![[PukiWiki]](image/picc.png "[PukiWiki]")
#author("2018-09-14T20:18:12+00:00","default:sysosa","sysosa") #author("2019-10-16T17:10:00+00:00","default:sysosa","sysosa") サンプル[[Ansible/Playbook/sample]] 最小構成のCentOS7マシン(f-c2.sybyl.local)があって、それに調整を施してみる。 まずホストを登録する #code(nonumber){{ [root@c ~]# vi /etc/ansible/hosts : f-c2 [root@c ~]# }} そして接続テストを行う #code(nonumber){{ [saber@c ansible]$ ansible f-c2 -m ping --user root --ask-pass SSH password: f-c2 | SUCCESS => { "changed": false, "ping": "pong" } [saber@c ansible]$ }} 接続は成功の様子 &color(red){*};表記のため「}}」は「} }」としてます。 #code(nonumber){{ - hosts: g01.sybyl.local # samba-ad domainの参加パスワード vars_prompt: - name: samba_pass prompt: "samba administrator's password" private: yes # 実行するtaksを明記 tasks: # yum 関連 - name: yum参照先を追記 lineinfile: dest=/etc/yum/pluginconf.d/fastestmirror.conf line="prefer=ftp.riken.jp" - name: yum clean shell: yum clean plugins - name: install common packages yum: name={{ item } } state=latest with_items: - epel-release - nfs-utils - tcsh - rsh - rsh-server - openmpi - libpng12 - compat-libtiff3 - libtiff - evince - texlive-latex - ghostscript - texlive-latex-bin-bin - samba-common-tools - sssd - krb5-workstation - sysstat - xorg-x11-xauth - lm_sensors - nvme-cli - bash-completion - vim-enhanced - net-snmp - emacs - ImageMagick - gnuplot - fltk-fluid - name: yum update yum: name=* state=latest - name: install epel packages yum: name={{ item } } state=latest with_items: - iftop - hddtemp - xpdf - name: install 'Development tools' yum: name="@Development tools" state=present # cuda関連 - name: cudaインストールファイルの転送 copy: src=cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm dest=/root/cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm owner=root group=root - name: cudaインストール yum: name=/root/cuda-repo-rhel7-8-0-local-8.0.44-1.x86_64.rpm state=present - name: install cuda yum: name=cuda state=latest # PBSPro関連 - name: pbspro ファイル転送 copy: src=pbspro-execution-14.1.0-0.x86_64.rpm dest=/root/ - name: pbspro インストール yum: name: /root/pbspro-execution-14.1.0-0.x86_64.rpm state: present - name: pbspro設定(pbs.conf) replace: dest=/etc/pbs.conf regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbs.sybyl.local' - name: pbspro設定(pbs_environment) lineinfile: dest=/var/lib/pbs/pbs_environment line="TZ=Asia/Tokyo" - name: pbspro設定 client replace: dest=/var/lib/pbs/mom_priv/config regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbs.sybyl.local' # filesystem - name: fstab修正 blockinfile: dest: /etc/fstab content: | nfs:/home /home nfs rw,hard,intr 0 0 nfs:/Appl /Appl nfs ro,hard,intr 0 0 nfs:/data /data nfs rw,hard,intr 0 0 - name: make nfs mount point file: path=/{{ item } } state=directory owner=root group=root mode=0755 with_items: - Appl - data follow: yes # セキュリティー関係 - name: firewalldを停止 systemd: name=firewalld enabled=no state=stopped - name: selinuxを無効化 replace: dest=/etc/selinux/config regexp='SELINUX=enforcing' replace='SELINUX=disabled' # ntp関係 - name: chronyの停止 systemd: name=chronyd enabled=no state=stopped - name: chronyの削除 yum: name=chrony state=removed - name: ntpのインストール yum: name=ntp state=latest - name: ntpの設定 copy: dest: /etc/ntp.conf content: | keys /etc/ntp/keys server 192.168.0.3 - name: step-tickersの設定 copy: dest: /etc/ntp/step-tickers content: 192.168.0.3 - name: ntpの起動 systemd: name=ntpd enabled=yes state=start - name: ntpdateの起動 systemd: name=ntpdate enabled=yes state=start - name: stat hosts stat: path=/etc/hosts register: hosts_stat - name: stat smb stat: path=/etc/samba/smb.conf register: smb_stat - name: hostsファイルバックアップ command: mv -f /etc/hosts /etc/hosts.old when: hosts_stat.stat.exists - name: smbファイルバックアップ command: mv -f /etc/samba/smb.conf /etc/samba/smb.conf.old when: smb_stat.stat.exists - name: hosts作成 copy: dest: /etc/hosts content: | 127.0.0.1 localhost.localdomain localhost 192.168.0.100 c100.sybyl.local c100 - name: hosts.equiv作成 copy: dest: /etc/hosts.equiv content: | + + - name: smb.conf作成 copy: dest: /etc/samba/smb.conf content: | [global] workgroup = SYBYL security = ADS realm = SYBYL.LOCAL log file = /var/log/samba/%m.log kerberos method = secrets and keytab client signing = yes client use spnego = yes - name: stat keytab stat: path=/etc/krb5.keytab register: keytab_stat - name: samba ad参加 command: net ads join osName=CentOS -Uadministrator%{{samba_pass} } when: not keytab_stat.stat.exists - name: sssd.conf作成 copy: dest: /etc/sssd/sssd.conf content: | [sssd] services = nss, pam config_file_version = 2 domains = sybyl.local [domain/sybyl.local] id_provider = ad access_provider = ad enumerate = True krb5_keytab = /etc/krb5.keytab ldap_id_mapping = False ldap_sasl_authid = {{ ansible_hostname } }$@SYBYL.LOCAL mode: 0600 - name: 認証設定 command: authconfig --enablesssd --enablesssdauth --update - name: 認証設定 systemd: name: sssd enabled: yes - name: sshd末尾に追加 lineinfile: >- dest=/etc/ssh/sshd_config state=present backrefs=yes regexp='{{ item.regexp } }' line='{{ item.line } }' with_items: - regexp: '^#HostbasedAuthentication no' line: 'HostbasedAuthentication yes' - regexp: '^GSSAPICleanupCredentials no' line: 'GSSAPICleanupCredentials yes' - name: rshとrexecを有効に command: systemctl enable rsh.socket rexec.socket - name: pbspro copy: src=~/rpmbuild/RPMS/x86_64/pbspro-execution-14.1.2-0.x86_64.rpm dest=/root/pbspro-execution-14.1.2-0.x86_64.rpm owner=root group=root mode=0755 - name: pbsproインストール yum: name: /root/pbspro-execution-14.1.2-0.x86_64.rpm state: present - name: pbspro設定(pbs.conf) replace: dest=/etc/pbs.conf regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbspro.sybyl.local' - name: pbspro設定(pbs_environment) lineinfile: dest=/var/lib/pbs/pbs_environment line="TZ=Asia/Tokyo" - name: pbspro設定 client replace: dest=/var/lib/pbs/mom_priv/config regexp='CHANGE_THIS_TO_PBS_PRO_SERVER_HOSTNAME' replace='pbspro.sybyl.local' - name: profile history設定 blockinfile: path: /etc/profile block: | with_items: HISTSIZE=1000 HISTTIMEFORMAT='%Y/%m/%d %H:%M:%S ' HISTIGNORE="history:pwd:which:ls" if [ "\$HISTCONTROL" = "ignorespace" ] ; then export HISTCONTROL=ignoreboth else export HISTCONTROL=ignoredups fi export HISTSIZE HISTCONTROL HISTTIMEFORMAT HISTIGNORE - name: root bashrc lineinfile: dest=/root/.bashrc line="alias less='less -X'" - name: root env lineinfile: dest=/root/.vimrc line="set t_ti= t_te=" }}
