Playbook for initial setup

ansible-initial-debian-setup/README.md

@@ -19,6 +19,9 @@ On va utiliser une VM debian comme control node.
 
 ## Setup control node Debian 12.5
 
+
+### Install Ansible
+
 Mon control node est `192.168.1.181`.
 
 - `su -` (pas encore installé `sudo`)
@@ -32,19 +35,71 @@ Mon control node est `192.168.1.181`.
 
 MIEUX de tout faire en `sudo` je suppose. On va aussi installer `etckeeper`.
 
+### Install Git et clone repo...
+
+... où j'ai ma config `ansible.cfg` et mon `inventory.ini`.
+
 ## D'abord commandes ad-hoc pour tester
 
+### Ping
 
+```
+$ ansible -i ./inventory.ini all -m ping -u debian -k
+SSH password: 
+192.168.1.18 | SUCCESS => {
+    "ansible_facts": {
+        "discovered_interpreter_python": "/usr/bin/python3"
+    },
+    "changed": false,
+    "ping": "pong"
+}
+192.168.1.85 | SUCCESS => {
+    "ansible_facts": {
+        "discovered_interpreter_python": "/usr/bin/python3"
+    },
+    "changed": false,
+    "ping": "pong"
+}
+192.168.1.109 | SUCCESS => {
+    "ansible_facts": {
+        "discovered_interpreter_python": "/usr/bin/python3"
+    },
+    "changed": false,
+    "ping": "pong"
+}
 
+```
 
-### Ping
+### `setup`
 
 ```
-ansible -i ./inventory.ini all -m ping -u debian
+ansible -i ./inventory.ini all -m setup -k
 ```
 
+Produit une *énorme* sortie.
+
+## Setup initial
+
+`sudo` n'est pas installé sur les managed nodes.
+
+On va essayer de tout config en utilisant un vault pour le password root.
+
+```
+$ ansible-vault create creds.yml
+```
+
+stocke dedans :
+
+```
+root_password: ******
+```
+
+Playbook `playbook-initial-setup.yml`. 
+
+Le jouer :
+
 ```
-ansible all -m ansible.builtin.setup
+ansible-playbook playbook-initial-setup.yml -i inventory.ini all -k
 ```
 
 

ansible-initial-debian-setup/playbook-initial-setup.yml

@@ -0,0 +1,13 @@
+---
+- hosts: all
+  gather_facts: no  # Désactive la collecte d'informations car cela nécessite Python
+  vars_files:
+    - root-creds.yml
+  tasks:
+  - name: Install sudo on Debian VMs
+    raw: apt-get update && apt-get install -y sudo
+    become: yes
+    become_method: su
+    become_user: root
+    vars:
+      ansible_become_password: "{{ root_password }}"

ansible-initial-debian-setup/root-creds.yml

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+31643535623531346537366431316239343161393636633061653335313866396430623537336635
+6133386165313337626565346132333534643266326533350a396333653031383338333862386638
+62353333623935333064636431376364376339393639306166323865353538656162303239353636
+6133663031633063340a363730366165343131333037306339356233363134636562373134626163
+37323131343966633131316138343862353734326531323637373266303332616439