miroir de
https://github.com/PAPAMICA/Wiki-Tech.io.git
synchronisé 2024-10-02 20:45:45 +02:00
docs: update Configuration/Ansible/Installation
Cette révision appartient à :
Parent
0fe71f9db3
révision
7b61edf307
1 fichiers modifiés avec 88 ajouts et 1 suppressions
|
@ -2,7 +2,7 @@
|
||||||
title: Ansible - Installation et configuration
|
title: Ansible - Installation et configuration
|
||||||
description: Mettre en place Ansible dans son environnement
|
description: Mettre en place Ansible dans son environnement
|
||||||
published: true
|
published: true
|
||||||
date: 2021-07-08T17:18:58.350Z
|
date: 2021-07-08T17:36:05.922Z
|
||||||
tags: ansible, configuration
|
tags: ansible, configuration
|
||||||
editor: markdown
|
editor: markdown
|
||||||
dateCreated: 2021-07-08T17:18:58.350Z
|
dateCreated: 2021-07-08T17:18:58.350Z
|
||||||
|
@ -83,3 +83,90 @@ ou installation (raw ne dépend pas de python côté client)
|
||||||
ansible myhost --become -m raw -a "yum install -y python2"
|
ansible myhost --become -m raw -a "yum install -y python2"
|
||||||
```
|
```
|
||||||
Doc : https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#ansible-python-interpreter
|
Doc : https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#ansible-python-interpreter
|
||||||
|
|
||||||
|
# Configuration SSH
|
||||||
|
|
||||||
|
<div class="video-responsive">
|
||||||
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/dpDQ94huxmI" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
## Principes clefs
|
||||||
|
* clef privée
|
||||||
|
* clef privée
|
||||||
|
* type de clef / algorithme (rsa, dsa, ecdsa)
|
||||||
|
* longeur de clef (dépend de l'algo ecdsa 521)
|
||||||
|
|
||||||
|
## Gestion d'une clef SSH
|
||||||
|
|
||||||
|
### Génération via ssh-keygen
|
||||||
|
```bash
|
||||||
|
ssh-keygen -t ecdsa -b 521
|
||||||
|
```
|
||||||
|
|
||||||
|
Spécifier la localisation de sortie
|
||||||
|
```bash
|
||||||
|
ssh-keygen -t ecdsa -b 521 -f /myhome/.ssh/maclefprivee
|
||||||
|
```
|
||||||
|
|
||||||
|
> Configurez une passphrase sinon une clef ssh est plus dangereuse qu'un password
|
||||||
|
{.is-warning}
|
||||||
|
|
||||||
|
### Ajout de votre clef publique sur le host distant
|
||||||
|
```bash
|
||||||
|
vim /home/user/.ssh/authorized_keys
|
||||||
|
```
|
||||||
|
Ou via ssh-copy-id
|
||||||
|
```bash
|
||||||
|
ssh-copy-id -i /myhome/.ssh/maclefprivee xavki@monhost
|
||||||
|
```
|
||||||
|
|
||||||
|
Remarque : specific pour une ip
|
||||||
|
```bash
|
||||||
|
from="10.0.0.?,*.example.com",no-X11-forwarding ssh-rsa AB3Nz...EN8w== xavki@monhost
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### Utilisation de la clef
|
||||||
|
```bash
|
||||||
|
ssh -i /localisation/clef/privee xavki@monhost
|
||||||
|
```
|
||||||
|
|
||||||
|
Ou plus facilement par un agent ssh (embarque votre configuration ssh)
|
||||||
|
|
||||||
|
Check si un agent tourne
|
||||||
|
```bash
|
||||||
|
ps -p $SSH_AGENT_PID
|
||||||
|
```
|
||||||
|
Lancement d'un agent ssh
|
||||||
|
```bash
|
||||||
|
eval `ssh-agent`
|
||||||
|
```
|
||||||
|
Ajout de la clef à l'agent
|
||||||
|
```bash
|
||||||
|
ssh-add
|
||||||
|
```
|
||||||
|
Check de la clef de l'agent
|
||||||
|
```bash
|
||||||
|
ssh-add -l
|
||||||
|
```
|
||||||
|
|
||||||
|
Exemple :
|
||||||
|
```bash
|
||||||
|
touch ~/.ssh/config
|
||||||
|
chmod 600 ~/.ssh/config
|
||||||
|
cat ~/.ssh/config
|
||||||
|
|
||||||
|
Host * !monhost*
|
||||||
|
User vagrant
|
||||||
|
Port 22
|
||||||
|
IdentityFile /myhome/.ssh/maclefprivee
|
||||||
|
LogLevel INFO
|
||||||
|
Compression yes
|
||||||
|
ForwardAgent yes
|
||||||
|
ForwardX11 yes
|
||||||
|
```
|
||||||
|
|
||||||
|
Astuce pour bypasser la conf
|
||||||
|
```bash
|
||||||
|
ssh -F /dev/null xavki@monhost
|
||||||
|
```
|
Chargement…
Référencer dans un nouveau ticket