Add publickey vApp property;Configure SSH;Housekeeping

ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml

@@ -5,6 +5,19 @@
     generate_ssh_key: yes
     ssh_key_bits: 2048
     ssh_key_file: .ssh/id_rsa
+- name: Save root SSH publickey
+  ansible.builtin.lineinfile:
+    path: /root/.ssh/authorized_keys
+    line: "{{ ovfproperties['guestinfo.rootsshkey'] }}"
+- name: Disable SSH password authentication
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: "{{ item.regex }}"
+    line: "{{ item.line }}"
+    state: "{{ item.state }}"
+  loop:
+  - { regex: '$#PasswordAuthentication', line: 'PasswordAuthentication no', state: ''}
+  - { regex: '', line: 'PasswordAuthentication yes', state: absent}
 - name: Delete 'ubuntu' user
   ansible.builtin.user:
     name: ubuntu

ansible/roles/os/tasks/snapd.yml

@@ -5,7 +5,7 @@
     purge: yes
 - name: Delete leftover files
   ansible.builtin.file:
-    path: /root/snapd
+    path: /root/snap
     state: absent
 - name: Hold snapd package
   ansible.builtin.dpkg_selections:

scripts/Update-OvfConfiguration.yml

@@ -37,6 +37,13 @@ PropertyCategories:
     DefaultValue: ''
     Configurations: '*'
     UserConfigurable: true
+  - Key: guestinfo.rootsshkey
+    Type: string(1..)
+    Label: Local root SSH public key*
+    Description: This line should start with 'ssh-rsa AAAAB3N'
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
   - Key: guestinfo.ntpserver
     Type: string(1..)
     Label: Time server*