-
make the account for exec ssh
$ useradd deploy_user$ usermod -G wheel deploy_user$ passwd deploy_user -
if use PasswordAuthentication
- modify target host's
/etc/ssh/sshd_config=>PasswordAuthentication no->PasswordAuthentication yes - add
ansible.cfg=>[defaults] ask_pass = True
- if use PortForwarding
- modify target host's
/etc/ssh/sshd_config=>#AllowAgentForwarding yes->AllowAgentForwarding yes
-
If you use AWS as infrastructure, you need plus
$ sudo cp -arp /home/<ec2-user or centos>/.ssh /home/deploy_user/$ sudo chown -R deploy_user /home/deploy_user/.ssh$ sudo visudo -f /etc/sudoers.d/cloud-initdeploy_user ALL = (ALL) ALL #<- 追記 -
Check this vars for your project
vars/all.yml
- Playbook file : site.yml
- Inventory files : deployment / production
- Config file : ansible.cfg
- under tasks always read the vars file,
vars/all.yml- common
- git
- ruby
- postgres
- target hosts in /site.yml
- target IP in Inventory files, /developer or /production
- vars else in Var files, /vars/all, /vars/development or /vars/production
- secret vars (like password) in Var files, /secrets.yml
- how to edit
- $ ansible-vault decrypt secrets.yml
- $ vi secrets.yml
- $ ansible-vault encrypt secrets.yml
- how to edit
$ ansible-playbook site.yml -i development -vvvv$ ansible-playbook site.yml -i development -K -vvvv --ask-vault-pass
- 対象ホストへのSSHユーザは
deploy_userとしています. 対象ホストにこのアカウントを作成してください. - SSH秘密鍵名は
id_rsaとしています. 実行ホストに$HOME/.ssh/id_rsa, 対象ホストに/home/deploy_user/.ssh/id_rsa.pubを用意してください. ※ ansible.cfgにて設定
-
Select the inventory file with option
-i$ ansible -i <Inventory file name> <hosts or groups name>ex.$ ansible -i development all -m ping$ ansible-playbook site.yml -i production -
対象ホストに指定ユーザを作成
- 設定したいパスワードのハッシュを作成
- ansibleでユーザ作成
$ ansible development web -m user -a "name=tomcat_user group=wheel password=xxxxxxxxxx shell=/bin/zsh createhome=no"$ ansible development hosts -m user -a "name=testuser group=wheel password=xxxxxxxxxx shell=/bin/bash createhome=yes"