知り合いが、構築をIaCで行っているそうで、関連知識を深めようと思います。
前回からの続きで、実際の設定(更新/基本ツール/タイムゾーン)は以下のようなファイルになります。
6) Role: base
– name: Set timezone
community.general.timezone:
name: “{{ timezone }}”
– name: Update packages (Debian/Ubuntu)
ansible.builtin.apt:
update_cache: true
upgrade: dist
when: ansible_facts.os_family == “Debian”
– name: Install base packages (Debian/Ubuntu)
ansible.builtin.apt:
name:
– curl
– wget
– ca-certificates
– jq
– unzip
– chrony
state: present
when: ansible_facts.os_family == “Debian”
– name: Update packages (RHEL/Amazon Linux)
ansible.builtin.dnf:
name: “*”
state: latest
when: ansible_facts.os_family == “RedHat”
– name: Install base packages (RHEL/Amazon Linux)
ansible.builtin.dnf:
name:
– curl
– wget
– ca-certificates
– jq
– unzip
– chrony
state: present
when: ansible_facts.os_family == “RedHat”
– name: Enable and start chronyd
ansible.builtin.service:
name: chronyd
state: started
enabled: true
ユーザ設定は以下のようになります。
7) Role: users
– name: Ensure admin group exists (Debian)
ansible.builtin.group:
name: sudo
state: present
when: ansible_facts.os_family == “Debian”
– name: Ensure admin group exists (RedHat)
ansible.builtin.group:
name: wheel
state: present
when: ansible_facts.os_family == “RedHat”
– name: Create admin user
ansible.builtin.user:
name: “{{ admin_user }}”
shell: /bin/bash
groups: “{{ ‘sudo’ if ansible_facts.os_family == ‘Debian’ else ‘wheel’ }}”
append: true
create_home: true
state: present
– name: Add authorized keys for admin user
ansible.builtin.authorized_key:
user: “{{ admin_user }}”
key: “{{ item }}”
state: present
loop: “{{ admin_pubkeys }}”
– name: Ensure sudoers for admin user (passwordless)
ansible.builtin.copy:
dest: “/etc/sudoers.d/{{ admin_user }}”
content: “{{ admin_user }} ALL=(ALL) NOPASSWD:ALL\n”
owner: root
group: root
mode: “0440”
入会申込
ログイン
