generated from the-liberated-edge/wikijs
i-1 Introduces an Ansible playbook for linux-container with SSH access #2
@ -7,3 +7,4 @@
|
||||
vars:
|
||||
lte_debian_version: bookworm
|
||||
lte_container_name: '{{ molecule_yml.platforms[0].name }}'
|
||||
lte_container_root_pwd: '{{ lookup("ansible.builtin.env", "LTE_CONTAINER_ROOT_PWD") }}'
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
register: state
|
||||
changed_when: false
|
||||
with_items: '{{ molecule_yml.platforms }}'
|
||||
- name: stop running containers
|
||||
- name: stop and remove running containers
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
lxc stop {{ item.name }} && \
|
||||
|
||||
@ -8,5 +8,26 @@
|
||||
register: state
|
||||
with_items: '{{ molecule_yml.platforms }}'
|
||||
- name: verify launched container is running
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout
|
||||
- name: find container ip address
|
||||
ansible.builtin.command: lxc ls -c=4 -f=compact {{ item.name }}
|
||||
register: ipv4_raw
|
||||
with_items: '{{ molecule_yml.platforms }}'
|
||||
- name: set ipv4 address string as a fact
|
||||
ansible.builtin.set_fact:
|
||||
ipv4: '{{ ipv4_raw.results[0].stdout_lines[1] }}'
|
||||
- name: extract ipv4 address of the linux container
|
||||
ansible.builtin.set_fact:
|
||||
ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
|
||||
- name: load root password from environment variable
|
||||
ansible.builtin.set_fact:
|
||||
root_pwd: "{{ lookup('ansible.builtin.env', 'LTE_CONTAINER_ROOT_PWD') }}"
|
||||
- name: connect via ssh to linux container
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
sshpass -p{{ root_pwd }} ssh -o ConnectTimeout=1 root@{{ ipv4 }} exit;
|
||||
register: ssh
|
||||
- name: verify ssh connection to linux container
|
||||
ansible.builtin.assert:
|
||||
that: ssh.rc == 0
|
||||
|
||||
@ -10,3 +10,10 @@
|
||||
images:debian/{{ lte_debian_version }}/cloud \
|
||||
{{ lte_container_name }}
|
||||
when: (container_state.rc == 1) or ("RUNNING" not in container_state.stdout)
|
||||
- name: update apt cache and upgrade system packages
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
bash -c \
|
||||
'/usr/bin/apt update && /usr/bin/apt upgrade -y'
|
||||
changed_when: false
|
||||
|
||||
@ -1,2 +1,4 @@
|
||||
---
|
||||
- include_tasks: container.yml
|
||||
- ansible.builtin.include_tasks: container.yml
|
||||
- ansible.builtin.include_tasks: ume.yml
|
||||
- ansible.builtin.include_tasks: openssh-server.yml
|
||||
|
||||
@ -0,0 +1,74 @@
|
||||
---
|
||||
- name: find systemctl service for openssh-server
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
systemctl status ssh.service
|
||||
register: ssh_service
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
- name: set fact ssh_service_exists
|
||||
ansible.builtin.set_fact:
|
||||
ssh_service_exists: '{{ ssh_service.rc == 0 }}'
|
||||
- name: install system package openssh-server
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
apt install -y openssh-server
|
||||
register: ssh_pkg
|
||||
when: not ssh_service_exists
|
||||
- name: check openssh server configuration for root access
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
|
||||
register: root_access
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
- name: set fact ssh_root_login_allowed
|
||||
ansible.builtin.set_fact:
|
||||
ssh_root_login_allowed: '{{ root_access.rc == 0 }}'
|
||||
- name: configure openssh server to allow root access via ssh
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
|
||||
register: sshd_config
|
||||
when: not ssh_root_login_allowed
|
||||
- name: set fact ssh_server_installed
|
||||
ansible.builtin.set_fact:
|
||||
ssh_pkg_installed: '{{ ssh_pkg.changed and ssh_pkg.rc == 0 }}'
|
||||
- name: enable openssh server systemd service
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
systemctl enable --now ssh.service
|
||||
when: ssh_pkg_installed
|
||||
- name: set fact sshd_config_touched
|
||||
ansible.builtin.set_fact:
|
||||
sshd_config_touched: '{{ sshd_config.changed and sshd_config.rc == 0 }}'
|
||||
- name: restart openssh server systemd service
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
systemctl restart ssh.service
|
||||
when: sshd_config_touched
|
||||
- name: find container ip address
|
||||
ansible.builtin.command: lxc ls -c=4 -f=compact {{ lte_container_name }}
|
||||
register: ipv4
|
||||
changed_when: false
|
||||
when: sshd_config_touched
|
||||
- name: set fact ipv4
|
||||
ansible.builtin.set_fact:
|
||||
ipv4: '{{ ipv4.stdout_lines[1] }}'
|
||||
when: sshd_config_touched
|
||||
- name: extract ipv4 address of the linux container
|
||||
ansible.builtin.set_fact:
|
||||
ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
|
||||
when: sshd_config_touched
|
||||
- name: ssh-copy-id from server on the Edge to linux container
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
sshpass -p {{ lte_container_root_pwd }} \
|
||||
ssh-copy-id -o StrictHostKeyChecking=no root@{{ ipv4 }}
|
||||
when: sshd_config_touched
|
||||
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: change root user password in container
|
||||
ansible.builtin.shell:
|
||||
cmd: |-
|
||||
lxc exec {{ lte_container_name }} -- \
|
||||
bash -c \
|
||||
'echo "root:{{ lte_container_root_pwd }}" | chpasswd'
|
||||
changed_when: false
|
||||
Loading…
x
Reference in New Issue
Block a user