File: _container_setup.yml

package info (click to toggle)
python-mitogen 0.3.44-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,824 kB
  • sloc: python: 24,965; sh: 144; makefile: 74; perl: 19; ansic: 18
file content (94 lines) | stat: -rw-r--r-- 2,491 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
- name: Bootstrap containers
  hosts: all
  strategy: linear
  gather_facts: false
  roles:
    - role: bootstrap

- name: Setup containers
  hosts: all
  strategy: mitogen_free
  # Can't gather facts before here.
  gather_facts: true
  roles:
    - role: package_manager
    - role: packages
    - role: sshd
    - role: sshd_container

  tasks:
    - name: Enable UTF-8 locale on Debian
      copy:
        dest: /etc/locale.gen
        content: |
          en_US.UTF-8 UTF-8
          fr_FR.UTF-8 UTF-8
        mode: u=rw,go=r
      when: ansible_pkg_mgr == 'apt'

    - name: Generate UTF-8 locale on Debian
      command:
        cmd: locale-gen
      changed_when: true
      when: ansible_pkg_mgr == 'apt'

    - name: Write Unicode into /etc/environment
      copy:
        dest: /etc/environment
        content: "UNICODE_SNOWMAN=\u2603\n"
        mode: u=rw,go=r

    - name: Install doas.conf
      copy:
        dest: /etc/doas.conf
        content: |
          permit :mitogen__group
          permit :root
        mode: u=rw,go=

    - name: Set root user password and shell
      user:
        name: root
        password: "{{ 'rootpassword' | password_hash('sha256') }}"
        shell: /bin/bash

    - name: Ensure /var/run/sshd exists
      file:
        path: /var/run/sshd
        state: directory
        mode: u=rwx,go=rx

    - name: Generate SSH host key
      command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
      args:
        creates: /etc/ssh/ssh_host_rsa_key

    - name: Ensure /etc/sentinel exists
      copy:
        dest: /etc/sentinel
        content: |
          i-am-mitogen-test-docker-image
        mode: u=rw,go=r

    - name: Allow remote SSH root login
      lineinfile:
        path: /etc/pam.d/sshd
        regexp: '.*session.*required.*pam_loginuid.so'
        line: session optional pam_loginuid.so

    # Normally this would be removed by systemd-networkd-wait-online. If
    # present ssh works only for root. The message displayed is
    # > System is booting up. Unprivileged users are not permitted to log in
    # > yet. Please come back later. For technical details, see pam_nologin(8).
    - name: Remove login lockout
      file:
        path: /run/nologin
        state: absent

    - name: Install convenience script for running an straced Python
      copy:
        mode: 'u+rwx,go=rx'
        dest: /usr/local/bin/pywrap
        content: |
         #!/bin/bash
         exec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"'