- name: restart machine
hosts: all
tasks:
- name: Reboot
ansible.builtin.reboot: reboot_timeout=600
become: true
- name: Ping Connection
ansible.builtin.ping:
sudoさせるために 「/etc/sudoers」で「%wheel ALL=(ALL) ALL」が有効なら
- name: add sub-groups
hosts: all
tasks:
- name: add wheel group
ansible.builtin.user:
name: illya
append: true
groups: wheel
ymlに記載するパスワードは暗号化された文字列が必要で、それは「mkpasswd」で作れる 「dnf install mkpasswd」
暗号化パスワードは下記のようにして作れる
[illya@ansible ~]$ mkpasswd --method=sha-512
Password: <-- 文字列を入力
$6$tveNM6usjLPC.LXd$qZ39A8BfNI08g5uB3k454h85GzVfEEUgSnqS5HflQtXqETFv75wNALEif.Ag50PWtbJ5Mz7MyWBkJ5JxKsvDe/ <--- 作られた文字列
この文字列を組み込んで使う
- name: password change
hosts: all
tasks:
- name: user illya's password change
ansible.builtin.user:
name: illya
password: $6$tveNM6usjLPC.LXd$qZ39A8BfNI08g5uB3k454h85GzVfEEUgSnqS5HflQtXqETFv75wNALEif.Ag50PWtbJ5Mz7MyWBkJ5JxKsvDe/
sudoできるローカルユーザがあるなら、rootアカウントのロックもいいのかも.
- name: account rock
hosts: all
tasks:
- name: root account rock
ansible.builtin.user:
name: root
password_lock: true
- name: modify etc/profile
hosts: all
tasks:
- name: install chrony
yum:
name: chrony
state: latest
- name: change chrony.conf
copy:
dest: /etc/chrony.conf
content: |
server c.sybyl.local iburst
sourcedir /run/chrony-dhcp
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
ntsdumpdir /var/lib/chrony
leapsectz right/UTC
logdir /var/log/chrony
- name: restart chrony
systemd:
name: chronyd.service
state: restarted
daemon_reload: yes
enabled: yes
これを「mod-chrony-ntp.yml」として
ansible-playbook -i hosts mod-chrony-ntp.yml --syntax-check
ansible-playbook -i hosts mod-chrony-ntp.yml --user root --check
ansible-playbook -i hosts mod-chrony-ntp.yml --user root
- name: modify etc/profile
hosts: all
tasks:
- lineinfile: dest=/etc/profile line="export HISTTIMEFORMAT='%Y/%m/%d %H:%M:%S '"
---
- name: modify etc/fstab
hosts: webserver
tasks:
- blockinfile:
dest: /etc/fstab
content: |
nfs:/home /home nfs rw,hard,intr 0 0
- name: create user
hosts: all
tasks:
- name: groupadd
group:
name: munge
gid: 5001
- name: useradd
user:
name: munge
uid: 5001
group: munge
shell: /bin/bash
create_home: false
事前に「environment-modules」パッケージが入っていることが必要ですけど
- hosts: all
# mofulesfiles add /home/Common/modulefiles
#
tasks:
# edit /usr/share/Modules/init/.modulespath
#
- name: append '/home/Common/modulefiles' to /usr/share/Modules/init/.modulespath
blockinfile:
dest: /usr/share/Modules/init/.modulespath
block: |
/home/Common/modulefiles
これを「modulefiles.yml」として
ansible-playbook -i g00, --user root ./modulefiles.yml
とかで実施すると、g00マシンにansibleが適用される
例えば、openmpi3なら
- hosts:all
tasks:
# yum install openmpi3:
- name: install openmpi3 and openmpi3-devel
yum: name=openmpi3-devel state=latest
run:
ansible-playbook -i em01, --user root openmpi3.yml