マネージドノードにansibleユーザを作成する - aktnk/til GitHub Wiki

実施すること

• ansible で raspberry pi の環境構築を実施するための前準備の実施

前提条件

• ターゲットホスト(マネージドノード): Raspberry Pi 5
• OS: Raspberry Pi OS(64bit) Kernel version 6.12

手順

ターゲットホスト（マネージドノード）：raspberry pi

1. ansibleユーザー作成

   $ sudo su -
   root@raspi5:~# whoami
   root
   root@raspi5:~# adduser ansible
   Adding user `ansible' ...
   <省略>
   New password:
   Retype new password:
   passwd: password updated successfully
   <省略>
   Adding new user `ansible' to supplemental / extra groups `users' ...
   Adding user `ansible' to group `users' ...
   

2. sudo 有効化

   root@raspi5:~# gpasswd -a ansible sudo
   Adding user ansible to group sudo
   

3. logout

   root@raspi5:~# exit
   logout
   $
   

コントロールノード：WSL2 ubuntu

1. ssh鍵生成

   $ ssh-keygen -t ed25519
   Generating public/private ed25519 key pair.
   Enter file in which to save the key (/home/aktnk/.ssh/id_ed25519): /home/aktnk/.ssh/id_ed25519_ansible
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/aktnk/.ssh/id_ed25519_ansible
   Your public key has been saved in /home/aktnk/.ssh/id_ed25519_ansible.pub
   The key fingerprint is:
   SHA256:************************************************* ******
   The key's randomart image is:
   +--[ED25519 256]--+
   |+.               |
   |...              |
   <省略>
   |B+O.= .          |
   |**.=.+..         |
   +----[SHA256]-----+
   $ 
   

2. ssh公開鍵の保存

   $ ssh-copy-id -o StrictHostKeyChecking=no -i $HOME/.ssh/id_ed25519_ansible.pub ansible@(IPaddress)
   /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/aktnk/.ssh/id_ed25519_ansible.pub"
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
   /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
   (IPaddress)'s password:
   
   Number of key(s) added: 1
   
   Now try logging into the machine, with:   "ssh -o 'StrictHostKeyChecking=no' 'ansible@(IPadderss)'"
   and check to make sure that only the key(s) you wanted were added.
   
   $
   

3. 動作確認

   $ ssh [email protected] -i ~/.ssh/id_ed25519_ansible
   Linux raspi5 6.12.34+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.34-1+rpt1~bookworm (2025-06-26) aarch64
   
   The programs included with the Debian GNU/Linux system are free software;
   the exact distribution terms for each program are described in the
   individual files in /usr/share/doc/*/copyright.
   
   Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
   permitted by applicable law.
   Last login: Sun Jul 27 22:48:21 2025 from ***.***.***.***
   $