From 26b09fb09cb63a53442887f8fddcf00e4c441a8c Mon Sep 17 00:00:00 2001 From: Zolfa Date: Tue, 31 Mar 2020 17:07:18 +0200 Subject: [PATCH] migrate playbook: lxc_ssh.py -> ssh_lxc.py `lxc-ssh.py` removed. All Playbbooks now user `ssh_lxc` connection. `ansible_ssh_lxc_name` variable used to specify container name. Tested and worked correctly with `python==3.8.2` and `ansible==2.9.6` on the controller and `python==2.7` on the target. --- blogs.yaml | 4 +- connection_plugins/lxc_ssh.py | 594 ---------------------------------- ldap.yaml | 4 +- lists.yaml | 4 +- lists2.yaml | 24 +- logger.yaml | 4 +- login.yaml | 4 +- mail.yaml | 4 +- matrix.yaml | 4 +- media.yaml | 4 +- projects.yaml | 4 +- shadow_list.yaml | 4 +- status.yaml | 4 +- team_server.yaml | 4 +- users.yaml | 4 +- web_ca.yaml | 4 +- webmail.yaml | 4 +- wiki.yaml | 4 +- 18 files changed, 44 insertions(+), 638 deletions(-) delete mode 100644 connection_plugins/lxc_ssh.py diff --git a/blogs.yaml b/blogs.yaml index 4e45da2..e092978 100644 --- a/blogs.yaml +++ b/blogs.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: blogs - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: blogs + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: blogs - hosts: blogs roles: - role: dns_record diff --git a/connection_plugins/lxc_ssh.py b/connection_plugins/lxc_ssh.py deleted file mode 100644 index 48401a0..0000000 --- a/connection_plugins/lxc_ssh.py +++ /dev/null @@ -1,594 +0,0 @@ -# Copyright 2016 Pierre Chifflier -# -# SSH + lxc-attach connection module for Ansible 2.0 -# -# Adapted from ansible/plugins/connection/ssh.py -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . -# -import fcntl -import os -import pipes -import pty -import select -import shlex -import subprocess - -from ansible import constants as C -from ansible.compat.six import text_type, binary_type -from ansible.plugins.connection import ConnectionBase -from ansible.utils.path import unfrackpath, makedirs_safe -from ansible.module_utils._text import to_bytes, to_text - -try: - from __main__ import display -except ImportError: - from ansible.utils.display import Display - display = Display() - - -class Connection(ConnectionBase): - transport = 'lxc_ssh' - has_pipelining = True - - - def __init__(self, play_context, new_stdin, *args, **kwargs): - #print args - #print kwargs - super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) - self.host=self._play_context.remote_addr - self.container_name = play_context.docker_extra_args # XXX - - def _connect(self): - ''' connect to the lxc; nothing to do here ''' - display.vvv('XXX connect') - super(Connection, self)._connect() - #self.container_name = self.ssh._play_context.remote_addr - - # self._play_context.ssh_extra_args = "" - #self.container = None - - @staticmethod - def _persistence_controls(command): - ''' - Takes a command array and scans it for ControlPersist and ControlPath - settings and returns two booleans indicating whether either was found. - This could be smarter, e.g. returning false if ControlPersist is 'no', - but for now we do it simple way. - ''' - - controlpersist = False - controlpath = False - - for arg in command: - if 'controlpersist' in arg.lower(): - controlpersist = True - elif 'controlpath' in arg.lower(): - controlpath = True - - return controlpersist, controlpath - - - @staticmethod - def _split_args(argstring): - """ - Takes a string like '-o Foo=1 -o Bar="foo bar"' and returns a - list ['-o', 'Foo=1', '-o', 'Bar=foo bar'] that can be added to - the argument list. The list will not contain any empty elements. - """ - return [to_text(x.strip()) for x in shlex.split(to_bytes(argstring)) if x.strip()] - - - def _add_args(self, explanation, args): - """ - Adds the given args to self._command and displays a caller-supplied - explanation of why they were added. - """ - self._command += args - display.vvvvv('SSH: ' + explanation + ': (%s)' % ')('.join(args), host=self._play_context.remote_addr) - - - def _build_command(self, binary, *other_args): - self._command = [] - self._command += [binary] - self._command += ['-C'] - if self._play_context.verbosity > 3: - self._command += ['-vvv'] - elif binary == 'ssh': - # Older versions of ssh (e.g. in RHEL 6) don't accept sftp -q. - self._command += ['-q'] - # Next, we add [ssh_connection]ssh_args from ansible.cfg. -# if self._play_context.ssh_args: -# args = self._split_args(self._play_context.ssh_args) -# self._add_args("ansible.cfg set ssh_args", args) - # Now we add various arguments controlled by configuration file settings - # (e.g. host_key_checking) or inventory variables (ansible_ssh_port) or - # a combination thereof. - if not C.HOST_KEY_CHECKING: - self._add_args( - "ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled", - ("-o", "StrictHostKeyChecking=no") - ) - if self._play_context.port is not None: - self._add_args( - "ANSIBLE_REMOTE_PORT/remote_port/ansible_port set", - ("-o", "Port={0}".format(self._play_context.port)) - ) - key = self._play_context.private_key_file - if key: - self._add_args( - "ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set", - ("-o", "IdentityFile=\"{0}\"".format(os.path.expanduser(key))) - ) - if not self._play_context.password: - self._add_args( - "ansible_password/ansible_ssh_pass not set", ( - "-o", "KbdInteractiveAuthentication=no", - "-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey", - "-o", "PasswordAuthentication=no" - ) - ) - user = self._play_context.remote_user - if user: - self._add_args( - "ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set", - ("-o", "User={0}".format(to_bytes(self._play_context.remote_user))) - ) - self._add_args( - "ANSIBLE_TIMEOUT/timeout set", - ("-o", "ConnectTimeout={0}".format(self._play_context.timeout)) - ) - # Check if ControlPersist is enabled and add a ControlPath if one hasn't - # already been set. - controlpersist, controlpath = self._persistence_controls(self._command) - if controlpersist: - self._persistent = True - if not controlpath: - cpdir = unfrackpath('$HOME/.ansible/cp') - # The directory must exist and be writable. - makedirs_safe(cpdir, 0o700) - if not os.access(cpdir, os.W_OK): - raise AnsibleError("Cannot write to ControlPath %s" % cpdir) - args = ("-o", "ControlPath={0}".format( - to_bytes(C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=cpdir))) - ) - self._add_args("found only ControlPersist; added ControlPath", args) - ## Finally, we add any caller-supplied extras. - if other_args: - self._command += other_args - return self._command - - - def _send_initial_data(self, fh, in_data): - ''' - Writes initial data to the stdin filehandle of the subprocess and closes - it. (The handle must be closed; otherwise, for example, "sftp -b -" will - just hang forever waiting for more commands.) - ''' - - display.debug('Sending initial data') - - try: - fh.write(in_data) - fh.close() - except (OSError, IOError): - raise AnsibleConnectionFailure('SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh') - - display.debug('Sent initial data (%d bytes)' % len(in_data)) - - # Used by _run() to kill processes on failures - @staticmethod - def _terminate_process(p): - """ Terminate a process, ignoring errors """ - try: - p.terminate() - except (OSError, IOError): - pass - - # This is separate from _run() because we need to do the same thing for stdout - # and stderr. - def _examine_output(self, source, state, chunk, sudoable): - ''' - Takes a string, extracts complete lines from it, tests to see if they - are a prompt, error message, etc., and sets appropriate flags in self. - Prompt and success lines are removed. - - Returns the processed (i.e. possibly-edited) output and the unprocessed - remainder (to be processed with the next chunk) as strings. - ''' - - output = [] - for l in chunk.splitlines(True): - suppress_output = False - - #display.debug("Examining line (source=%s, state=%s): '%s'" % (source, state, l.rstrip('\r\n'))) - if self._play_context.prompt and self.check_password_prompt(l): - display.debug("become_prompt: (source=%s, state=%s): '%s'" % (source, state, l.rstrip('\r\n'))) - self._flags['become_prompt'] = True - suppress_output = True - elif self._play_context.success_key and self.check_become_success(l): - display.debug("become_success: (source=%s, state=%s): '%s'" % (source, state, l.rstrip('\r\n'))) - self._flags['become_success'] = True - suppress_output = True - elif sudoable and self.check_incorrect_password(l): - display.debug("become_error: (source=%s, state=%s): '%s'" % (source, state, l.rstrip('\r\n'))) - self._flags['become_error'] = True - elif sudoable and self.check_missing_password(l): - display.debug("become_nopasswd_error: (source=%s, state=%s): '%s'" % (source, state, l.rstrip('\r\n'))) - self._flags['become_nopasswd_error'] = True - - if not suppress_output: - output.append(l) - - # The chunk we read was most likely a series of complete lines, but just - # in case the last line was incomplete (and not a prompt, which we would - # have removed from the output), we retain it to be processed with the - # next chunk. - - remainder = '' - if output and not output[-1].endswith('\n'): - remainder = output[-1] - output = output[:-1] - - return ''.join(output), remainder - - def _run(self, cmd, in_data, sudoable=True): - ''' - Starts the command and communicates with it until it ends. - ''' - - display_cmd = map(to_text, map(pipes.quote, cmd)) - display.vvv(u'SSH: EXEC {0}'.format(u' '.join(display_cmd)), host=self.host) - - # Start the given command. If we don't need to pipeline data, we can try - # to use a pseudo-tty (ssh will have been invoked with -tt). If we are - # pipelining data, or can't create a pty, we fall back to using plain - # old pipes. - - p = None - - if isinstance(cmd, (text_type, binary_type)): - cmd = to_bytes(cmd) - else: - cmd = map(to_bytes, cmd) - - if not in_data: - try: - # Make sure stdin is a proper pty to avoid tcgetattr errors - master, slave = pty.openpty() - p = subprocess.Popen(cmd, stdin=slave, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdin = os.fdopen(master, 'w', 0) - os.close(slave) - except (OSError, IOError): - p = None - - if not p: - p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdin = p.stdin - - # If we are using SSH password authentication, write the password into - # the pipe we opened in _build_command. - - if self._play_context.password: - os.close(self.sshpass_pipe[0]) - os.write(self.sshpass_pipe[1], "{0}\n".format(to_bytes(self._play_context.password))) - os.close(self.sshpass_pipe[1]) - - ## SSH state machine - # - # Now we read and accumulate output from the running process until it - # exits. Depending on the circumstances, we may also need to write an - # escalation password and/or pipelined input to the process. - - states = [ - 'awaiting_prompt', 'awaiting_escalation', 'ready_to_send', 'awaiting_exit' - ] - - # Are we requesting privilege escalation? Right now, we may be invoked - # to execute sftp/scp with sudoable=True, but we can request escalation - # only when using ssh. Otherwise we can send initial data straightaway. - - state = states.index('ready_to_send') - if b'ssh' in cmd: - if self._play_context.prompt: - # We're requesting escalation with a password, so we have to - # wait for a password prompt. - state = states.index('awaiting_prompt') - display.debug('Initial state: %s: %s' % (states[state], self._play_context.prompt)) - elif self._play_context.become and self._play_context.success_key: - # We're requesting escalation without a password, so we have to - # detect success/failure before sending any initial data. - state = states.index('awaiting_escalation') - display.debug('Initial state: %s: %s' % (states[state], self._play_context.success_key)) - - # We store accumulated stdout and stderr output from the process here, - # but strip any privilege escalation prompt/confirmation lines first. - # Output is accumulated into tmp_*, complete lines are extracted into - # an array, then checked and removed or copied to stdout or stderr. We - # set any flags based on examining the output in self._flags. - - stdout = stderr = '' - tmp_stdout = tmp_stderr = '' - - self._flags = dict( - become_prompt=False, become_success=False, - become_error=False, become_nopasswd_error=False - ) - - # select timeout should be longer than the connect timeout, otherwise - # they will race each other when we can't connect, and the connect - # timeout usually fails - timeout = 2 + self._play_context.timeout - rpipes = [p.stdout, p.stderr] - for fd in rpipes: - fcntl.fcntl(fd, fcntl.F_SETFL, fcntl.fcntl(fd, fcntl.F_GETFL) | os.O_NONBLOCK) - - # If we can send initial data without waiting for anything, we do so - # before we call select. - - if states[state] == 'ready_to_send' and in_data: - self._send_initial_data(stdin, in_data) - state += 1 - - while True: - rfd, wfd, efd = select.select(rpipes, [], [], timeout) - - # We pay attention to timeouts only while negotiating a prompt. - - if not rfd: - if state <= states.index('awaiting_escalation'): - # If the process has already exited, then it's not really a - # timeout; we'll let the normal error handling deal with it. - if p.poll() is not None: - break - self._terminate_process(p) - raise AnsibleError('Timeout (%ds) waiting for privilege escalation prompt: %s' % (timeout, stdout)) - - # Read whatever output is available on stdout and stderr, and stop - # listening to the pipe if it's been closed. - - if p.stdout in rfd: - chunk = p.stdout.read() - if chunk == '': - rpipes.remove(p.stdout) - tmp_stdout += chunk - display.debug("stdout chunk (state=%s):\n>>>%s<<<\n" % (state, chunk)) - - if p.stderr in rfd: - chunk = p.stderr.read() - if chunk == '': - rpipes.remove(p.stderr) - tmp_stderr += chunk - display.debug("stderr chunk (state=%s):\n>>>%s<<<\n" % (state, chunk)) - - # We examine the output line-by-line until we have negotiated any - # privilege escalation prompt and subsequent success/error message. - # Afterwards, we can accumulate output without looking at it. - - if state < states.index('ready_to_send'): - if tmp_stdout: - output, unprocessed = self._examine_output('stdout', states[state], tmp_stdout, sudoable) - stdout += output - tmp_stdout = unprocessed - - if tmp_stderr: - output, unprocessed = self._examine_output('stderr', states[state], tmp_stderr, sudoable) - stderr += output - tmp_stderr = unprocessed - else: - stdout += tmp_stdout - stderr += tmp_stderr - tmp_stdout = tmp_stderr = '' - - # If we see a privilege escalation prompt, we send the password. - # (If we're expecting a prompt but the escalation succeeds, we - # didn't need the password and can carry on regardless.) - - if states[state] == 'awaiting_prompt': - if self._flags['become_prompt']: - display.debug('Sending become_pass in response to prompt') - stdin.write('{0}\n'.format(to_bytes(self._play_context.become_pass ))) - self._flags['become_prompt'] = False - state += 1 - elif self._flags['become_success']: - state += 1 - - # We've requested escalation (with or without a password), now we - # wait for an error message or a successful escalation. - - if states[state] == 'awaiting_escalation': - if self._flags['become_success']: - display.debug('Escalation succeeded') - self._flags['become_success'] = False - state += 1 - elif self._flags['become_error']: - display.debug('Escalation failed') - self._terminate_process(p) - self._flags['become_error'] = False - raise AnsibleError('Incorrect %s password' % self._play_context.become_method) - elif self._flags['become_nopasswd_error']: - display.debug('Escalation requires password') - self._terminate_process(p) - self._flags['become_nopasswd_error'] = False - raise AnsibleError('Missing %s password' % self._play_context.become_method) - elif self._flags['become_prompt']: - # This shouldn't happen, because we should see the "Sorry, - # try again" message first. - display.debug('Escalation prompt repeated') - self._terminate_process(p) - self._flags['become_prompt'] = False - raise AnsibleError('Incorrect %s password' % self._play_context.become_method) - - # Once we're sure that the privilege escalation prompt, if any, has - # been dealt with, we can send any initial data and start waiting - # for output. - - if states[state] == 'ready_to_send': - if in_data: - self._send_initial_data(stdin, in_data) - state += 1 - - # Now we're awaiting_exit: has the child process exited? If it has, - # and we've read all available output from it, we're done. - - if p.poll() is not None: - if not rpipes or not rfd: - break - - # When ssh has ControlMaster (+ControlPath/Persist) enabled, the - # first connection goes into the background and we never see EOF - # on stderr. If we see EOF on stdout and the process has exited, - # we're probably done. We call select again with a zero timeout, - # just to make certain we don't miss anything that may have been - # written to stderr between the time we called select() and when - # we learned that the process had finished. - - if p.stdout not in rpipes: - timeout = 0 - continue - - # If the process has not yet exited, but we've already read EOF from - # its stdout and stderr (and thus removed both from rpipes), we can - # just wait for it to exit. - - elif not rpipes: - p.wait() - break - - # Otherwise there may still be outstanding data to read. - - # close stdin after process is terminated and stdout/stderr are read - # completely (see also issue #848) - stdin.close() - - if C.HOST_KEY_CHECKING: - if cmd[0] == b"sshpass" and p.returncode == 6: - raise AnsibleError('Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host\'s fingerprint to your known_hosts file to manage this host.') - - controlpersisterror = 'Bad configuration option: ControlPersist' in stderr or 'unknown configuration option: ControlPersist' in stderr - if p.returncode != 0 and controlpersisterror: - raise AnsibleError('using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ssh_args in [ssh_connection] section of the config file) before running again') - - if p.returncode == 255 and in_data: - raise AnsibleConnectionFailure('SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh') - - return (p.returncode, stdout, stderr) - - def _exec_command(self, cmd, in_data=None, sudoable=True): - ''' run a command on the remote host ''' - - super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) - - display.vvv(u"ESTABLISH SSH CONNECTION FOR USER: {0}".format(self._play_context.remote_user), host=self._play_context.remote_addr) - - # we can only use tty when we are not pipelining the modules. piping - # data into /usr/bin/python inside a tty automatically invokes the - # python interactive-mode but the modules are not compatible with the - # interactive-mode ("unexpected indent" mainly because of empty lines) - - if in_data: - cmd = self._build_command('ssh', self.host, cmd) - else: - cmd = self._build_command('ssh', '-tt', self.host, cmd) - - (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable) - - return (returncode, stdout, stderr) - - - - def dir_print(self,obj): - for attr_name in dir(obj): - try: - attr_value = getattr(obj, attr_name) - print(attr_name, attr_value, callable(attr_value)) - except: - pass - - - - def exec_command(self, cmd, in_data=None, sudoable=False): - ''' run a command on the chroot ''' - display.vvv('XXX exec_command: %s' % cmd) - super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) - # print dir(self) - # print dir(self._play_context) - # print self._play_context._attributes - # self.dir_print(self._play_context) - # print dir(self._play_context._vars) - # print self._play_context._attributes['vars'] - # vm = self._play_context.get_ds() - # print( vm ) -# raise "blah" - h = self.container_name - lxc_cmd = 'lxc-attach --name %s -- /bin/sh -c %s' \ - % (pipes.quote(h), - pipes.quote(cmd)) - if in_data: - cmd = self._build_command('ssh', self.host, lxc_cmd) - else: - cmd = self._build_command('ssh', '-tt', self.host, lxc_cmd) - #self.ssh.exec_command(lxc_cmd,in_data,sudoable) - (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=sudoable) - return (returncode, stdout, stderr) - - - def put_file(self, in_path, out_path): - ''' transfer a file from local to lxc ''' - display.vvv('XXX put_file %s %s' % (in_path,out_path)) - super(Connection, self).put_file(in_path, out_path) - if not os.path.exists(in_path): - raise errors.AnsibleFileNotFound("file or module does not exist: %s" % in_path) - - with open(in_path,'r') as in_f: - in_data = in_f.read() - cmd = ('cat > %s; echo -n done' % pipes.quote(out_path)) - h = self.container_name - lxc_cmd = 'lxc-attach --name %s -- /bin/sh -c %s' \ - % (pipes.quote(h), - pipes.quote(cmd)) - if in_data: - cmd = self._build_command('ssh', self.host, lxc_cmd) - else: - cmd = self._build_command('ssh', '-tt', self.host, lxc_cmd) - #self.ssh.exec_command(lxc_cmd,in_data,sudoable) - (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=False) - return (returncode, stdout, stderr) - - def fetch_file(self, in_path, out_path): - ''' fetch a file from lxc to local ''' - display.vvv('XXX fetch_file %s %s' % (in_path,out_path)) - super(Connection, self).fetch_file(in_path, out_path) - cmd = ('cat %s' % pipes.quote(in_path)) - h = self.container_name - lxc_cmd = 'lxc-attach --name %s -- /bin/sh -c %s' \ - % (pipes.quote(h), - pipes.quote(cmd)) - in_data = None - if in_data: - cmd = self._build_command('ssh', self.host, lxc_cmd) - else: - cmd = self._build_command('ssh', '-tt', self.host, lxc_cmd) - (returncode, stdout, stderr) = self._run(cmd, in_data, sudoable=False) - if returncode != 0: - raise AnsibleError("failed to transfer file from {0}:\n{1}\n{2}".format(in_path, stdout, stderr)) - with open(out_path,'w') as out_f: - out_f.write(stdout) - - def close(self): - ''' terminate the connection; nothing to do here ''' - display.vvv('XXX close') - super(Connection, self).close() - #self.ssh.close() - self._connected = False diff --git a/ldap.yaml b/ldap.yaml index 55f996f..c841223 100644 --- a/ldap.yaml +++ b/ldap.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: ldap - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: ldap + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: ldap - hosts: ldap roles: - role: dns_record diff --git a/lists.yaml b/lists.yaml index e94f18a..6265bcb 100644 --- a/lists.yaml +++ b/lists.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: lists - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: lists + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: lists - hosts: lists roles: - role: dns_record diff --git a/lists2.yaml b/lists2.yaml index c8629c3..c85be64 100644 --- a/lists2.yaml +++ b/lists2.yaml @@ -1,18 +1,18 @@ --- -# - hosts: biff -# roles: -# - role: lxc_guest -# vm_name: lists -# distro: sid -# - role: ssh_server -# ansible_connection: lxc_ssh -# ansible_docker_extra_args: lists +- hosts: biff + roles: + - role: lxc_guest + vm_name: lists + distro: sid + - role: ssh_server + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: lists - hosts: lists roles: - # - role: dns_record - # - role: reverse_proxy - # hostname: lists2 - - role: mailman3 + - role: dns_record + - role: reverse_proxy + hostname: lists2 + - role: mailman3 - hosts: status roles: - role: icinga2-monitoring diff --git a/logger.yaml b/logger.yaml index aa586dc..943b431 100644 --- a/logger.yaml +++ b/logger.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: logger - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: logger + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: logger - hosts: all tasks: diff --git a/login.yaml b/login.yaml index 887e037..11c9714 100644 --- a/login.yaml +++ b/login.yaml @@ -5,8 +5,8 @@ vm_name: login distro: stretch - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: login + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: login - hosts: login roles: - role: dns_record diff --git a/mail.yaml b/mail.yaml index a08ac6a..7c58cd6 100644 --- a/mail.yaml +++ b/mail.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: mail - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: mail + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: mail - hosts: mail roles: - role: dns_record diff --git a/matrix.yaml b/matrix.yaml index f6e23e4..e0ce72b 100644 --- a/matrix.yaml +++ b/matrix.yaml @@ -5,8 +5,8 @@ vm_name: matrix distro: sid - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: matrix + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: matrix - hosts: matrix roles: - role: dns_record diff --git a/media.yaml b/media.yaml index d0292ca..a3c291f 100644 --- a/media.yaml +++ b/media.yaml @@ -3,8 +3,8 @@ - role: lxc_guest vm_name: media - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: media + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: media - hosts: media roles: - role: dns_record diff --git a/projects.yaml b/projects.yaml index 7b39b36..f17d696 100644 --- a/projects.yaml +++ b/projects.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: projects2 - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: projects2 + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: projects2 - hosts: projects2 roles: - role: dns_record diff --git a/shadow_list.yaml b/shadow_list.yaml index 93222e5..cc836a5 100644 --- a/shadow_list.yaml +++ b/shadow_list.yaml @@ -7,8 +7,8 @@ vm_name: shadow_list distro: stretch - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: shadow_list + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: shadow_list - hosts: shadow_list roles: - role: dns_record diff --git a/status.yaml b/status.yaml index 1a30a6b..ce4a5e3 100644 --- a/status.yaml +++ b/status.yaml @@ -4,8 +4,8 @@ vm_name: status distro: stretch - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: status + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: status - hosts: status roles: - role: dns_record diff --git a/team_server.yaml b/team_server.yaml index 243d2ec..c06472f 100644 --- a/team_server.yaml +++ b/team_server.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: team - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: team + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: team - hosts: team roles: - role: mattermost diff --git a/users.yaml b/users.yaml index 221bd8c..823c834 100644 --- a/users.yaml +++ b/users.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: users - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: users + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: users - hosts: users roles: - role: dns_record diff --git a/web_ca.yaml b/web_ca.yaml index b64d79a..e2ebc22 100644 --- a/web_ca.yaml +++ b/web_ca.yaml @@ -5,8 +5,8 @@ vm_name: ca distro: sid - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: ca + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: ca - hosts: ca roles: diff --git a/webmail.yaml b/webmail.yaml index 05b2f1b..739985e 100644 --- a/webmail.yaml +++ b/webmail.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: webmail - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: webmail + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: webmail - hosts: webmail roles: - role: dns_record diff --git a/wiki.yaml b/wiki.yaml index f303fa4..949492a 100644 --- a/wiki.yaml +++ b/wiki.yaml @@ -4,8 +4,8 @@ - role: lxc_guest vm_name: wiki - role: ssh_server - ansible_connection: lxc_ssh - ansible_docker_extra_args: wiki + ansible_connection: ssh_lxc + ansible_ssh_lxc_name: wiki - hosts: wiki roles: - role: dns_record