generated from the-liberated-edge/wikijs
75 lines
2.6 KiB
YAML
75 lines
2.6 KiB
YAML
---
|
|
- name: find systemctl service for openssh-server
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
systemctl status ssh.service
|
|
register: ssh_service
|
|
changed_when: false
|
|
failed_when: false
|
|
- name: set fact ssh_service_exists
|
|
ansible.builtin.set_fact:
|
|
ssh_service_exists: '{{ ssh_service.rc == 0 }}'
|
|
- name: install system package openssh-server
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
apt install -y openssh-server
|
|
register: ssh_pkg
|
|
when: not ssh_service_exists
|
|
- name: check openssh server configuration for root access
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
|
|
register: root_access
|
|
changed_when: false
|
|
failed_when: false
|
|
- name: set fact ssh_root_login_allowed
|
|
ansible.builtin.set_fact:
|
|
ssh_root_login_allowed: '{{ root_access.rc == 0 }}'
|
|
- name: configure openssh server to allow root access via ssh
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
|
|
register: sshd_config
|
|
when: not ssh_root_login_allowed
|
|
- name: set fact ssh_server_installed
|
|
ansible.builtin.set_fact:
|
|
ssh_pkg_installed: '{{ ssh_pkg.changed and ssh_pkg.rc == 0 }}'
|
|
- name: enable openssh server systemd service
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
systemctl enable --now ssh.service
|
|
when: ssh_pkg_installed
|
|
- name: set fact sshd_config_touched
|
|
ansible.builtin.set_fact:
|
|
sshd_config_touched: '{{ sshd_config.changed and sshd_config.rc == 0 }}'
|
|
- name: restart openssh server systemd service
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
lxc exec {{ lte_container_name }} -- \
|
|
systemctl restart ssh.service
|
|
when: sshd_config_touched
|
|
- name: find container ip address
|
|
ansible.builtin.command: lxc ls -c=4 -f=compact {{ lte_container_name }}
|
|
register: ipv4
|
|
changed_when: false
|
|
when: sshd_config_touched
|
|
- name: set fact ipv4
|
|
ansible.builtin.set_fact:
|
|
ipv4: '{{ ipv4.stdout_lines[1] }}'
|
|
when: sshd_config_touched
|
|
- name: extract ipv4 address of the linux container
|
|
ansible.builtin.set_fact:
|
|
ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
|
|
when: sshd_config_touched
|
|
- name: ssh-copy-id from server on the Edge to linux container
|
|
ansible.builtin.shell:
|
|
cmd: |-
|
|
sshpass -p {{ lte_container_root_pwd }} \
|
|
ssh-copy-id -o StrictHostKeyChecking=no root@{{ ipv4 }}
|
|
when: sshd_config_touched
|