ansible/README.md

# Playbook et rôles Ansible d'Aurore

Pour cloner ce projet :

```
git clone --recursive git@gitlab.federez.net:erdnaxe/ansible-role-ldap-client.git
```

## Exécution d'un playbook

Pour tester :
```bash
ansible-playbook --ask-vault-pass -bK -i hosts base.yml --check --diff
```

Pour appliquer :
```bash
ansible-playbook --ask-vault-pass -bK -i hosts base.yml
```

## FAQ

### Mettre sa clé SSH sur une machine

```
ssh-copy-id -i ~/.ssh/id_rsa_aurore.pub virtu.fede-aurore.net
```

### Automatiquement ajouter fingerprint ECDSA (dangereux !)

Il faut changer la variable d'environnement suivante :
`ANSIBLE_HOST_KEY_CHECKING=0`.

### Configurer la connexion au bastion

Envoyer son agent SSH peut être dangereux ([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).

On va utiliser plutôt ProxyCommand.
Dans la configuration SSH :

```
# Keep session alive only for bastion
Host proxy.auro.re
    ControlMaster auto
    ControlPath ~/.ssh/%r@%h:%p

# Use a key to log on all Aurore servers
# and use a bastion
Host 10.128.0.*
    IdentityFile ~/.ssh/id_rsa_aurore
    ProxyCommand ssh -q -W %h:%p proxy.auro.re
```
Initial commit 2018-12-23 12:20:19 +01:00			`# Playbook et rôles Ansible d'Aurore`

Add roles as submodules 2018-12-23 12:25:52 +01:00			`Pour cloner ce projet :`

			```
			`git clone --recursive git@gitlab.federez.net:erdnaxe/ansible-role-ldap-client.git`
			```

Initial commit 2018-12-23 12:20:19 +01:00			`## Exécution d'un playbook`

Add a way to test 2018-12-24 10:50:22 +01:00			`Pour tester :`
			```bash
Execute playbook with become activated 2018-12-27 10:27:20 +01:00			`ansible-playbook --ask-vault-pass -bK -i hosts base.yml --check --diff`
Add a way to test 2018-12-24 10:50:22 +01:00			```

			`Pour appliquer :`
Initial commit 2018-12-23 12:20:19 +01:00			```bash
Execute playbook with become activated 2018-12-27 10:27:20 +01:00			`ansible-playbook --ask-vault-pass -bK -i hosts base.yml`
Initial commit 2018-12-23 12:20:19 +01:00			```

			`## FAQ`

Inventory clean up 2018-12-23 16:09:12 +01:00			`### Mettre sa clé SSH sur une machine`

			```
			`ssh-copy-id -i ~/.ssh/id_rsa_aurore.pub virtu.fede-aurore.net`
			```

Initial commit 2018-12-23 12:20:19 +01:00			`### Automatiquement ajouter fingerprint ECDSA (dangereux !)`

			`Il faut changer la variable d'environnement suivante :`
			`ANSIBLE_HOST_KEY_CHECKING=0`.

			`### Configurer la connexion au bastion`

Don't use SSH agent 2018-12-28 11:30:18 +01:00			`Envoyer son agent SSH peut être dangereux ([source](https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/)).`

			`On va utiliser plutôt ProxyCommand.`
Initial commit 2018-12-23 12:20:19 +01:00			`Dans la configuration SSH :`

			```
			`# Keep session alive only for bastion`
			`Host proxy.auro.re`
			`ControlMaster auto`
			`ControlPath ~/.ssh/%r@%h:%p`

Don't use SSH agent 2018-12-28 11:30:18 +01:00			`# Use a key to log on all Aurore servers`
			`# and use a bastion`
			`Host 10.128.0.*`
Initial commit 2018-12-23 12:20:19 +01:00			`IdentityFile ~/.ssh/id_rsa_aurore`
Don't use SSH agent 2018-12-28 11:30:18 +01:00			`ProxyCommand ssh -q -W %h:%p proxy.auro.re`
Initial commit 2018-12-23 12:20:19 +01:00			```
Don't use SSH agent 2018-12-28 11:30:18 +01:00