tools.rdr-it.comAide-mémoireAnsible

⚙️ Ansible

Playbooks, modules, inventaires, rôles

Aide-mémoire

Ansible — Aide-mémoire

Commandes de base

# Tester la connectivité (ping module)
ansible all -i inventory.ini -m ping
ansible webservers -i inventory.ini -m ping


Exécuter une commande ad-hoc

ansible all -m shell -a "uptime"
ansible all -m shell -a "df -h"


Lancer un playbook

ansible-playbook -i inventory.ini playbook.yml


Playbook en mode dry-run (check)

ansible-playbook -i inventory.ini playbook.yml --check


Voir les changements détaillés

ansible-playbook -i inventory.ini playbook.yml --diff


Limiter à un groupe ou un host

ansible-playbook -i inventory.ini playbook.yml --limit webservers
ansible-playbook -i inventory.ini playbook.yml --limit 192.168.1.10


Passer des variables

ansible-playbook playbook.yml -e "env=prod version=1.2"


Verbosité (1 à 4)

ansible-playbook playbook.yml -v
ansible-playbook playbook.yml -vvvv

Inventaire (inventory.ini)

# Hosts simples
192.168.1.10
192.168.1.11 ansible_user=ubuntu ansible_port=2222


Groupes

[webservers]
web1.example.com
web2.example.com ansible_host=192.168.1.20


[dbservers]

db1.example.com


Groupe de groupes

[production:children]
webservers
dbservers


Variables de groupe

[webservers:vars]
ansible_user=deploy
ansible_ssh_private_key_file=~/.ssh/id_rsa
http_port=80

Inventaire YAML (inventory.yml)

all:
  vars:
    ansible_user: ubuntu
  children:
    webservers:
      hosts:
        web1:
          ansible_host: 192.168.1.10
        web2:
          ansible_host: 192.168.1.11
    dbservers:
      hosts:
        db1:
          ansible_host: 192.168.1.20

Structure d'un playbook

---

  • name: Configurer les serveurs web
    • 

  hosts: webservers
  become: true           # sudo
  vars:
    app_port: 8080
    app_name: "mon-app"


  pre_tasks:

    - name: Mettre à jour le cache apt
      apt:
        update_cache: true
        cache_valid_time: 3600


  tasks:

    - name: Installer nginx
      apt:
        name: nginx
        state: present


    - name: Démarrer et activer nginx

      service:
        name: nginx
        state: started
        enabled: true


    - name: Déployer la configuration

      template:
        src: templates/nginx.conf.j2
        dest: /etc/nginx/sites-available/{{ app_name }}
        owner: root
        group: root
        mode: "0644"
      notify: Recharger nginx


  handlers:

    - name: Recharger nginx
      service:
        name: nginx
        state: reloaded

Modules courants

# Gestion des paquets

  • apt:
    • 

    name: ["nginx", "curl", "git"]
    state: present           # present / absent / latest


Exécuter une commande


  • command: /usr/bin/monscript.sh
    • 

  • shell: "echo $HOME > /tmp/test"
    • 



Copier un fichier


  • copy:
    • 

    src: fichier.txt
    dest: /etc/app/fichier.txt
    owner: root
    mode: "0644"


Template Jinja2


  • template:
    • 

    src: config.j2
    dest: /etc/app/config.conf


Service


  • service:
    • 

    name: nginx
    state: started | stopped | restarted | reloaded
    enabled: true


Utilisateur


  • user:
    • 

    name: deploy
    groups: sudo
    shell: /bin/bash
    create_home: true


Ligne dans un fichier


  • lineinfile:
    • 

    path: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
    line: "PermitRootLogin no"


Créer un dossier


  • file:
    • 

    path: /opt/app
    state: directory
    owner: app
    mode: "0755"


Git clone / pull


  • git:
    • 

    repo: https://github.com/user/repo.git
    dest: /opt/app
    version: main


Variables de faits (debug)


  • debug:
    • 

    msg: "L'IP est {{ ansible_default_ipv4.address }}"


Conditionnel


  • name: Installer sur Debian seulement
    • 

  apt:
    name: nginx
    state: present
  when: ansible_os_family == "Debian"


Boucle


  • name: Créer les utilisateurs
    • 

  user:
    name: "{{ item }}"
    state: present
  loop:
    - alice
    - bob
    - charlie

Roles — Structure

roles/
  mon-role/
    tasks/
      main.yml       # tâches principales
    handlers/
      main.yml       # handlers
    templates/
      nginx.conf.j2  # templates Jinja2
    files/
      app.conf       # fichiers statiques
    vars/
      main.yml       # variables (priorité haute)
    defaults/
      main.yml       # variables (priorité basse / overridables)
    meta/
      main.yml       # dépendances de rôles

Variables et Jinja2

# Définir des variables
vars:
  app_port: 8080
  app_hosts:
    - web1
    - web2
  config:
    timeout: 30
    debug: false


Utiliser une variable


  • debug: msg="{{ app_port }}"
    • 

  • debug: msg="{{ config.timeout }}"
    • 

  • debug: msg="{{ app_hosts[0] }}"
    • 



Conditions Jinja2


  • name: Tâche conditionnelle
    • 

  debug: msg="C'est Ubuntu"
  when: ansible_distribution == "Ubuntu"


Filtre Jinja2


  • debug: msg="{{ app_name | upper }}"
    • 

  • debug: msg="{{ liste | join(', ') }}"
    • 

  • debug: msg="{{ valeur | default('par défaut') }}"
    •

ansible.cfg

[defaults]
inventory          = ./inventory.ini
remote_user        = ubuntu
private_key_file   = ~/.ssh/id_rsa
host_key_checking  = False
retry_files_enabled = False
stdout_callback    = yaml


[privilege_escalation]

become      = True
become_method = sudo
🔧 Ouvrir tools.rdr-it.com — application complète →

Plus de 40 outils AdminSys gratuits · SSL · DNS · Docker · Nginx · SSH · Mermaid · et plus