Merge branch 'master' of github.com:CloudMOA/public-ds-cluster-env

2022-11-29 15:44:55 +09:00
parent 6a7bbf865b f2f93db50a
commit 52977e00e0
6 changed files with 63 additions and 5 deletions
--- a/ansible/roles/security-settings/defaults/main.yml
+++ b/ansible/roles/security-settings/defaults/main.yml
@@ -27,3 +27,17 @@ pwquality_ocredit: -1
 sshrootlogin: 'no'
 sshmainport: 22
 ssh_service_name: sshd
+
+# Crictl setup
+crictl_app: crictl
+crictl_version: 1.25.0
+crictl_os: linux
+crictl_arch: amd64
+crictl_dl_url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/{{ crictl_app }}-v{{ crictl_version }}-{{ crictl_os }}-{{ crictl_arch }}.tar.gz
+crictl_bin_path: /usr/local/bin
+crictl_file_owner: root
+crictl_file_group: root
+
+# temp
+username: 
+password: 
--- a/ansible/roles/security-settings/tasks/admin_set.yml
+++ b/ansible/roles/security-settings/tasks/admin_set.yml
@@ -0,0 +1,14 @@
+---
+- name: key add
+  authorized_key:
+    user: ubuntu
+    state: present
+    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+    manage_dir: False
+
+- name: user change
+  user:
+    name: "{{ username }}"
+    password: "{{ password | password_hash('sha512') }}"
+    state: present
+
--- a/ansible/roles/security-settings/tasks/crictl.yml
+++ b/ansible/roles/security-settings/tasks/crictl.yml
@@ -0,0 +1,18 @@
+---
+- name: Downloading and extracting {{ crictl_app }} {{ crictl_version }}
+  unarchive:
+    src: "{{ crictl_dl_url }}"
+    dest: "{{ crictl_bin_path }}"
+    owner: "{{ crictl_file_owner }}"
+    group: "{{ crictl_file_group }}"
+    extra_opts:
+      - crictl
+    remote_src: yes
+
+- name: Crictl command crontab setting
+  ansible.builtin.cron:
+    minute: "0"
+    hour: "3"
+    user: root
+    job: "/usr/local/bin/crictl rmi --prune"
+ 
--- a/ansible/roles/security-settings/tasks/main.yml
+++ b/ansible/roles/security-settings/tasks/main.yml
@@ -13,3 +13,9 @@

 - include: banner.yml
  tags: banner
+
+- include: crictl.yml
+  tags: circtl
+
+#- include: admin_set.yml
+# tags: admin_set
--- a/build_ami_security/command
+++ b/build_ami_security/command
@@ -0,0 +1,6 @@
+filename="datasaker-node-packer-ubuntu.pkr.hcl"
+
+echo "packer init ${filename}"
+echo "packer fmt ${filename}"
+echo "packer validate ${filename}"
+echo "packer build ${filename}"
--- a/build_ami_security/datasaker-node-packer-ubuntu.pkr.hcl
+++ b/build_ami_security/datasaker-node-packer-ubuntu.pkr.hcl
@@ -39,13 +39,13 @@ source "amazon-ebs" "datasaker-node-ubuntu2004" {
 }

 build {
-  name      = "datasaker-packer"
-  sources   = ["source.amazon-ebs.datasaker-node-ubuntu2004"]
+  name    = "datasaker-packer"
+  sources = ["source.amazon-ebs.datasaker-node-ubuntu2004"]

  provisioner "ansible" {
-    playbook_file   = "../ansible/node_roles.yaml"
-    user            = "ubuntu"
-    extra_arguments = ["--become"]
+    playbook_file    = "../ansible/node_roles.yaml"
+    user             = "ubuntu"
+    extra_arguments  = ["--become"]
    ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
  }
 }