Merge "Stop installing openssh and rsync to containers"
This commit is contained in:
commit
3d6a3d812d
|
@ -123,18 +123,6 @@ lxc_net6_nat: false
|
||||||
lxc_kernel_options:
|
lxc_kernel_options:
|
||||||
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
||||||
|
|
||||||
lxc_cache_sshd_configuration:
|
|
||||||
- regexp: "^PermitRootLogin"
|
|
||||||
line: "PermitRootLogin prohibit-password"
|
|
||||||
- regexp: "^TCPKeepAlive"
|
|
||||||
line: "TCPKeepAlive yes"
|
|
||||||
- regexp: "^UseDNS"
|
|
||||||
line: "UseDNS no"
|
|
||||||
- regexp: "^X11Forwarding"
|
|
||||||
line: "X11Forwarding no"
|
|
||||||
- regexp: "^PasswordAuthentication"
|
|
||||||
line: "PasswordAuthentication no"
|
|
||||||
|
|
||||||
# The compression ratio used when creating the container cache rootfs archive
|
# The compression ratio used when creating the container cache rootfs archive
|
||||||
lxc_image_compression_ratio: 0
|
lxc_image_compression_ratio: 0
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
SSHD and rsync are no longer installed or configured for all containers.
|
||||||
|
This also deprecates usage of ``lxc_container_ssh_key`` and variable
|
||||||
|
has no effect any longer.
|
|
@ -67,18 +67,6 @@
|
||||||
poll: 0
|
poll: 0
|
||||||
register: _lxc_cache_prepare_commands
|
register: _lxc_cache_prepare_commands
|
||||||
|
|
||||||
- name: Obtain the deploy system's ssh public key
|
|
||||||
set_fact:
|
|
||||||
lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
|
|
||||||
when: lxc_container_ssh_key is not defined
|
|
||||||
|
|
||||||
- name: Deploy ssh public key into the cached image
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys"
|
|
||||||
line: "{{ lxc_container_ssh_key }}"
|
|
||||||
create: true
|
|
||||||
mode: "0600"
|
|
||||||
|
|
||||||
# NOTE(cloudnull): Wait for the cache preparation script has completed before
|
# NOTE(cloudnull): Wait for the cache preparation script has completed before
|
||||||
# building the new RootFS
|
# building the new RootFS
|
||||||
- name: Ensure that the LXC cache has been prepared
|
- name: Ensure that the LXC cache has been prepared
|
||||||
|
@ -98,11 +86,3 @@
|
||||||
src: sudoers.j2
|
src: sudoers.j2
|
||||||
when:
|
when:
|
||||||
- ansible_facts['pkg_mgr'] == 'dnf'
|
- ansible_facts['pkg_mgr'] == 'dnf'
|
||||||
|
|
||||||
- name: Adjust sshd configuration in container
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config"
|
|
||||||
regexp: "{{ item.regexp }}"
|
|
||||||
line: "{{ item.line }}"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ lxc_cache_sshd_configuration }}"
|
|
||||||
|
|
|
@ -13,24 +13,6 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Check for the presence of a public key file on the deployment host
|
|
||||||
stat:
|
|
||||||
path: /root/.ssh/id_rsa.pub
|
|
||||||
register: _ssh_key
|
|
||||||
when: lxc_container_ssh_key is undefined
|
|
||||||
delegate_to: localhost
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Fail if a ssh public key is not set in a var and is not present on the deployment host
|
|
||||||
fail:
|
|
||||||
msg: "Please set the lxc_container_ssh_key variable or ensure that the deployment host has the file /root/.ssh/id_rsa.pub present."
|
|
||||||
when:
|
|
||||||
- lxc_container_ssh_key is undefined
|
|
||||||
- not _ssh_key.stat.exists
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
- name: Gather variables for each operating system
|
- name: Gather variables for each operating system
|
||||||
include_vars: "{{ lookup('first_found', params) }}"
|
include_vars: "{{ lookup('first_found', params) }}"
|
||||||
vars:
|
vars:
|
||||||
|
|
|
@ -46,10 +46,9 @@ _lxc_cache_distro_packages:
|
||||||
- libxml2
|
- libxml2
|
||||||
- locales
|
- locales
|
||||||
- netbase
|
- netbase
|
||||||
- openssh-server
|
- procps # needed for sysctl-container.service
|
||||||
- python3
|
- python3
|
||||||
- "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}"
|
- "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}"
|
||||||
- rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets
|
|
||||||
- sudo
|
- sudo
|
||||||
- systemd
|
- systemd
|
||||||
- systemd-sysv
|
- systemd-sysv
|
||||||
|
|
|
@ -42,12 +42,10 @@ _lxc_cache_distro_packages:
|
||||||
- iputils
|
- iputils
|
||||||
- iproute
|
- iproute
|
||||||
- libxml2
|
- libxml2
|
||||||
- openssh-server
|
|
||||||
- policycoreutils
|
- policycoreutils
|
||||||
- procps
|
- procps
|
||||||
- python3
|
- python3
|
||||||
- python3-libs
|
- python3-libs
|
||||||
- rsync # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets
|
|
||||||
- setup
|
- setup
|
||||||
- sudo
|
- sudo
|
||||||
- systemd
|
- systemd
|
||||||
|
|
Loading…
Reference in New Issue