smauro/prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ansible: plusieurs éléments intéressants

Browse Source
This commit is contained in:
Stephane M B079 2025-02-18 11:55:29 +01:00
parent 8a3de5338c
commit e78e8e4c98
11 changed files with 746 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/ansible.cfg Normal file
View File

@ -0,0 +1,4 @@
[defaults]
inventory = ./inventory/hosts.yml
remote_user = your_user
host_key_checking = False

79
ansible/install.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# Vérifier si Zenity est installé
if ! command -v zenity &> /dev/null; then
echo "Zenity n'est pas installé. Installation en cours..."
sudo apt update && sudo apt install -y zenity
fi
# Afficher une popup d'avertissement
zenity --warning --title="⚠️ Attention ⚠️" --width=400 --text="Ce script va modifier la configuration du serveur. Assurez-vous d'avoir une sauvegarde."
# Demander les informations avec Zenity
user_input=$(zenity --forms --title="Configuration du serveur" --text="Renseignez les informations :" \
--add-entry="Adresse IP" \
--add-entry="Nouveau hostname" \
--add-password="Mot de passe smauro")
# Vérifier si l'utilisateur a annulé
if [ $? -ne 0 ]; then
zenity --error --title="Annulé" --text="L'installation a été annulée."
exit 1
fi
# Extraire les valeurs
target_ip=$(echo "$user_input" | awk -F '|' '{print $1}')
ansible_hostname=$(echo "$user_input" | awk -F '|' '{print $2}')
smauro_password=$(echo "$user_input" | awk -F '|' '{print $3}')
# Vérifier les entrées
if [[ -z "$target_ip" || -z "$ansible_hostname" || -z "$smauro_password" ]]; then
zenity --error --title="Erreur" --text="Tous les champs sont obligatoires."
exit 1
fi
# Lister les playbooks disponibles
PLAYBOOK_DIR="./playbooks"
PLAYBOOKS=($(ls $PLAYBOOK_DIR/*.yml 2>/dev/null))
# Vérifier s'il y a des playbooks disponibles
if [ ${#PLAYBOOKS[@]} -eq 0 ]; then
zenity --error --title="Erreur" --text="Aucun playbook trouvé dans $PLAYBOOK_DIR"
exit 1
fi
# Créer une liste avec des sauts de ligne pour Zenity
playbook_list=$(printf "%s\n" "${PLAYBOOKS[@]##*/}")
# Demander à l'utilisateur de choisir un playbook
selected_playbook=$(echo -e "$playbook_list" | zenity --list --title="Sélectionner un playbook" --column="Playbooks")
# Vérifier si l'utilisateur a annulé
if [ $? -ne 0 ]; then
zenity --error --title="Annulé" --text="Sélection du playbook annulée."
exit 1
fi
# Créer un fichier d'inventaire dynamique
inventory_file="dynamic_inventory.ini"
echo "[server_web]" > "$inventory_file"
echo "$target_ip ansible_user=root ansible_ssh_pass=testtest" >> "$inventory_file"
# Créer un fichier JSON contenant les variables Ansible
vars_file="vars.json"
cat <<EOF > "$vars_file"
{
"ansible_hostname": "$ansible_hostname",
"user_password": "$smauro_password"
}
EOF
# Exécuter le playbook sélectionné
ansible-playbook -i "$inventory_file" -u root --ask-become-pass "$PLAYBOOK_DIR/$selected_playbook" -e "@$vars_file"
# Supprimer les fichiers temporaires
rm -f "$inventory_file" "$vars_file"
# Afficher un message de succès
zenity --info --title="Installation terminée" --text="Le playbook $selected_playbook a été exécuté avec succès !"

57
ansible/install_fullserver_web.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
# Vérifier si Zenity est installé
if ! command -v zenity &> /dev/null; then
echo "Zenity n'est pas installé. Installation en cours..."
sudo apt update && sudo apt install -y zenity
fi
# Afficher une popup d'avertissement
zenity --warning --title="⚠️ Attention ⚠️" --width=400 --text="Ce script va modifier la configuration du serveur. Assurez-vous d'avoir une sauvegarde."
# Demander les informations avec Zenity
user_input=$(zenity --forms --title="Configuration du serveur" --text="Renseignez les informations :" \
--add-entry="Adresse IP" \
--add-entry="Nouveau hostname" \
--add-password="Mot de passe smauro")
# Vérifier si l'utilisateur a annulé
if [ $? -ne 0 ]; then
zenity --error --title="Annulé" --text="L'installation a été annulée."
exit 1
fi
# Extraire les valeurs
target_ip=$(echo "$user_input" | awk -F '|' '{print $1}')
ansible_hostname=$(echo "$user_input" | awk -F '|' '{print $2}')
smauro_password=$(echo "$user_input" | awk -F '|' '{print $3}')
# Vérifier les entrées
if [[ -z "$target_ip" || -z "$ansible_hostname" || -z "$smauro_password" ]]; then
zenity --error --title="Erreur" --text="Tous les champs sont obligatoires."
exit 1
fi
# Créer un fichier d'inventaire dynamique
inventory_file="dynamic_inventory.ini"
echo "[server_web]" > "$inventory_file"
echo "$target_ip ansible_user=root ansible_ssh_pass=testtest" >> "$inventory_file"
# Créer un fichier JSON contenant les variables Ansible (Évite les problèmes de quotes)
vars_file="vars.json"
cat <<EOF > "$vars_file"
{
"ansible_hostname": "$ansible_hostname",
"user_password": "$smauro_password"
}
EOF
# Exécuter le playbook Ansible
ansible-playbook -i "$inventory_file" -u root --ask-become-pass playbooks/debian_fullserver_web.yml -e "@$vars_file"
# Supprimer les fichiers temporaires
rm -f "$inventory_file" "$vars_file"
# Afficher un message de succès
zenity --info --title="Installation terminée" --text="Le playbook a été exécuté avec succès !"

2
ansible/inventory/dynamic_inventory.ini Normal file
View File

@ -0,0 +1,2 @@
[server_web]
192.168.1.116 ansible_user=root ansible_ssh_pass='testtest' ansible_hostname='EvoTechSphere' user_password='QH~6iZUJLkT3>u<'}E`L*6X['

4
ansible/inventory/hosts.yml Normal file
View File

@ -0,0 +1,4 @@
[defaults]
inventory = ./inventory/hosts.yml
remote_user = smauro
host_key_checking = False

5
ansible/inventory/inventory.ini Normal file
View File

@ -0,0 +1,5 @@
[debian_vm]
192.168.1.34 ansible_user=smauro ansible_ssh_pass=testtest
[server_web]
192.168.1.116 ansible_user=root ansible_ssh_pass=testtest

188
ansible/playbooks/debian_fullserver_web.yml Normal file
View File

@ -0,0 +1,188 @@
- hosts: server_web
vars:
user: "smauro"
root_password: "testtest"
tasks:
# 1. Passer à root et installer sudo (si pas déjà installé)
- name: Passer à root et installer sudo
become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}"
register: result
when: ansible_facts.packages['sudo'] is not defined
- name: Afficher le résultat de l'installation de sudo
debug:
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
when: ansible_facts.packages['sudo'] is defined
# 3. Modifier le fichier sources.list
- name: Modifier le fichier sources.list
copy:
dest: /etc/apt/sources.list
content: |
deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
become: yes
# 4. Mettre à jour les paquets
- name: Mettre à jour les paquets
apt:
update_cache: yes
become: yes
# 5. Configurer le hostname
- name: Configurer le hostname
hostname:
name: "{{ ansible_hostname }}"
become: yes
# 6. Changer le mot de passe root
- name: Changer le mot de passe root
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
become: yes
# 7. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro
user:
name: "{{ user }}"
password: "{{ user_password | password_hash('sha512') }}" # Utilisation de la variable dynamique
shell: /bin/bash
groups: sudo
state: present
become: yes
# 8. Installer les paquets nécessaires
- name: Installer les paquets nécessaires
apt:
name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "apache2", "net-tools"]
state: present
become: yes
# 9. Installer les dépendances requises pour ajouter un dépôt
- name: Installer les dépendances requises pour ajouter un dépôt
apt:
name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
state: present
become: yes
# 10. Ajouter le dépôt Sury pour PHP 8.3
- name: Ajouter le dépôt Sury pour PHP 8.3
shell: echo "deb https://packages.sury.org/php/ bookworm main" | tee /etc/apt/sources.list.d/sury-php.list
become: yes
- name: Ajouter la clé GPG du dépôt Sury
shell: curl -fsSL https://packages.sury.org/php/apt.gpg | tee /etc/apt/trusted.gpg.d/sury-php.gpg > /dev/null
become: yes
# 11. Mettre à jour et upgrader le système
- name: Mettre à jour et upgrader le système
apt:
update_cache: yes
upgrade: dist
become: yes
# 12. Installer PHP 8.3 et modules requis
- name: Installer PHP 8.3 et modules requis
apt:
name:
- php8.3-cli
- php8.3-fpm
- php8.3-common
- php8.3-mbstring
- php8.3-xml
- php8.3-curl
- php8.3-zip
- php8.3-gd
- php8.3-mysql
state: present
become: yes
- name: Redémarrer PHP 8.3-FPM
systemd:
name: php8.3-fpm
state: restarted
become: yes
# 13. Redémarrer Apache
- name: Redémarrer Apache
systemd:
name: apache2
state: restarted
become: yes
# 14. Activer les modules rewrite et expires dans Apache
- name: Activer les modules rewrite et expires dans Apache
command: a2enmod rewrite expires
become: yes
# 15. Redémarrer Apache après activation des modules
- name: Redémarrer Apache après activation des modules
systemd:
name: apache2
state: restarted
become: yes
- name: Mettre à jour /etc/hosts avec le hostname
lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1\s+'
line: "127.0.0.1 localhost {{ ansible_hostname }}"
state: present
become: yes
# 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
- name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin\s+yes'
line: 'PermitRootLogin no'
state: present
become: yes
- name: Déployer le script MOTD personnalisé
copy:
src: ../sources/99-motd # Chemin relatif depuis où tu exécutes le playbook
dest: /etc/update-motd.d/99-motd
owner: root
group: root
mode: '0755'
become: yes
- name: Redémarrer la machine
command: "nohup bash -c 'sleep 5 && reboot' &"
async: 1
poll: 0
ignore_errors: yes
become: yes
# 18. Redémarrer la machine
#- name: Redémarrer la machine
# reboot:
#msg: "Redémarrage après configuration."
#pre_reboot_delay: 5
#become: yes
#ignore_errors: yes

148
ansible/playbooks/debian_fullserver_web.yml.BACKUP Normal file
View File

@ -0,0 +1,148 @@
- hosts: server_web
vars:
user: "smauro"
root_password: "testtest"
tasks:
# 1. Passer à root et installer sudo (si pas déjà installé)
- name: Passer à root et installer sudo
become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}"
register: result
when: ansible_facts.packages['sudo'] is not defined
- name: Afficher le résultat de l'installation de sudo
debug:
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
when: ansible_facts.packages['sudo'] is defined
# 3. Modifier le fichier sources.list
- name: Modifier le fichier sources.list
copy:
dest: /etc/apt/sources.list
content: |
deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
become: yes
# 4. Mettre à jour les paquets
- name: Mettre à jour les paquets
apt:
update_cache: yes
become: yes
# 5. Configurer le hostname
- name: Configurer le hostname
hostname:
name: "Gitea"
become: yes
# 6. Changer le mot de passe root
- name: Changer le mot de passe root
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
become: yes
# 7. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro
user:
name: "{{ user }}"
password: "{{ root_password | password_hash('sha512') }}"
shell: /bin/bash
groups: sudo
state: present
become: yes
- name: Installer les paquets nécessaires
apt:
name: ["sudo", "vim", "curl", "git", "htop", "gpg"]
state: present
become: yes
# 8. Ajouter le dépôt Sury pour PHP 8.3
- name: Ajouter le dépôt Sury pour PHP 8.3
shell: echo "deb https://packages.sury.org/php/ bookworm main" | sudo tee /etc/apt/sources.list.d/sury-php.list
become: yes
- name: Ajouter la clé GPG du dépôt Sury
apt_key:
url: https://packages.sury.org/php/apt.gpg
state: present
become: yes
- name: Mettre à jour et upgrader le système
apt:
update_cache: yes
upgrade: dist
become: yes
# 9. Installer PHP 8.3 et ses extensions
- name: Installer PHP 8.3 et modules requis
apt:
name:
- php8.3-cli
- php8.3-fpm
- php8.3-common
- php8.3-mbstring
- php8.3-xml
- php8.3-curl
- php8.3-zip
- php8.3-gd
- php8.3-mysql
state: present
become: yes
- name: Redémarrer PHP 8.3-FPM
systemd:
name: php8.3-fpm
state: restarted
become: yes
# 10. Configurer Apache avec PHP 8.3
- name: Activer PHP 8.3 dans Apache
command: a2enmod php8.3
become: yes
- name: Redémarrer Apache
systemd:
name: apache2
state: restarted
become: yes
- name: Activer les modules rewrite et expires dans Apache
command: a2enmod rewrite expires
become: yes
- name: Redémarrer Apache après activation des modules
systemd:
name: apache2
state: restarted
become: yes
- name: Redémarrer la machine
reboot:
msg: "Redémarrage après configuration."
pre_reboot_delay: 5
become: yes

129
ansible/playbooks/debian_fullserver_without_web.yml Normal file
View File

@ -0,0 +1,129 @@
- hosts: server_web
vars:
user: "smauro"
root_password: "testtest"
tasks:
# 1. Passer à root et installer sudo (si pas déjà installé)
- name: Passer à root et installer sudo
become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}"
register: result
when: ansible_facts.packages['sudo'] is not defined
- name: Afficher le résultat de l'installation de sudo
debug:
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
when: ansible_facts.packages['sudo'] is defined
# 3. Modifier le fichier sources.list
- name: Modifier le fichier sources.list
copy:
dest: /etc/apt/sources.list
content: |
deb http://deb.debian.org/debian/ bookworm main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware
become: yes
# 4. Mettre à jour les paquets
- name: Mettre à jour les paquets
apt:
update_cache: yes
become: yes
# 5. Configurer le hostname
- name: Configurer le hostname
hostname:
name: "{{ ansible_hostname }}"
become: yes
# 6. Changer le mot de passe root
- name: Changer le mot de passe root
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
become: yes
# 7. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro
user:
name: "{{ user }}"
password: "{{ user_password | password_hash('sha512') }}" # Utilisation de la variable dynamique
shell: /bin/bash
groups: sudo
state: present
become: yes
# 8. Installer les paquets nécessaires
- name: Installer les paquets nécessaires
apt:
name: ["sudo", "vim", "curl", "git", "htop", "gnupg", "net-tools"]
state: present
become: yes
# 9. Installer les dépendances requises pour ajouter un dépôt
- name: Installer les dépendances requises pour ajouter un dépôt
apt:
name: ["apt-transport-https", "ca-certificates", "lsb-release", "curl"]
state: present
become: yes
# 11. Mettre à jour et upgrader le système
- name: Mettre à jour et upgrader le système
apt:
update_cache: yes
upgrade: dist
become: yes
- name: Mettre à jour /etc/hosts avec le hostname
lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1\s+'
line: "127.0.0.1 localhost {{ ansible_hostname }}"
state: present
become: yes
# 17. Retirer 'PermitRootLogin yes' dans /etc/ssh/sshd_config
- name: Retirer ou modifier 'PermitRootLogin yes' dans /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin\s+yes'
line: 'PermitRootLogin no'
state: present
become: yes
- name: Déployer le script MOTD personnalisé
copy:
src: ../sources/99-motd # Chemin relatif depuis où tu exécutes le playbook
dest: /etc/update-motd.d/99-motd
owner: root
group: root
mode: '0755'
become: yes
- name: Redémarrer la machine
command: "nohup bash -c 'sleep 5 && reboot' &"
async: 1
poll: 0
ignore_errors: yes
become: yes

88
ansible/playbooks/debian_setup.yml Normal file
View File

@ -0,0 +1,88 @@
---
- hosts: debian_vm
vars:
user: "smauro"
root_password: "testtest"
tasks:
# 1. Passer à root et installer sudo
- name: Passer à root et installer sudo
become: yes
become_user: root
become_method: su
command: apt install sudo -y
vars:
ansible_become_pass: "{{ root_password }}" # Le mot de passe root est passé ici
register: result
- name: Afficher le résultat de l'installation de sudo
debug:
var: result
# 2. Ajouter l'utilisateur au groupe sudo
- name: Ajouter l'utilisateur au groupe sudo
user:
name: "{{ user }}"
groups: sudo
append: yes
become: yes
become_user: root
become_method: su
# 3. Mettre à jour les paquets
- name: Mettre à jour les paquets
apt:
update_cache: yes
become: yes
become_user: root
become_method: su
# 4. Configurer le hostname
- name: Configurer le hostname
hostname:
name: "ntp01deb"
become: yes
become_user: root
become_method: su
# 5. Changer le mot de passe root
- name: Changer le mot de passe root
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"
become: yes
become_user: root
become_method: su
# 6. Configurer l'utilisateur smauro
- name: Configurer l'utilisateur smauro
user:
name: "{{ user }}"
password: "{{ root_password | password_hash('sha512') }}"
shell: /bin/bash
groups: sudo
state: present
become: yes
become_user: root
become_method: su
- name: Installer les paquets nécessaires
apt:
name: "{{ item }}"
state: present
loop:
- sudo
- vim
- curl
- git
- htop
become: yes
become_user: root
become_method: su
- name: Redémarrer la machine
reboot:
msg: "Redémarrage après configuration."
pre_reboot_delay: 5
become: yes
become_user: root
become_method: su

42
ansible/sources/99-motd Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
# Définition des couleurs
GREEN='\033[0;32m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
RED='\033[0;31m'
NC='\033[0m' # No Color
# Récupération des informations
CPU_USAGE=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1}')
RAM_USAGE=$(free | grep Mem | awk '{print $3/$2 * 100.0}')
DISK_USAGE=$(df -h / | awk 'NR==2 {print $5}')
IP_ADDRESS=$(hostname -I | cut -d' ' -f1)
HOSTNAME=$(hostname)
USERS_CONNECTED=$(who | wc -l)
OS_INFO=$(lsb_release -d | cut -f2)
OS_VERSION=$(lsb_release -r | cut -f2)
UPDATES_AVAILABLE=$(apt list --upgradable 2>/dev/null | grep -c "/")
# Affichage de la bannière
echo -e "${NC}"
echo -e "${RED}----------------------------------------------------------------------${NC}"
echo -e "${GREEN}1. Utilisation du Processeur: ${CPU_USAGE}%${NC}"
echo -e "${BLUE}2. Utilisation de la RAM: ${RAM_USAGE}%${NC}"
echo -e "${PURPLE}3. Utilisation du disque: ${DISK_USAGE}${NC}"
echo -e "${CYAN}4. Adresse IP de la machine ipv4: ${IP_ADDRESS}${NC}"
echo -e "${GREEN}5. Nom de la machine: ${HOSTNAME}${NC}"
echo -e "${RED}6. Nombre d'utilisateurs connectés: ${USERS_CONNECTED}${NC}"
echo -e "${CYAN}7. Système d'exploitation: ${OS_INFO}${NC}"
echo -e "${CYAN}8. Version de l'OS: ${OS_VERSION}${NC}"
echo -e "${RED}----------------------------------------------------------------------${NC}"
echo -e "${NC}"
if [ $UPDATES_AVAILABLE -gt 0 ]; then
echo -e "${RED}Des mises à jour sont disponibles.${NC}"
echo -e "${NC}"
else
echo -e "${GREEN}Aucune mise à jour disponible.${NC}"
echo -e "${NC}"
fi