it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/roles/educontainer/tasks/main.yml
Andreas B. Mundt baba55e05a Optional non-empty passwords for the container user.
2023-02-07 19:15:50 +01:00

173 lines
5 KiB
YAML
Raw Blame History

## Prepare minimal systemd-nspawn containers for educational use.
##
## Port mapping to the host:
##
## container 0: ssh → host port 10000, HTTP → 10100
## container 1: ssh → host port 10001, HTTP → 10101
## ... ... ...
##
## User 'ansible' in the sudo group. Password is empty.
##
- name: stop all containers
command: machinectl stop {{ contname }}{{ "%02d" | format(item|int) }}
register: stop_cont
loop: "{{ containers | reverse}}"
tags:
- never
- stop
- reset
- purge
- name: wait for containers to shut down
pause:
seconds: 30
when: stop_cont.changed | default(false)
tags:
- never
- stop
- reset
- purge
- name: purge all containers
command: machinectl remove {{ contname }}{{ "%02d" | format(item|int) }}
loop: "{{ containers | reverse }}"
tags:
- never
- purge
- name: reset all containers to the template
file:
path: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta
state: absent
loop: "{{ containers | reverse }}"
tags:
- never
- reset
- purge
- name: start all containers
command: machinectl start {{ contname }}{{ "%02d" | format(item|int) }}
loop: "{{ containers | reverse }}"
tags:
- never
- start
- reset
###########
- name: debootstrap minimal system
command:
cmd: >
debootstrap
--include=systemd-container,openssh-server,sudo,python3,auto-apt-proxy
--components=main,contrib,non-free stable
{{ contname }}00 http://deb.debian.org/debian
args:
chdir: /var/lib/machines/
creates: /var/lib/machines/{{ contname }}00
environment:
http_proxy: http://localhost:3142
- name: provide complete apt sources
copy:
src: /etc/apt/sources.list
dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list
remote_src: yes
- name: configure locale
lineinfile:
path: /var/lib/machines/{{ contname }}00/etc/profile
line: 'export LANG=C'
- name: upgrade container
command:
cmd: >
chroot . sh -c '/usr/bin/apt-get update &&
/usr/bin/apt-get full-upgrade --yes'
args:
chdir: /var/lib/machines/{{ contname }}00
- name: provide ansible user account
command:
cmd: >
chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash
-c "Ansible User,,," -G sudo ansible'
args:
chdir: /var/lib/machines/{{ contname }}00
creates: /var/lib/machines/{{ contname }}00/home/ansible
register: user_account
- name: provide empty password for ansible user
command:
cmd: chroot . sh -c "passwd -d ansible"
args:
chdir: /var/lib/machines/{{ contname }}00
when: user_account.changed | default(false) and contpwd | length == 0
- name: provide password for container ansible user
command:
cmd: chroot . sh -c "echo ansible:{{ contpwd }} | chpasswd"
args:
chdir: /var/lib/machines/{{ contname }}00
when: user_account.changed | default(true) and contpwd | length > 0
- name: allow empty passwords in ssh
lineinfile:
path: /var/lib/machines/{{ contname }}00/etc/ssh/sshd_config
insertafter: '#PermitEmptyPasswords no'
line: 'PermitEmptyPasswords yes'
when: user_account.changed | default(false) and contpwd | length == 0
- name: prepare directories
file:
path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }}
state: directory
loop:
- multi-user.target.wants
- sockets.target.wants
- network-online.target.wants
- name: enable systemd-networkd service
file:
src: /lib/systemd/system/{{ item.src }}
dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
state: link
force: yes
loop:
- { src: systemd-networkd.service, dest: dbus-org.freedesktop.network1.service }
- { src: systemd-networkd.service, dest: multi-user.target.wants/systemd-networkd.service }
- { src: systemd-networkd.socket, dest: sockets.target.wants/systemd-networkd.socket }
- { src: systemd-networkd-wait-online.service, dest: network-online.target.wants/systemd-networkd-wait-online.service }
- name: generate links to the initial container
file:
src: "{{ contname }}00"
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}
state: link
loop: "{{ containers[1:] }}"
- name: provide container configuration
template:
src: contcfg.nspawn.j2
dest: /etc/systemd/nspawn/{{ contname}}{{ "%02d" | format(item|int) }}.nspawn
loop: "{{ containers }}"
- name: provide container hostname file
template:
src: hostname.j2
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname
loop: "{{ containers }}"
- name: provide container hosts file
template:
src: hosts.j2
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts
loop: "{{ containers }}"
- name: start all containers on boot and restart now
systemd:
name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
state: restarted
enabled: yes
loop: "{{ containers }}"
Reference in a new issue View git blame Copy permalink