Test

◾️main.yml

1. バックアップ作成

• name: Backup original /etc/hosts
  copy:
  src: /etc/hosts
  dest: /etc/hosts.orig
  remote_src: yes

• name: Create working copy
  copy:
  src: /etc/hosts
  dest: /etc/hosts.work
  remote_src: yes

2. 作業ファイルに反映

• name: Render Ansible managed block
  blockinfile:
  path: /etc/hosts.work
  marker: "# {mark} {{ hosts_manage_marker }}"
  block: |
  {% for e in hosts_manage_entries %}
  {{ e.ip }} {{ e.name }}{% if e.comment is defined %} #{{ e.comment }}{% endif %}
  {% endfor %}

3. 検証（管理外は不変）

• name: Checksum outside managed block (orig)
  shell: |
  sed '/BEGIN {{ hosts_manage_marker }}/,/END {{ hosts_manage_marker }}/d' /etc/hosts.orig | sha256sum
  register: orig_sum
  changed_when: false

• name: Checksum outside managed block (work)
  shell: |
  sed '/BEGIN {{ hosts_manage_marker }}/,/END {{ hosts_manage_marker }}/d' /etc/hosts.work | sha256sum
  register: work_sum
  changed_when: false

• name: Abort if unexpected changes detected
  fail:
  msg: |
  Unexpected change outside Ansible managed block.
  Aborting update.
  when: orig_sum.stdout != work_sum.stdout

4. 構文検証

• name: Validate hosts file
  command: getent hosts localhost

5. 反映（検証後のみ）

• name: Apply verified /etc/hosts
  copy:
  src: /etc/hosts.work
  dest: /etc/hosts
  remote_src: yes
  backup: yes

• hosts: all
  become: yes
  gather_facts: no
  serial: "{{ hosts_manage_serial }}"

  roles:

  • hosts_manage

◾️vars/main.yml

この role が管理する識別子（仕様）

hosts_manage_marker: "ANSIBLE MANAGED HOSTS"

この role が責任を持つ hosts 定義（仕様）

hosts_manage_entries:

• ip: "192.168.1.10"
  name: "app01"
  comment: "コメント"
• ip: "192.168.1.11"
  name: "app02"
  comment: "コメント"

事故防止（仕様）

hosts_manage_serial: 1