
- { username: mike, password: toto }
- { username: bob, password: tata }
Relancez la commande ansible-playbook :
[root@centos7 ~]# mv user.yml users.yml
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [ftp server install] ***********************************************************************************************************************************************
TASK [latest vsftpd version] ********************************************************************************************************************************************
changed: [localhost]
TASK [latest firewalld version] *****************************************************************************************************************************************
changed: [localhost]
TASK [vsftpd] ***********************************************************************************************************************************************************
changed: [localhost]
TASK [firewalld] ********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld allows ftp] *********************************************************************************************************************************************
ok: [localhost]
TASK [Create_FTP_users] *************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'sha512' is undefined\n\nThe error appears to be in '/root/vsftpd.yml': line 32, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n state: enabled\n - name: Create_FTP_users\n ^ here\n"}
PLAY RECAP **************************************************************************************************************************************************************
localhost : ok=5 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Erreurs 4, 5 et 6
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name: vsftpd <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter le caractère : après name
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
name: "{{ item.username }}" <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter la ligne name:
password: "{{ item.password | password_hash('sha512') }}" <<<<<<<<<<<<Entourer sha512 avec des caractères '
with_items: "{{ ftp_users }}" <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Aligner with_items: avec user:
Relancez la commande ansible-playbook :
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! vars file users.yml was not found Could not find file on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option
Relancez la commande ansible-playbook :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [ftp server install] ***********************************************************************************************************************************************
TASK [latest vsftpd version] ********************************************************************************************************************************************
ok: [localhost]
TASK [latest firewalld version] *****************************************************************************************************************************************
ok: [localhost]
TASK [vsftpd] ***********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld] ********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld allows ftp] *********************************************************************************************************************************************
ok: [localhost]
TASK [Create_FTP_users] *************************************************************************************************************************************************
changed: [localhost] => (item={u'username': u'mike', u'password': u'toto'})
changed: [localhost] => (item={u'username': u'bob', u'password': u'tata'})
PLAY RECAP **************************************************************************************************************************************************************
localhost : ok=6 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
<html>
Copyright © 2020 Hugh NORRIS
</html>
