feat: initial commit
This commit is contained in:
lucasdpt
@@ -0,0 +1,5 @@
|
||||
[defaults]
|
||||
host_key_checking = False
|
||||
retry_files_enabled = False
|
||||
stdout_callback = yaml
|
||||
interpreter_python = auto_silent
|
||||
@@ -0,0 +1,8 @@
|
||||
[ubuntu]
|
||||
ubuntu_mysql ansible_host=192.168.56.10 ansible_user=vagrant ansible_ssh_private_key_file=.vagrant/machines/ubuntu/virtualbox/private_key
|
||||
|
||||
[debian]
|
||||
debian_client ansible_host=192.168.56.11 ansible_user=vagrant ansible_ssh_private_key_file=.vagrant/machines/debian/virtualbox/private_key
|
||||
|
||||
[all:vars]
|
||||
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: Préparer les deux VMs
|
||||
hosts: all
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Mettre à jour le cache apt
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
@@ -0,0 +1,52 @@
|
||||
---
|
||||
- name: Installer Docker et lancer MySQL sur Ubuntu
|
||||
hosts: ubuntu
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Installer Docker
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- docker.io
|
||||
state: present
|
||||
|
||||
- name: Démarrer Docker au boot
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Vérifier si le conteneur MySQL existe déjà
|
||||
ansible.builtin.command: docker inspect tp-mysql
|
||||
register: mysql_container
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
|
||||
- name: Lancer le conteneur MySQL
|
||||
ansible.builtin.command: >-
|
||||
docker run -d
|
||||
--name tp-mysql
|
||||
--restart unless-stopped
|
||||
-e MYSQL_ROOT_PASSWORD={{ mysql_root_password }}
|
||||
-e MYSQL_DATABASE={{ mysql_database }}
|
||||
-p {{ mysql_host }}:{{ mysql_port }}:3306
|
||||
mysql:8.0
|
||||
when: mysql_container.rc != 0
|
||||
|
||||
- name: Attendre que MySQL réponde dans le conteneur
|
||||
ansible.builtin.command: >-
|
||||
docker exec tp-mysql mysqladmin ping
|
||||
-uroot -p{{ mysql_root_password }}
|
||||
register: mysql_ping
|
||||
retries: 30
|
||||
delay: 5
|
||||
until: mysql_ping.rc == 0
|
||||
changed_when: false
|
||||
|
||||
- name: Afficher docker ps
|
||||
ansible.builtin.command: docker ps --filter name=tp-mysql
|
||||
register: docker_ps
|
||||
changed_when: false
|
||||
|
||||
- name: Debug docker ps
|
||||
ansible.builtin.debug:
|
||||
var: docker_ps.stdout_lines
|
||||
@@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Configurer UFW sur Ubuntu
|
||||
hosts: ubuntu
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Installer UFW
|
||||
ansible.builtin.apt:
|
||||
name: ufw
|
||||
state: present
|
||||
|
||||
- name: Autoriser SSH
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: '22'
|
||||
proto: tcp
|
||||
|
||||
- name: Autoriser MySQL seulement depuis le réseau privé des VMs
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
from_ip: "{{ mysql_network_cidr }}"
|
||||
to_port: "{{ mysql_port }}"
|
||||
proto: tcp
|
||||
|
||||
- name: Activer UFW avec refus entrant par défaut
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
policy: deny
|
||||
direction: incoming
|
||||
@@ -0,0 +1,27 @@
|
||||
---
|
||||
- name: Installer le client MySQL sur Debian et tester le port
|
||||
hosts: debian
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Installer le client MySQL/MariaDB
|
||||
ansible.builtin.apt:
|
||||
name: default-mysql-client
|
||||
state: present
|
||||
|
||||
- name: Vérifier que le port 3306 est joignable depuis Debian
|
||||
ansible.builtin.wait_for:
|
||||
host: "{{ mysql_host }}"
|
||||
port: "{{ mysql_port }}"
|
||||
timeout: 30
|
||||
|
||||
- name: Tester la connexion MySQL depuis Debian
|
||||
ansible.builtin.command: >-
|
||||
mysql -h {{ mysql_host }} -P {{ mysql_port }}
|
||||
-uroot -p{{ mysql_root_password }}
|
||||
-e "SELECT 'Connexion OK depuis Debian' AS test;"
|
||||
register: mysql_test
|
||||
changed_when: false
|
||||
|
||||
- name: Afficher le test de connexion
|
||||
ansible.builtin.debug:
|
||||
var: mysql_test.stdout_lines
|
||||
@@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: Copier et exécuter le fichier SQL depuis Debian vers MySQL Ubuntu
|
||||
hosts: debian
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Copier le fichier schema.sql sur Debian
|
||||
ansible.builtin.copy:
|
||||
src: ../../sql/schema.sql
|
||||
dest: /tmp/schema.sql
|
||||
mode: '0644'
|
||||
|
||||
- name: Créer la table définie dans le fichier SQL sur MySQL Ubuntu
|
||||
ansible.builtin.shell: >-
|
||||
mysql -h {{ mysql_host }} -P {{ mysql_port }}
|
||||
-uroot -p{{ mysql_root_password }}
|
||||
{{ mysql_database }} < /tmp/schema.sql
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: true
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Vérifier la création de table directement sur Ubuntu
|
||||
hosts: ubuntu
|
||||
become: yes
|
||||
tasks:
|
||||
- name: SHOW TABLES dans le conteneur MySQL
|
||||
ansible.builtin.command: >-
|
||||
docker exec tp-mysql mysql
|
||||
-uroot -p{{ mysql_root_password }}
|
||||
{{ mysql_database }}
|
||||
-e "SHOW TABLES;"
|
||||
register: show_tables
|
||||
changed_when: false
|
||||
|
||||
- name: Afficher les tables
|
||||
ansible.builtin.debug:
|
||||
var: show_tables.stdout_lines
|
||||
@@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Bonus - créer un utilisateur non sudo capable d'appeler MySQL
|
||||
hosts: debian
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Créer l'utilisateur non sudo mysqlcaller
|
||||
ansible.builtin.user:
|
||||
name: mysqlcaller
|
||||
shell: /bin/bash
|
||||
create_home: yes
|
||||
state: present
|
||||
|
||||
- name: Créer un fichier .my.cnf pour mysqlcaller
|
||||
ansible.builtin.copy:
|
||||
dest: /home/mysqlcaller/.my.cnf
|
||||
owner: mysqlcaller
|
||||
group: mysqlcaller
|
||||
mode: '0600'
|
||||
content: |
|
||||
[client]
|
||||
host={{ mysql_host }}
|
||||
port={{ mysql_port }}
|
||||
user=root
|
||||
password={{ mysql_root_password }}
|
||||
database={{ mysql_database }}
|
||||
|
||||
- name: Tester MySQL avec l'utilisateur non sudo
|
||||
ansible.builtin.command: sudo -u mysqlcaller mysql -e "SHOW TABLES;"
|
||||
register: mysqlcaller_test
|
||||
changed_when: false
|
||||
|
||||
- name: Afficher le test du user non sudo
|
||||
ansible.builtin.debug:
|
||||
var: mysqlcaller_test.stdout_lines
|
||||
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- import_playbook: playbooks/01-common.yml
|
||||
- import_playbook: playbooks/02-ubuntu-docker-mysql.yml
|
||||
- import_playbook: playbooks/03-ubuntu-ufw.yml
|
||||
- import_playbook: playbooks/04-debian-client.yml
|
||||
- import_playbook: playbooks/05-debian-import-sql.yml
|
||||
- import_playbook: playbooks/06-ubuntu-verify.yml
|
||||
- import_playbook: playbooks/07-bonus-debian-user.yml
|
||||
Reference in New Issue
Block a user