crictl, crontab 추가
This commit is contained in:
havelight-ee
@@ -27,3 +27,17 @@ pwquality_ocredit: -1
|
|||||||
sshrootlogin: 'no'
|
sshrootlogin: 'no'
|
||||||
sshmainport: 22
|
sshmainport: 22
|
||||||
ssh_service_name: sshd
|
ssh_service_name: sshd
|
||||||
|
|
||||||
|
# Crictl setup
|
||||||
|
crictl_app: crictl
|
||||||
|
crictl_version: 1.25.0
|
||||||
|
crictl_os: linux
|
||||||
|
crictl_arch: amd64
|
||||||
|
crictl_dl_url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ crictl_version }}/{{ crictl_app }}-v{{ crictl_version }}-{{ crictl_os }}-{{ crictl_arch }}.tar.gz
|
||||||
|
crictl_bin_path: /usr/local/bin
|
||||||
|
crictl_file_owner: root
|
||||||
|
crictl_file_group: root
|
||||||
|
|
||||||
|
# temp
|
||||||
|
username:
|
||||||
|
password:
|
||||||
|
|||||||
14
ansible/roles/security-settings/tasks/admin_set.yml
Executable file
14
ansible/roles/security-settings/tasks/admin_set.yml
Executable file
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: key add
|
||||||
|
authorized_key:
|
||||||
|
user: ubuntu
|
||||||
|
state: present
|
||||||
|
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
|
||||||
|
manage_dir: False
|
||||||
|
|
||||||
|
- name: user change
|
||||||
|
user:
|
||||||
|
name: "{{ username }}"
|
||||||
|
password: "{{ password | password_hash('sha512') }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
18
ansible/roles/security-settings/tasks/crictl.yml
Executable file
18
ansible/roles/security-settings/tasks/crictl.yml
Executable file
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
- name: Downloading and extracting {{ crictl_app }} {{ crictl_version }}
|
||||||
|
unarchive:
|
||||||
|
src: "{{ crictl_dl_url }}"
|
||||||
|
dest: "{{ crictl_bin_path }}"
|
||||||
|
owner: "{{ crictl_file_owner }}"
|
||||||
|
group: "{{ crictl_file_group }}"
|
||||||
|
extra_opts:
|
||||||
|
- crictl
|
||||||
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: Crictl command crontab setting
|
||||||
|
ansible.builtin.cron:
|
||||||
|
minute: "0"
|
||||||
|
hour: "3"
|
||||||
|
user: root
|
||||||
|
job: "/usr/local/bin/crictl rmi --prune"
|
||||||
|
|
||||||
@@ -13,3 +13,9 @@
|
|||||||
|
|
||||||
- include: banner.yml
|
- include: banner.yml
|
||||||
tags: banner
|
tags: banner
|
||||||
|
|
||||||
|
- include: crictl.yml
|
||||||
|
tags: circtl
|
||||||
|
|
||||||
|
#- include: admin_set.yml
|
||||||
|
# tags: admin_set
|
||||||
|
|||||||
6
build_ami_security/command
Executable file
6
build_ami_security/command
Executable file
@@ -0,0 +1,6 @@
|
|||||||
|
filename="datasaker-node-packer-ubuntu.pkr.hcl"
|
||||||
|
|
||||||
|
echo "packer init ${filename}"
|
||||||
|
echo "packer fmt ${filename}"
|
||||||
|
echo "packer validate ${filename}"
|
||||||
|
echo "packer build ${filename}"
|
||||||
@@ -39,13 +39,13 @@ source "amazon-ebs" "datasaker-node-ubuntu2004" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
build {
|
build {
|
||||||
name = "datasaker-packer"
|
name = "datasaker-packer"
|
||||||
sources = ["source.amazon-ebs.datasaker-node-ubuntu2004"]
|
sources = ["source.amazon-ebs.datasaker-node-ubuntu2004"]
|
||||||
|
|
||||||
provisioner "ansible" {
|
provisioner "ansible" {
|
||||||
playbook_file = "../ansible/node_roles.yaml"
|
playbook_file = "../ansible/node_roles.yaml"
|
||||||
user = "ubuntu"
|
user = "ubuntu"
|
||||||
extra_arguments = ["--become"]
|
extra_arguments = ["--become"]
|
||||||
ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
|
ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user