Add mount service

roles/vm_mount/files/lmn-parse-vminfo

@@ -0,0 +1,47 @@
+#!/usr/bin/python3
+from impacket.krb5.ccache import CCache
+from base64 import b64decode
+import json, os, os.path, sys, stat, subprocess
+
+if not os.path.isfile("/media/host/.vminfo.json"):
+    try:
+        subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "VM-Data", "/media/host"])
+    except:
+        subprocess.run(["/usr/bin/mount", "-t", "virtiofs", "Home_Linux", "/media/host"])
+
+if not os.path.isfile("/media/host/.vminfo.json"):
+    print("/media/host/.vminfo.json not found",file=sys.stderr)
+    exit(1)
+
+with open("/media/host/.vminfo.json") as f:
+    data = json.load(f)
+
+user = data["User"]
+krbcred = b64decode(data["krb5"]["cred"])
+
+if os.path.isfile("/tmp/krb5cc_1000"):
+    os.remove("/tmp/krb5cc_1000")
+
+if os.path.isfile("/tmp/krb5cc_0"):
+    os.remove("/tmp/krb5cc_0")
+
+ccache = CCache()
+ccache.fromKRBCRED(krbcred)
+ccache.saveFile("/tmp/krb5cc_1000")
+ccache.saveFile("/tmp/krb5cc_0")
+
+if os.path.isfile("/tmp/krb5cc_1000"):
+    os.chown("/tmp/krb5cc_1000",1000,1000)
+    os.chmod("/tmp/krb5cc_1000",stat.S_IRUSR | stat.S_IWUSR)
+
+if os.path.isfile("/tmp/krb5cc_0"):
+    os.chown("/tmp/krb5cc_0",0,0)
+    os.chmod("/tmp/krb5cc_0",stat.S_IRUSR | stat.S_IWUSR)
+
+mounts = data["Mounts"]
+for mount in mounts:
+    directory = f"/lmn/media/{mount['Name']}"
+    if not os.path.exists(directory):
+        os.makedirs(directory)
+    if not os.path.ismount(directory):
+        subprocess.run(["/usr/bin/mount", "-t", "cifs", mount['RemotePath'], directory ,"-o", f"sec=krb5i,username={user},cruid=1000,uid=1000,gid=1000"])

roles/vm_mount/files/lmn-vminfo.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Parse .vminfo.json and inject Host-User Kerberos-Ticket
+Requires=remote-fs.target
+Requires=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/python3 /usr/local/bin/lmn-parse-vminfo
+RemainAfterExit=false

roles/vm_mount/files/lmn-vminfo.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=Timer for lmn-vminfo
+Requires=remote-fs.target
+After=network-online.target
+
+[Timer]
+OnActiveSec=5s
+OnUnitActiveSec=1h
+Persistent=true
+
+[Install]
+WantedBy=multi-user.target

roles/vm_mount/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+
+- name: Install packages for lmn-vminfo.service
+  ansible.builtin.apt:
+    name:
+      - cifs-utils
+      - krb5-user
+      - python3-pip
+
+- name: Provide lmn-parse-vminfo script
+  ansible.builtin.copy:
+    src: lmn-parse-vminfo
+    dest: /usr/local/bin/lmn-parse-vminfo
+    mode: '0755'
+
+- name: Install impacket pip package
+  ansible.builtin.pip:
+    name: impacket
+    break_system_packages: true
+
+- name: Provide lmn-vminfo.service and timer
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: '0644'
+  loop:
+    - lmn-vminfo.service
+    - lmn-vminfo.timer
+
+- name: Enable lmn-vminfo.timer
+  ansible.builtin.systemd:
+    name: lmn-vminfo.timer
+    enabled: true