Add publickey vApp property;Configure SSH;Housekeeping

2021-06-14 12:31:01 +02:00 · 2021-06-14 12:31:01 +02:00 · 5af4d729ef
parent 73c266632c
commit 5af4d729ef
3 changed files with 21 additions and 1 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
@ -5,6 +5,19 @@
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
+- name: Save root SSH publickey
+  ansible.builtin.lineinfile:
+    path: /root/.ssh/authorized_keys
+    line: "{{ ovfproperties['guestinfo.rootsshkey'] }}"
+- name: Disable SSH password authentication
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: "{{ item.regex }}"
+    line: "{{ item.line }}"
+    state: "{{ item.state }}"
+  loop:
+  - { regex: '$#PasswordAuthentication', line: 'PasswordAuthentication no', state: ''}
+  - { regex: '', line: 'PasswordAuthentication yes', state: absent}
 - name: Delete 'ubuntu' user
  ansible.builtin.user:
    name: ubuntu
--- a/ansible/roles/os/tasks/snapd.yml
+++ b/ansible/roles/os/tasks/snapd.yml
@ -5,7 +5,7 @@
    purge: yes
 - name: Delete leftover files
  ansible.builtin.file:
-    path: /root/snapd
+    path: /root/snap
    state: absent
 - name: Hold snapd package
  ansible.builtin.dpkg_selections:
--- a/scripts/Update-OvfConfiguration.yml
+++ b/scripts/Update-OvfConfiguration.yml
@ -37,6 +37,13 @@ PropertyCategories:
    DefaultValue: ''
    Configurations: '*'
    UserConfigurable: true
+  - Key: guestinfo.rootsshkey
+    Type: string(1..)
+    Label: Local root SSH public key*
+    Description: This line should start with 'ssh-rsa AAAAB3N'
+    DefaultValue: ''
+    Configurations: '*'
+    UserConfigurable: true
  - Key: guestinfo.ntpserver
    Type: string(1..)
    Label: Time server*