20210805 (목) ansible 실습3

sudoers.d/ansible 추가시 permission denied. 문제발생

wheel 그룹 추가로 대신함 

  → $ usermod -a -G wheel ansible_user01

 

[user@ansible-server project1]$ cat 0805_q2.yaml
---
- name: Q2
  hosts: control, servers
  become: true

  tasks:
  - name: create a user
    user:
      name: ansible_user01
      state: present
      uid: 2000
      password: "{{ 'ansiblepass!' | password_hash('sha512') }}"
    register: result_user
  - name: print password
    debug:
      msg: "{{ result_user }}"

[user@ansible-server project1]$ cat 0805_q3.yaml
---
- name: Q3
  hosts: control, servers
  become: true

  tasks:
  - name: enable public key authentication
    authorized_key:
      user: ansible_user01
      state: present
#     key: ~/.ssh/id_rsa.pub
      key: "{{ lookup('file', '/home/user/.ssh/id_rsa.pub') }}"
[user@ansible-server project1]$ cat 0805_q4.yaml
---
- name: Q4
  hosts: all
  become: true

  tasks:
  - name: create directory
    file:
      dest: /etc/sudoers.d/
      state: directory
      mode: "0600"

  - name: edit sudoers file
    copy:
      dest: /etc/sudoers.d/ansible
      content: ansible_user01 ALL=(ALL) NOPASSWD:ALL
[user@ansible-server project1]$ cat 0805_q5.yaml
---
- name: Q5
  hosts: all
  become: true

  tasks:
  - name: create a configuration file
    copy:
      dest: /home/ansible_user01/project1/ansible.cfg
      recurse: true
      content:
      - inventory: ./inventory.ini
      - remote_user: ansible_user01
      -
[user@ansible-server project1]$ cat 0805_q6.yaml
---
- name: Q6_web
  hosts: webservers
  become: true
  vars:
    web_package: httpd
    firewall_package: firewalld
    php_package: php
    web_service: httpd
    firewall_service: firewalld
    web_svc_name: http

  tasks:
  - name: "install {{ web_package }}"
    yum:
      name: "{{ web_package }}"
      state: latest
  - name: "install {{ firewall_package }}"
    yum:
      name: "{{ firewall_package }}"
      state: latest
  - name: "install {{ php_package }}"
    yum:
      name: "{{ php_package }}"
      state: latest

  - name: "enable {{ web_service }}"
    service:
      name: "{{ web_service }}"
      state: started
  - name: "enable {{ firewall_service }}"
    service:
      name: "{{ firewall_service }}"
      state: started

  - name: "allow {{ web_service }}"
    firewalld:
      service: "{{ web_svc_name }}"
      state: enabled
      permanent: true
      immediate: true

- name: Q6_db
  hosts: dbservers
  vars:
    db_package: mariadb-server
    firewall_package: firewalld
    db_service: mariadb
    firewall_service: firewalld
    db_svc_name: mysql
  become: true

  tasks:
  - name: "install {{ firewall_package }}"
    yum:
      name: "{{ firewall_package }}"
      state: latest
  - name: "install {{ db_package }}"
    yum:
      name: "{{ db_package }}"
      state: latest
  - name: "enable {{ firewall_service }}"
    service:
      name: "{{ firewall_service }}"
      state: started
  - name: "enable {{ db_service }}"
    service:
      name: "{{ db_service }}"
      state: started

  - name: "allow {{ db_service }}"
    firewalld:
      service: "{{ db_svc_name }}"
      state: enabled
      permanent: true
      immediate: true
[user@ansible-server project1]$