60 lines
1.7 KiB
YAML
60 lines
1.7 KiB
YAML
- name: Configura container LXC
|
|
hosts: lxc_containers
|
|
vars:
|
|
ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
|
|
gather_facts: false
|
|
become: yes
|
|
|
|
tasks:
|
|
- name: Wait until SSH is fully ready (Ansible login confirms availability)
|
|
ansible.builtin.wait_for_connection:
|
|
timeout: 600 # fino a 10 minuti (essere generosi per bootstrap lento)
|
|
delay: 5 # aspetta 5s prima di cominciare i tentativi
|
|
|
|
- name: Ensure apt cache is updated (idempotent)
|
|
ansible.builtin.apt:
|
|
update_cache: yes
|
|
# non vogliamo che il primo apt rallenti la connessione dopo wait_for_connection,
|
|
# ma questo garantisce che i task successivi usino pacchetti aggiornati.
|
|
|
|
- name: Ensure SSH is installed
|
|
ansible.builtin.apt:
|
|
name: openssh-server
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Ensure SSH is running
|
|
ansible.builtin.systemd:
|
|
name: ssh
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Configure SSH to allow root login
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitRootLogin"
|
|
line: "PermitRootLogin yes"
|
|
notify: Restart SSH
|
|
|
|
- name: Ensure .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Install authorized_keys for root
|
|
ansible.builtin.copy:
|
|
dest: /root/.ssh/authorized_keys
|
|
content: "{{ ssh_public_key }}"
|
|
mode: "0600"
|
|
owner: root
|
|
group: root
|
|
|
|
#add restart handler
|
|
handlers:
|
|
- name: Restart SSH
|
|
ansible.builtin.systemd:
|
|
name: ssh
|
|
state: restarted
|