動機

這個是用ansible去安裝與設定arch linux遇到的事情記錄在這裡

become_user

會提到這個是為了yay,他不能用root去跑

所以要另外開一個沒有密碼的sudoer

- name: create tmp user sudoer file
  lineinfile:
     path: /etc/sudoers.d/aur_installer-allow-to-sudo-pacman
     state: present
     line: "aur_installer ALL=(ALL) NOPASSWD: /usr/bin/pacman"
     validate: /usr/sbin/visudo -cf %s
     create: yes
- name: install aur_apps
  become: yes
  become_user: aur_installer
  command: "yay -Sy --noconfirm {{ item }}"
  with_items: "{{ aur_apps }}"
- name: remove tmp user
  user:
    name: aur_installer
    state: absent
    remove: yes
- name: remove useless sudoer file
  file:
    path: /etc/sudoers.d/aur_installer-allow-to-sudo-pacman
    state: absent

sysrq & chroot & async

ssh可以chroot,但是沒辦法重開機

但我們還有sysrq,echo b | sudo tee /proc/sysrq-trigger

發完就重開了,所以不能等

- name: reboot target (evil way)
  shell: "sync; sync; sync; echo b | sudo tee /proc/sysrq-trigger"
  async: 123 # 隨便填
  poll: 0 # 不去看有沒有完成

use systemctl

ansible的systemd,會看status code,但是有的service的status code不是ansible想看的,所以會被當成錯誤,直接用command或是shell

multiple lines

就是mutltiple lines

- name: patch css
  lineinfile:
    path: "~{{ user_id }}/theme/{{ item }}"
    line: |
     .login-dialog > StBoxLayout {
        background-color: rgb(248, 160, 201);
        border: 1px solid #cccccc41;
        box-shadow: 0 3px 9px 1px rgba(0, 0, 0, 0.5);
        border-radius: 6px;
        padding: 12px 40px 24px 40px; }

換密碼

要帶password_hash,不然會換成奇怪的東西

- name: change root pw
  user:
    name: root
    password: "{{ root_pw | password_hash('sha512') }}"

callback

role可以用import_roleinclude_role來達成callback效果

主程式 roles/mm/tasks/main.yaml

- name: test include_role
  import_role:
    name: common
    tasks_from: a
  vars:
    arg1: b
    ff: from same layer

callback function roles/mm/tasks/b.yaml

- name: hi
  debug:
    msg: i'm a callback

執行callback的function roles/common/tasks/a.ymal

- name: print str
  debug:
    msg: hello, world
- name: test include_role
  include_role:
    name: mm
    tasks_from: "{{ arg1 }}"
- name: print str
  debug:
    msg: "hello, end, {{ ff }}"

include_role & import_role

如果roles/common/tasks/a.ymal中的include_role改用import_roletasks_from: "{{ arg1 }}"的arg1就不會被展開!!

所以import_role是靜態的,他只會把{{ arg1 }}整個帶進去,把role直接展開

而include_role會經過運算,所以變數會展開,所以是動態的