diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml index 9ae86f3f4..7b70a531d 100644 --- a/ansible/group_vars/all/vault.yml +++ b/ansible/group_vars/all/vault.yml @@ -1,41 +1,45 @@ $ANSIBLE_VAULT;1.1;AES256 -65303433633738353733356264353331633332653566303532303131336130326231653665323031 -3332306239656666336538313438343930626364313666360a333164336432373539323633323430 -37303761613963346462656632623233633064613531323831363465346461393535366133346334 -3761363866636131370a306635343531666562613537373835633364636565323034393863393762 -38373833383339333035336231643039633764373631386637363033316265373665376433623137 -64316439393533336333623434623363666666316130366539383662653237363232323261303336 -38396565646238656566303663343536306636653764316661353338333936623263633263353838 -34313663323339663138396339636539303535656232616132646331643739656365366564326666 -30373237623939386633333435393562666261303164353134363330373837313461636465613666 -30383639623031626533326331323661666134316233386337383637613333353737663738353266 -62313263623432653165643833303338323339353734383739363963613463623564333963326534 -33343737386632653865346235646563336464353330663637336163656236353930666661613366 -34626238653632653238366437656539626232376265333939363862303161303739643961346661 -33303265666163663065333366353538373836643931343435373337306264303335623030653438 -66393162393164383862643033653135333439333432303037663462343230353361643566636533 -36333937643466376331666562646165653237623863346237373962653661633237633438363563 -37323734653438663763333961343337623330366631643136386436633532326335653833393163 -63363066323064303338376339643439663238626632393939656132376135613461306230396538 -37373762393363303764313135376266643835666437343336636532393436326538326462313863 -38303833326635383164343765643838663565643031386439643339346461303361306239663236 -61336630373961333531626466316138643032623936353337363861316536346538356636623435 -66303930323837616235383764316333363862646432313337306361656262373238333730653765 -38386164356163656232363466303633383732653661333138346230616265343631313062356539 -61356537393965646561366662383430306564656633383939343130363132643265373163396662 -66643933306465623737343761366262663831373237653038396164343364333834663535653764 -35333338616161636535656238376132653737616563653762386138646237663162303335353731 -35333466366638363436366536303431623337633638326534333361373239663130663936623232 -64393933313935623835353461323565303461356535333333353931666365356433663539393831 -64336335353765303932376666613637336436646164353361303762386361353737303935373663 -64306366326234636338303666393764643339613431323835313264383035303663306538313365 -66656436346332336531326561623862613262333535623961393133613134316165393563393731 -33626463373434376537346234626564333064373865653463376132333032333236343835316334 -65333535376164356133333036306366623133623932363638373835636431383138653763653336 -62616237316135383538323631613730366136656137366465643363383931396234363331373134 -62376235343134363863323432643164666662663038323235326665323935363833346161396361 -36303164613361666333346565393461653937333135336439613335346637353038316136316233 -38383265653165666662376435636638343530666536306562333964616566663038343831303439 -64346331666331353337346136646435666332613834336438366234383063343465363830316538 -65323930306261306136666561383131376566346435643663373638626265303034333037326138 -31653339333436393463 +39636537623832323365396664393239633538393339323130393538383331333339666533363461 +3032373839623233313166633266393530643466393865330a313766623934393331333638386234 +39643032653762386336383461643061663636366366643765383863336462373033343739643732 +6538333934396266310a353531336365623434666639383936623964393436383762353761323238 +63393039333738383933386435363561323939616463343863346265633265343936633664613039 +31366462643034356636326531343732396438343766313932346337306436353330303431336638 +39323236626530363661643263316331313030633837623739303434643766656562383231623636 +61323038613833633437353134313966316266643061303134313264623837653134326265613136 +31313837366264373764616264663563616161366463366561643966643164343362653462313936 +61313631666362636434666463623337303739663139343736623339376434663663363036633335 +35373534333430393734663765633766346332353165373634346563366539353632333162643839 +34353766383664363637613661633932663133333634363832386236636364393931353766636135 +33643032323530363138636538383938363534356164303264666431326535343135393939613135 +32613738353332623066376538373230313332666433653338636634303561326231623538646537 +65356666623966366665633930663561643466373862373762623463396536326434353030396437 +35623837663132336563336238356431666165656333343963303066376664393061663535383334 +63373464663933646263633636316234393433653832373263346131303561353337313631323634 +39613762666230616231303133303636396336383661623065623162383237323236316462323664 +31656461383736656437313232356532326338646262323864373632343164346564363130306530 +37663338353133326337343063373762646634616131346263373064356232383232323238643935 +64393664346565386334646233336434653835623263336664616135646137616234346363663161 +30386661343338353763303966636430616238333737326264626461343163366532336364323764 +62643435326236383662353935646238386666363236653566653131396664366564643335663564 +36633835363230636635656162636162393632653034626137323865363337383032323564666239 +36353564336166366664613232636132643932376139353264336432653737643861376262363834 +32653561333333323831336433623033303134316339313566336331306162353363623764646630 +64623735626566646337616366346230333631366265393435333964336461396134306334396263 +66346162643261613363623838663936383862393661303237303966653661373434326539646661 +36313164613234323531613236376630343464343864343033646661613566336665616661663262 +31626232393231303061646531383063336339343734663033326161386261633366353763386163 +39323161663364646138333264633739636632643335656661326134396339373266663432306262 +35363539363230353633363334353238363931326338613134376662363935663266663664663565 +61356637323635376137346462643834623433343938303039363136313337353938323531346430 +63666665363335323565356534616661393865383832643539373431393266626263313966653036 +39653636653532386163393531323361663962363866393639323337396432666539303138666262 +63373062336537626632383334626665366166373565633362663739333064376262346638303364 +62343433616137346564316531643065373066306566666564616363393066326536653736616133 +62656235393364306230666264356666653766623930633066383333353432346139343862343365 +35646238373565633436393733616632323636353138353533376333643438613133363136656231 +39373734613231303766346261313464353838316262653366663234346161393065323965373038 +32663336383734363361633137376366633561303738356239346138666333626233653965633066 +34303634656232383462613661643966646361303036353936353039346661336465323038353338 +65626264353164363664623663346338623662383532313966356166316535393639633136353439 +62623932356131373538 diff --git a/ansible/inventory/inventory.ini b/ansible/inventory/inventory.ini index f70d6681f..ca12b1e95 100644 --- a/ansible/inventory/inventory.ini +++ b/ansible/inventory/inventory.ini @@ -2,7 +2,7 @@ website-mc ansible_host=10.0.0.2 ansible_port=22 ids-01 ansible_host=10.0.0.6 ansible_port=22 db-02 ansible_host=10.0.0.7 ansible_port=22 -steph ansible_host=10.0.0.9 ansible_port=51474 +#steph ansible_host=10.0.0.9 ansible_port=51474 revproxy-01 ansible_host=10.0.0.4 ansible_port=59512 minecraft ansible_host=10.0.0.5 ansible_port=59008 evotechsphere ansible_host=10.0.0.11 ansible_port=22 @@ -14,8 +14,8 @@ website ansible_host=10.0.0.10 ansible_port=59513 cloud-01 ansible_host=10.0.0.3 ansible_port=22 netbox ansible_host=10.0.0.16 ansible_port=22 rustdesk ansible_host=10.0.0.18 ansible_port=22 -website-02 ansible_host=192.168.1.164 ansible_port=22 -debomv-01 ansible_host=192.168.1.94 ansible_port=22 +website-02 ansible_host=10.0.0.20 ansible_port=22 +debomv-01 ansible_host=10.0.0.23 ansible_port=22 [server_web] #192.168.1.116 ansible_user=root ansible_ssh_pass=testtest diff --git a/ansible/lib/python3.11/site-packages/ansible/cli/__pycache__/vault.cpython-311.pyc b/ansible/lib/python3.11/site-packages/ansible/cli/__pycache__/vault.cpython-311.pyc index d6d06f875..34b4471b8 100644 Binary files a/ansible/lib/python3.11/site-packages/ansible/cli/__pycache__/vault.cpython-311.pyc and b/ansible/lib/python3.11/site-packages/ansible/cli/__pycache__/vault.cpython-311.pyc differ diff --git a/ansible/playbooks/apt-upgrade_v2.yml b/ansible/playbooks/apt-upgrade_v2.yml new file mode 100644 index 000000000..fdec4ac5d --- /dev/null +++ b/ansible/playbooks/apt-upgrade_v2.yml @@ -0,0 +1,53 @@ +--- +- name: Upgrade Debian avec become_pass dynamique (v2) + hosts: all + gather_facts: false + become: true + become_method: sudo + + pre_tasks: + - name: Charger les variables vault (become_passwords) + ansible.builtin.include_vars: + file: "../group_vars/all/vault.yml" + name: vault_secrets + + - name: Normaliser la map des mots de passe (gère vault avec ou sans clé become_passwords) + ansible.builtin.set_fact: + _become_map: >- + {{ vault_secrets.become_passwords + if (vault_secrets is mapping and 'become_passwords' in vault_secrets) + else vault_secrets }} + + - name: Vérifier que le mot de passe existe pour l’hôte courant + ansible.builtin.assert: + that: + - _become_map is mapping + - inventory_hostname in _become_map + fail_msg: >- + Mot de passe manquant pour {{ inventory_hostname }}. + Clés disponibles: {{ _become_map.keys() | list | sort | join(', ') }} + + - name: Définir le mot de passe sudo (variable officielle) + ansible.builtin.set_fact: + ansible_become_password: "{{ _become_map[inventory_hostname] }}" + no_log: true + + - name: Charger les facts système (setup) + ansible.builtin.setup: + + tasks: + - name: Mise à jour du cache APT + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + + - name: Upgrade des paquets (dist-upgrade) + nettoyage + ansible.builtin.apt: + upgrade: dist + autoremove: true + autoclean: true + + # Optionnel : pour limiter le run à ton groupe via la CLI: + # Exécution conseillée : + # ansible-playbook -i inventory/inventory.ini playbooks/apt-upgrade_v2.yml --ask-vault-pass -l debians +