Ansible/Playbook

最小構成のCentOS7マシン(f-c2.sybyl.local)があって、それに調整を施してみる。

まずホストを登録する

[root@c ~]# vi /etc/ansible/hosts
 :
f-c2
 
[root@c ~]#

そして接続テストを行う

[saber@c ansible]$ ansible f-c2 -m ping --user root --ask-pass
SSH password:
f-c2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[saber@c ansible]$

接続は成功の様子

*表記のため「}}」は「}　}」としてます。

- hosts:  g01.sybyl.local
  # samba-ad domainの参加パスワード
  vars_prompt:
  - name: samba_pass
    prompt: "samba administrator's password"
    private: yes
 
  # 実行するtaksを明記
  tasks:
 
  # yum 関連
  - name: yum参照先を追記
    lineinfile: dest=/etc/yum/pluginconf.d/fastestmirror.conf line="prefer=ftp.riken.jp"
  - name: yum clean
    shell: yum clean plugins
  - name: install common packages
    yum: name={{ item } } state=latest
    with_items:
     - epel-release
     - nfs-utils
     - tcsh
     - rsh
     - rsh-server
     - openmpi
     - libpng12
     - compat-libtiff3
     - libtiff
     - evince
     - texlive-latex
     - ghostscript
     - texlive-latex-bin-bin
     - samba-common-tools
     - sssd
     - krb5-workstation
     - sysstat
     - xorg-x11-xauth
     - lm_sensors
     - nvme-cli
     - bash-completion
     - vim-enhanced
     - net-snmp
     - emacs
     - ImageMagick
     - gnuplot
     - fltk-fluid
  - name: yum update
    yum: name=*  state=latest
  - name: install epel packages
    yum: name={{ item } } state=latest
    with_items:
     - iftop
     - hddtemp
     - xpdf
  - name: install 'Development tools'
    yum: name="@Development tools" state=present
 
  # cuda関連
  - name: cudaインストールファイルの転送
    copy: 
      src=cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm
      dest=/root/cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm
      owner=root
      group=root
  - name: cudaインストール
    yum: name=/root/cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm state=present
  - name: install cuda
    yum: name=cuda state=latest
 
  # PBSPro関連
  - name: pbspro ファイル転送
    copy: src=pbspro-execution-14.1.0-0.x86_64.rpm dest=/root/
  - name: pbspro インストール
    yum: name: /root/pbspro-execution-14.1.0-0.x86_64.rpm state: present
 
  - name: pbspro設定(pbs.conf)
    replace: dest=/etc/pbs.conf regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbs.sybyl.local'
  - name: pbspro設定(pbs_environment)
    lineinfile: dest=/var/lib/pbs/pbs_environment line="TZ=Asia/Tokyo"
  - name: pbspro設定 client
    replace: dest=/var/lib/pbs/mom_priv/config regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbs.sybyl.local'
 
  # filesystem
  - name: fstab修正
    blockinfile:
      dest: /etc/fstab
      content: |
         nfs:/home /home nfs rw,hard,intr 0 0
         nfs:/Appl /Appl nfs ro,hard,intr 0 0
         nfs:/data /data nfs rw,hard,intr 0 0
  - name: make nfs mount point 
    file: path=/{{ item } } state=directory owner=root group=root mode=0755
    with_items:
       - Appl
       - data
    follow: yes
 
  # セキュリティー関係
  - name: firewalldを停止
    systemd: name=firewalld enabled=no state=stopped
  - name: selinuxを無効化
    replace: dest=/etc/selinux/config regexp='SELINUX=enforcing' replace='SELINUX=disabled'
 
  # ntp関係
  - name: chronyの停止
    systemd: name=chronyd enabled=no state=stopped
  - name: chronyの削除
    yum: name=chrony state=removed
  - name: ntpのインストール
    yum: name=ntp state=latest
  - name: ntpの設定
    copy:
      dest: /etc/ntp.conf
      content: |
       keys /etc/ntp/keys
       server 192.168.0.3
  - name: step-tickersの設定
    copy:
      dest: /etc/ntp/step-tickers
      content: 192.168.0.3
  - name: ntpの起動
    systemd: name=ntpd enabled=yes state=start
  - name: ntpdateの起動
    systemd: name=ntpdate enabled=yes state=start
 
 
  - name: stat hosts
    stat: path=/etc/hosts
    register: hosts_stat
 
  - name: stat smb
    stat: path=/etc/samba/smb.conf
    register: smb_stat
 
  - name: hostsファイルバックアップ
    command: mv -f /etc/hosts /etc/hosts.old
    when: hosts_stat.stat.exists
 
  - name: smbファイルバックアップ
    command: mv -f /etc/samba/smb.conf /etc/samba/smb.conf.old
    when: smb_stat.stat.exists
 
  - name: hosts作成
    copy:
      dest: /etc/hosts
      content: |
         127.0.0.1     localhost.localdomain localhost
         192.168.0.100 c100.sybyl.local c100
 
  - name: hosts.equiv作成
    copy:
      dest: /etc/hosts.equiv
      content: |
         + +
 
  - name: smb.conf作成
    copy:
      dest: /etc/samba/smb.conf
      content: |
        [global]
        workgroup = SYBYL
        security = ADS
        realm = SYBYL.LOCAL
        log file = /var/log/samba/%m.log
        kerberos method = secrets and keytab
        client signing = yes
        client use spnego = yes
  - name: stat keytab
    stat: path=/etc/krb5.keytab
    register: keytab_stat
  - name: samba ad参加
    command: net ads join osName=CentOS -Uadministrator%{{samba_pass} }
    when: not keytab_stat.stat.exists
  - name: sssd.conf作成
    copy:
      dest: /etc/sssd/sssd.conf
      content: |
        [sssd]
        services = nss, pam
        config_file_version = 2
        domains = sybyl.local
        [domain/sybyl.local]
        id_provider = ad
        access_provider = ad
        enumerate = True
        krb5_keytab = /etc/krb5.keytab
        ldap_id_mapping = False
        ldap_sasl_authid = {{ ansible_hostname } }$@SYBYL.LOCAL
      mode: 0600
  - name: 認証設定
    command: authconfig --enablesssd --enablesssdauth --update
  - name: 認証設定
    systemd:
      name: sssd
      enabled: yes
 
  - name: sshd末尾に追加
    lineinfile: >-
       dest=/etc/ssh/sshd_config
       state=present
       backrefs=yes
       regexp='{{ item.regexp } }'
       line='{{ item.line } }'
    with_items:
    - regexp: '^#HostbasedAuthentication no'
      line: 'HostbasedAuthentication yes'
    - regexp: '^GSSAPICleanupCredentials no'
      line: 'GSSAPICleanupCredentials yes'
 
  - name: rshとrexecを有効に
    command: systemctl enable rsh.socket rexec.socket
 
 
  - name: pbspro
    copy: 
      src=~/rpmbuild/RPMS/x86_64/pbspro-execution-14.1.2-0.x86_64.rpm
      dest=/root/pbspro-execution-14.1.2-0.x86_64.rpm
      owner=root
      group=root
      mode=0755
  - name: pbsproインストール
    yum:
      name: /root/pbspro-execution-14.1.2-0.x86_64.rpm
      state: present
  - name: pbspro設定(pbs.conf)
    replace: dest=/etc/pbs.conf regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbspro.sybyl.local'
  - name: pbspro設定(pbs_environment)
    lineinfile: dest=/var/lib/pbs/pbs_environment   line="TZ=Asia/Tokyo"
  - name: pbspro設定 client
    replace: dest=/var/lib/pbs/mom_priv/config regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbspro.sybyl.local'
 
 
  - name: profile history設定
    blockinfile:
      path: /etc/profile
      block: |
    with_items:
        HISTSIZE=1000
        HISTTIMEFORMAT='%Y/%m/%d %H:%M:%S '
        HISTIGNORE="history:pwd:which:ls"
        if [ "\$HISTCONTROL" = "ignorespace" ] ; then
        export HISTCONTROL=ignoreboth
        else
        export HISTCONTROL=ignoredups
        fi
        export HISTSIZE HISTCONTROL HISTTIMEFORMAT HISTIGNORE
 
  - name: root bashrc
    lineinfile: dest=/root/.bashrc line="alias less='less -X'"
 
  - name: root env
    lineinfile: dest=/root/.vimrc  line="set t_ti= t_te="

御品書き
■samba スキーマ拡張
ユーザ登録(1,2)
win参加 RSAT lin参加

ホームディレクトリ
 共有フォルダ(1)
VSS DC追加 GPO SSO
透過的ファイル圧縮
 Server-Side Copy
ルータ超え時刻同期
 ログオンスクリプト
 NAS参加(1) NFS DFS
Mac参加(NFS)
ownCloud
リモートディスクトップ
 ディスクトップ
 smb3マルチチャンネル
 backup
メモ OpenAM
samba/LDAP XP
nisでsmb
admin-tools