Ceci est une ancienne révision du document !
Table des matières
Version - 2021.01
Dernière mise-à-jour : 2021/05/18 12:29
DOF506 - Ansible par la Pratique
Contenu du Module
- DOF506 - Validations des Acquis
- Contenu du Module
- LAB #1 - Automatiser avec Ansible
- 1.1 - Instructions
- 1.2 - Corrigés
- Erreur #1
- Erreur #2
- Erreur #3
- Erreurs 4, 5 et 6
LAB #1 - Automatiser avec Ansible
Connectez-vous à la machine virtuelle CentOS_7 :
trainee@traineeXX:~$ ssh -l trainee centos7
1.1 - Instructions
Il vous est demandé d'automatiser avec Ansible :
- l'installation du serveur vsftpd,
- la mise à jour éventuelle de firewalld,
- la création d'une règle dans firewalld pour le trafic vers le serveur vsfptd,
- la création sécurisée de deux comptes ftp :
- user : mike
- mot de passe : toto
- user : bob
- mot de passe : tata
Installez donc Ansible à partir des dépôts :
[trainee@centos7 ~]$ su - Mot de passe : fenestros Dernière connexion : jeudi 5 septembre 2019 à 18:28:51 CEST sur pts/0 [root@centos7 ~]# yum install epel-release [root@centos7 ~]# yum install ansible
Vérifiez ensuite la présence des exécutables :
[root@centos7 ~]# which ansible /bin/ansible [root@centos7 ~]# which ansible-playbook /bin/ansible-playbook
Afin de vous aider, on vous fournit deux fichiers :
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
name: firewalld
state: latest
- name: vsftpd
service:
name vsftpd
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
[root@centos7 ~]# ansible-vault view secrets.yml
Vault password: fenestros
ftp_users:
- { username: mike, password: toto }
- { username: bob, password: tata }
Lors de l'exécution de la commande ansible-playback, vous obtenez le résultat suivant :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
ERROR! Syntax Error while loading YAML.
The error appears to have been in '/root/vsftpd.yml': line 14, column 13, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: latest firewalld version
name: firewalld
^ here
exception type: <class 'yaml.scanner.ScannerError'>
exception: mapping values are not allowed in this context
in "<unicode string>", line 14, column 13
A vous de jouer !
<ifauth @admin>
1.2 - Corrigés
Erreur #1
Éditez le fichier vsftpd.yml :
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name vsftpd
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
Relancez la commande ansible-playbook :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
ERROR! Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/root/vsftpd.yml': line 20, column 16, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
name vsftpd
enabled: true
^ here
Erreur #2
Editez le fichier vsftpd.yml :
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name: vsftpd <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter le caractère : après name
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
password: "{{ item.password | password_hash(sha512) }}"
with_items: "{{ ftp_users }}"
Relancez la commande ansible-playbook :
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! vars file users.yml was not found Could not find file on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option
Erreur #3
Créez le fichier users.yml :
[root@centos7 ~]# vi users.yml
[root@centos7 ~]# cat users.yml
ftp_users:
- { username: mike, password: toto }
- { username: bob, password: tata }
Relancez la commande ansible-playbook :
[root@centos7 ~]# mv user.yml users.yml
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [ftp server install] ***********************************************************************************************************************************************
TASK [latest vsftpd version] ********************************************************************************************************************************************
changed: [localhost]
TASK [latest firewalld version] *****************************************************************************************************************************************
changed: [localhost]
TASK [vsftpd] ***********************************************************************************************************************************************************
changed: [localhost]
TASK [firewalld] ********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld allows ftp] *********************************************************************************************************************************************
ok: [localhost]
TASK [Create_FTP_users] *************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'sha512' is undefined\n\nThe error appears to be in '/root/vsftpd.yml': line 32, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n state: enabled\n - name: Create_FTP_users\n ^ here\n"}
PLAY RECAP **************************************************************************************************************************************************************
localhost : ok=5 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Erreurs 4, 5 et 6
[root@centos7 ~]# vi vsftpd.yml
[root@centos7 ~]# cat vsftpd.yml
---
- name: ftp server install
hosts: localhost
gather_facts: no
become: yes
vars_files:
- users.yml
tasks:
- name: latest vsftpd version
yum:
name: vsftpd
state: latest
- name: latest firewalld version
yum: <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter yum:
name: firewalld
state: latest
- name: vsftpd
service:
name: vsftpd <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter le caractère : après name
enabled: true
state: started
- name: firewalld
service:
name: firewalld
enabled: true
state: started
- name: firewalld allows ftp
firewalld:
permanent: yes
immediate: yes
state: enabled
- name: Create_FTP_users
user:
name: "{{ item.username }}" <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Ajouter la ligne name:
password: "{{ item.password | password_hash('sha512') }}" <<<<<<<<<<<<Entourer sha512 avec des caractères '
with_items: "{{ ftp_users }}" <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Aligner with_items: avec user:
Relancez la commande ansible-playbook :
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ERROR! vars file users.yml was not found Could not find file on the Ansible Controller. If you are using a module and expect the file to exist on the remote, see the remote_src option
Relancez la commande ansible-playbook :
[root@centos7 ~]# ansible-playbook vsftpd.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [ftp server install] ***********************************************************************************************************************************************
TASK [latest vsftpd version] ********************************************************************************************************************************************
ok: [localhost]
TASK [latest firewalld version] *****************************************************************************************************************************************
ok: [localhost]
TASK [vsftpd] ***********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld] ********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld allows ftp] *********************************************************************************************************************************************
ok: [localhost]
TASK [Create_FTP_users] *************************************************************************************************************************************************
changed: [localhost] => (item={u'username': u'mike', u'password': u'toto'})
changed: [localhost] => (item={u'username': u'bob', u'password': u'tata'})
PLAY RECAP **************************************************************************************************************************************************************
localhost : ok=6 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Crypter le fichier secrets.yml :
[root@centos7 ~]# ansible-vault encrypt secrets.yml New Vault password: fenestros Confirm New Vault password: fenestros Encryption successful
Consultez le fichier secrets.yml :
[root@centos7 ~]# ansible-vault view secrets.yml
Vault password:
ftp_users:
- { username: mike, password: toto }
- { username: bob, password: tata }
[root@centos7 ~]# cat secrets.yml
$ANSIBLE_VAULT;1.1;AES256
30323061313265353234666230373765333865663061626362646332376639356463623238343166
3635356261383732373633626230353837393735393933390a323561663963666262343835363166
61306137383463303138656131626236633935383031323864396164366139323265653732663834
6130656163356661360a663635333537373961616230353766666130633537323065663161393939
65353936613539303631373530643536616335356461323735646165616136303839636166663232
38616133393235636632646461346430373966306463636662333431373936633837616336326461
38633139616339343865626630333531366138313761663330346231333131346535663761396233
35353036373530323636636335336539616433373461653866316138306632323038626266623264
6634
Exécutez le playbook :
[root@centos7 ~]# ansible-playbook vsftpd.yml --ask-vault-pass
Vault password:
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [ftp server install] *************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************
ok: [localhost]
TASK [latest vsftpd version] **********************************************************************************************************************************************
ok: [localhost]
TASK [latest firewalld version] *******************************************************************************************************************************************
ok: [localhost]
TASK [vsftpd] *************************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld] **********************************************************************************************************************************************************
ok: [localhost]
TASK [firewalld allows ftp] ***********************************************************************************************************************************************
ok: [localhost]
TASK [Create_FTP_users] ***************************************************************************************************************************************************
changed: [localhost] => (item={u'username': u'mike', u'password': u'toto'})
changed: [localhost] => (item={u'username': u'bob', u'password': u'tata'})
PLAY RECAP ****************************************************************************************************************************************************************
localhost : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
</ifauth>
<html>
Copyright © 2021 Hugh NORRIS
</html>
