動機
這個是用ansible去安裝與設定arch linux遇到的事情記錄在這裡
become_user
會提到這個是為了yay,他不能用root去跑
所以要另外開一個沒有密碼的sudoer
- name: create tmp user sudoer file
lineinfile:
path: /etc/sudoers.d/aur_installer-allow-to-sudo-pacman
state: present
line: "aur_installer ALL=(ALL) NOPASSWD: /usr/bin/pacman"
validate: /usr/sbin/visudo -cf %s
create: yes
- name: install aur_apps
become: yes
become_user: aur_installer
command: "yay -Sy --noconfirm {{ item }}"
with_items: "{{ aur_apps }}"
- name: remove tmp user
user:
name: aur_installer
state: absent
remove: yes
- name: remove useless sudoer file
file:
path: /etc/sudoers.d/aur_installer-allow-to-sudo-pacman
state: absent
sysrq & chroot & async
ssh可以chroot,但是沒辦法重開機
但我們還有sysrq,echo b | sudo tee /proc/sysrq-trigger
發完就重開了,所以不能等
- name: reboot target (evil way)
shell: "sync; sync; sync; echo b | sudo tee /proc/sysrq-trigger"
async: 123 # 隨便填
poll: 0 # 不去看有沒有完成
use systemctl
ansible的systemd,會看status code,但是有的service的status code不是ansible想看的,所以會被當成錯誤,直接用command
或是shell
吧
multiple lines
就是mutltiple lines
- name: patch css
lineinfile:
path: "~{{ user_id }}/theme/{{ item }}"
line: |
.login-dialog > StBoxLayout {
background-color: rgb(248, 160, 201);
border: 1px solid #cccccc41;
box-shadow: 0 3px 9px 1px rgba(0, 0, 0, 0.5);
border-radius: 6px;
padding: 12px 40px 24px 40px; }
換密碼
要帶password_hash,不然會換成奇怪的東西
- name: change root pw
user:
name: root
password: "{{ root_pw | password_hash('sha512') }}"
callback
role可以用import_role
與include_role
來達成callback效果
主程式
roles/mm/tasks/main.yaml
- name: test include_role
import_role:
name: common
tasks_from: a
vars:
arg1: b
ff: from same layer
callback function
roles/mm/tasks/b.yaml
- name: hi
debug:
msg: i'm a callback
執行callback的function
roles/common/tasks/a.ymal
- name: print str
debug:
msg: hello, world
- name: test include_role
include_role:
name: mm
tasks_from: "{{ arg1 }}"
- name: print str
debug:
msg: "hello, end, {{ ff }}"
include_role & import_role
如果roles/common/tasks/a.ymal
中的include_role
改用import_role
,
tasks_from: "{{ arg1 }}"
的arg1就不會被展開!!
所以import_role是靜態的,他只會把{{ arg1 }}
整個帶進去,把role直接展開
而include_role會經過運算,所以變數會展開,所以是動態的