i-1 Introduces an Ansible playbook for linux-container with SSH access

# Issue

This PR implements the following [issue](the-liberated-edge/test-linux-containers#1).

# Acceptance criteria

- [x] A playbook for launching LXD Debian container with parameterized container name and OS version has been implemented.
- [x] The newly launched Linux containers can be connected to and administered via SSH.
- [x] The playbook has been part of an Ansible collection named theliberatededge.test_linux_containers.
- [x] Setup and getting started technical documentation has been added to README.md.

Co-authored-by: emo <esimeonov@gmail.com>
Reviewed-on: #2

roles/linux_container/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/linux_container/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+lte_debian_version: bookworm

roles/linux_container/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+...

roles/linux_container/meta/main.yml

@@ -0,0 +1,50 @@
+---
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/linux_container/tasks/container.yml

@@ -0,0 +1,19 @@
+---
+- name: find current container state
+  ansible.builtin.command: lxc ls {{ lte_container_name }}
+  register: container_state
+  changed_when: false
+- name: launch debian bookworm linux container
+  ansible.builtin.shell:
+    cmd: |
+      lxc launch \
+        images:debian/{{ lte_debian_version }}/cloud \
+        {{ lte_container_name }}
+  when: (container_state.rc == 1) or ("RUNNING" not in container_state.stdout)
+- name: update apt cache and upgrade system packages
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+        bash -c \
+          '/usr/bin/apt update && /usr/bin/apt upgrade -y'
+  changed_when: false

roles/linux_container/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- ansible.builtin.include_tasks: container.yml
+- ansible.builtin.include_tasks: ume.yml
+- ansible.builtin.include_tasks: openssh-server.yml

roles/linux_container/tasks/openssh-server.yml

@@ -0,0 +1,74 @@
+---
+- name: find systemctl service for openssh-server
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl status ssh.service
+  register: ssh_service
+  changed_when: false
+  failed_when: false
+- name: set fact ssh_service_exists
+  ansible.builtin.set_fact:
+    ssh_service_exists: '{{ ssh_service.rc == 0 }}'
+- name: install system package openssh-server
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          apt install -y openssh-server
+  register: ssh_pkg
+  when: not ssh_service_exists
+- name: check openssh server configuration for root access
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
+  register: root_access
+  changed_when: false
+  failed_when: false
+- name: set fact ssh_root_login_allowed
+  ansible.builtin.set_fact:
+    ssh_root_login_allowed: '{{ root_access.rc == 0 }}'
+- name: configure openssh server to allow root access via ssh
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
+  register: sshd_config
+  when: not ssh_root_login_allowed
+- name: set fact ssh_server_installed
+  ansible.builtin.set_fact:
+    ssh_pkg_installed: '{{ ssh_pkg.changed and ssh_pkg.rc == 0 }}'
+- name: enable openssh server systemd service
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl enable --now ssh.service
+  when: ssh_pkg_installed
+- name: set fact sshd_config_touched
+  ansible.builtin.set_fact:
+    sshd_config_touched: '{{ sshd_config.changed and sshd_config.rc == 0 }}'
+- name: restart openssh server systemd service
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl restart ssh.service
+  when: sshd_config_touched
+- name: find container ip address
+  ansible.builtin.command: lxc ls -c=4 -f=compact {{ lte_container_name }}
+  register: ipv4
+  changed_when: false
+  when: sshd_config_touched
+- name: set fact ipv4
+  ansible.builtin.set_fact:
+    ipv4: '{{ ipv4.stdout_lines[1] }}'
+  when: sshd_config_touched
+- name: extract ipv4 address of the linux container
+  ansible.builtin.set_fact:
+    ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
+  when: sshd_config_touched
+- name: ssh-copy-id from server on the Edge to linux container
+  ansible.builtin.shell:
+    cmd: |-
+      sshpass -p {{ lte_container_root_pwd }} \
+          ssh-copy-id -o StrictHostKeyChecking=no root@{{ ipv4 }}
+  when: sshd_config_touched

roles/linux_container/tasks/ume.yml

@@ -0,0 +1,8 @@
+---
+- name: change root user password in container
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          bash -c \
+          'echo "root:{{ lte_container_root_pwd }}" | chpasswd'
+  changed_when: false

roles/linux_container/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/linux_container/tests/test.yml

@@ -0,0 +1,4 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles: [linux_container]

roles/linux_container/vars/main.yml

@@ -0,0 +1,2 @@
+---
+...