-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
300 lines (290 loc) · 9.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>ansible@Centrale Marseille</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/reveal.css">
<link rel="stylesheet" href="css/theme/black.css">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="lib/css/monokai.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section id="intro">
<section>
<p><img src="images/logoecm.png" alt="Centrale Marseille" style="background:none; border:none; box-shadow:none;"/><span class="fragment"> et Geoffroy Desvernay</span></p>
<p class="fragment">présentent</p>
</section>
<section>
<h1 style="color: red"><a href="https://ansible.com">ansible</a></h2>
<h2 class="fragment"><a href="https://galaxy.ansible.com/criecm">@Centrale Marseille</a></h2>
<h3 class="fragment">Pourquoi/Comment/Et alors ?</h3>
</section>
<section>
<h1>Pourquoi ?</h1>
<ul>
<li class="fragment">Petite équipe (1,5 ETP en 2018)</li>
<li class="fragment">PRA</li>
<li class="fragment">Besoin d'autonomie des != sysadmins</li>
<li class="fragment">… et de tranquilité des sysadmins ;)</li>
</ul>
</section>
</section>
<section id="comment">
<section>
<h2>Approche</h2>
<ul>
<li class="fragment">git all-in-one roles/inventories/playbooks<span class="fragment">(can kill cats)</span>
<span class="fragment"> – With install script (~/.ansible.cfg)</span></li>
<li class="fragment">Ansible dev®(<a href="https://galaxy.ansible.com/criecm">roles</a>) <span class="fragment"> != Ansible User (write playbooks/inventory only)</span></li>
<li class="fragment">¡¡¡ Autonomie pour les Ansible User's !!!</li>
</ul>
</section>
<section id="details">
<h3>All-in-one git ?</h3>
<img class="fragment" src="images/2019.10.17-02.08.31.png"/>
</section>
<section>
<h3>inventory/inventest</h3>
<p class="fragment">par défaut on "joue" dans une infra de tests</p>
<p class="fragment"><code>ansible-playbook -i inventory</code></p>
</section>
<section>
<h3>playbooks en vrac™</h3>
<img class="fragment" src="images/2019.10.17-03.00.15.png"/>
</section>
<section>
<h3>playbooks simples…</h3>
<img class="fragment" src="images/2019.10.17-03.28.51.png"/>
<aside class="notes"><p>C'est toute l'infra DNS (hors source DNSSEC)</p>
<p>Données dans inventory</p></aside>
</section>
<section>
<h3>… ou moins simples</h3>
<img class="fragment" src="images/2019.10.17-03.26.15.png"/>
</section>
</section>
<section id="exemple">
<section><h3>inventory/group_vars/librenms.yml</h3>
<pre><code class="data-line-numbers data-prevent-swipe">---
librenms:
db:
host: metrodb0.db
user: librenms
name: librenms
pass: UNPASSWD
app_key: 'base64:UNECLE'
admin:
user: cri
pass: MonPassAdmin
mail: [email protected]
site:
id: librenms
name: librenms.chez.moi
index: index.php
aliases:
- lnms.chez.moi
backend: php-fpm
rootdir: /usr/local/www/librenms/html
nginx_includes:
- librenms.inc.j2
configfiles:
- src: files/librenms/config.php.j2
dest: ../config.php
limit_openbasedir: False</code></pre>
<aside class="notes">Variables (groupe == appli)</aside>
</section>
<section><h3>playbooks/librenms.yml</h3>
<pre><code class="data-line-numbers data-prevent-swipe"># librenms/freebsd
# 1. charge l'inventory pour le groupe librenms
- hosts: librenms
# 2. la BDD
- hosts: librenmsdb
tasks:
- name: DB created
include_role:
name: criecm.mariadb
tasks_from: db.yml
vars:
# la variable vient du groupe librenms...
mariadb: '{{ hostvars[groups["librenms"][0]].librenms.db }}'</code></pre>
<aside class="notes">Création BDD via group_vars</aside>
</section>
<section><h3>playbooks/librenms.yml</h3>
<pre><code class="data-line-numbers data-prevent-swipe"># 3. l'appli
- hosts: librenms
roles:
- criecm.common
- criecm.nginx
- criecm.php-fpm
vars:
php_version: 7.2
sites:
# la variable "sites" suit la doc des modules criecm.nginx et criecm.php-fpm
- '{{ librenms.site }}'
codedir: /usr/local/www/librenms
# proxified_by:
# - 10.2.0.
crons:
- name: 'discovery-wrapper.py'
job: '/usr/local/www/librenms/cronic /usr/local/www/librenms/discovery-wrapper.py 1'
minute: '33'
hour: '*/6'
user: '_librenms'</code></pre>
<aside class="notes">Variables php, nginx (roles) — tout dans les README.md des roles</aside>
</section>
<section><h3>playbooks/librenms.yml</h3>
<pre><code class="data-line-numbers data-prevent-swipe"> tasks:
- name: install librenms
pkgng:
name: librenms
state: latest
register: install
- name: chown dirs
file:
path: '{{ item }}'
state: directory
owner: '_{{ librenms.site.id }}'
group: '{{ www_user }}'
mode: 'u+rwX,g=rX,o-rwx'
recurse: yes
loop:
- '{{ codedir }}/logs'
- /var/log/librenms
- /var/db/librenms
- '{{ codedir }}/storage'
- name: .env
template:
src: files/librenms/dotenv.j2
dest: '{{ codedir }}/.env'
backup: yes
register: newconf
- name: validate config
command: 'php validate.php'
register: validconf
args:
chdir: '{{ codedir }}'
when: newconf.changed
- name: get key
command: 'grep ^APP_KEY=[a-zA-Z0-9] {{ codedir }}/.env'
failed_when: False
register: appkey
- name: gen key
command: 'php artisan key:generate'
args:
chdir: '{{ codedir }}'
when: newconf.changed and appkey.rc != 0
# - name: db schema
# shell: 'php artisan update -n'
# args:
# chdir: '{{ codedir }}'
# when: newconf.changed or install.changed
- name: librenms admin user
command: 'php artisan user:add -r admin -e {{ librenms.admin.mail }} -n -p "{{ librenms.admin.pass }}" -vvv {{ librenms.admin.user }}'
args:
chdir: '{{ codedir }}'
when: newconf.changed
- name: rrdcached
lineinfile:
dest: /etc/rc.conf
line: '{{ item.key }}="{{ item.value }}"'
regexp: '^{{ item.key }} *='
with_dict:
rrdcached_enable: 'YES'
rrdcached_flags: '-s _librenms -l /var/run/rrdcached.sock -p /var/run/rrdcached.pid -b /var/db/librenms/rrd/ -U _librenms -G _librenms'
- name: launch rrdcached
service:
name: rrdcached
state: started
enabled: yes
- name: /usr/local/www/librenms/.env
template:
src: files/librenms/dotenv.j2
dest: '{{ codedir }}/.env'
backup: yes
- name: validate
command: 'php validate.php'
args:
chdir: '{{ codedir }}'
- name: chown logs
file:
state: directory
owner: librenms
group: _librenms
mode: '0770'
path: '{{ codedir }}/logs'
- name: DB update/install
command: './build-base.php'
become_user: '_librenms'
become_method: su
args:
chdir: /usr/local/www/librenms
- name: chmod
file:
path: '/usr/local/www/librenms/{{ item }}'
mode: '0750'
owner: librenms
group: _librenms
loop:
- cronic
- discovery-wrapper.py
- poller-wrapper.py</code></pre>
<aside class="notes">Tâches spécifiques à l'appli</aside>
</section>
</section>
<section id="et_alors">
<section><h3>Problèmes</h3>
<ul>
<li class="fragment">Difficile de reprendre le(s) rôle(s) d'un autre…</li>
</ul>
<aside class="notes">Arrivée d'un nouveau de la vieille</aside>
</section>
<section><h3>Réponses ?</h3>
<ul>
<li class="fragment">Une interface <b>simple d'usage</b> juste pour lire/modifier l'inventory ?</li>
<li class="fragment">Rôles réutilisables ailleurs ?</li>
<li class="fragment">Utiliser ansible-vault ?</li>
</ul>
<aside class="notes">C'est moi qui pose les questions…
Rôles: réutilisables si simples ou {{ cloud-based }} ?</aside>
</section>
<section><h3>Questions ?</h3>
<ul>
<address><a href="mailto:Geoffroy Desvernay <[email protected]>">Geoffroy Desvernay <[email protected]></a></address>
</ul>
<aside class="notes"> ?</aside>
</section>
</section>
</div>
</div>
<script src="js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
dependencies: [
{ src: 'plugin/markdown/marked.js' },
{ src: 'plugin/markdown/markdown.js' },
{ src: 'plugin/notes/notes.js', async: true },
{ src: 'plugin/highlight/highlight.js', async: true }
],
progress: true,
autoSlide: 0,
previewLinks: true,
showNotes: false
});
</script>
</body>
</html>