Merge branch 'master' of github.com:CloudMOA/public-ds-cluster-env

ansible/roles/security-settings/defaults/main.yml

@@ -27,3 +27,17 @@ pwquality_ocredit: -1
 sshrootlogin: 'no'
 sshmainport: 22
 ssh_service_name: sshd
+
+# Crictl setup
+crictl_app: crictl
+crictl_version: 1.25.0
+crictl_os: linux
+crictl_arch: amd64
+crictl_dl_url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/{{ crictl_app }}-v{{ crictl_version }}-{{ crictl_os }}-{{ crictl_arch }}.tar.gz
+crictl_bin_path: /usr/local/bin
+crictl_file_owner: root
+crictl_file_group: root
+
+# temp
+username: 
+password: 

ansible/roles/security-settings/tasks/admin_set.yml

@@ -0,0 +1,14 @@
+---
+- name: key add
+  authorized_key:
+    user: ubuntu
+    state: present
+    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+    manage_dir: False
+
+- name: user change
+  user:
+    name: "{{ username }}"
+    password: "{{ password | password_hash('sha512') }}"
+    state: present
+

ansible/roles/security-settings/tasks/crictl.yml

@@ -0,0 +1,18 @@
+---
+- name: Downloading and extracting {{ crictl_app }} {{ crictl_version }}
+  unarchive:
+    src: "{{ crictl_dl_url }}"
+    dest: "{{ crictl_bin_path }}"
+    owner: "{{ crictl_file_owner }}"
+    group: "{{ crictl_file_group }}"
+    extra_opts:
+      - crictl
+    remote_src: yes
+
+- name: Crictl command crontab setting
+  ansible.builtin.cron:
+    minute: "0"
+    hour: "3"
+    user: root
+    job: "/usr/local/bin/crictl rmi --prune"
+ 

ansible/roles/security-settings/tasks/main.yml

@@ -13,3 +13,9 @@
 
 - include: banner.yml
   tags: banner
+
+- include: crictl.yml
+  tags: circtl
+
+#- include: admin_set.yml
+# tags: admin_set

build_ami_security/command

@@ -0,0 +1,6 @@
+filename="datasaker-node-packer-ubuntu.pkr.hcl"
+
+echo "packer init ${filename}"
+echo "packer fmt ${filename}"
+echo "packer validate ${filename}"
+echo "packer build ${filename}"