feat: configure host system (#12)

2025-04-16 11:33:43 +03:00 · 2023-05-05 21:23:16 +00:00 · 2023-05-05 21:23:16 +00:00 · abffb756d6
parent 0822715a25
commit abffb756d6
4 changed files with 44 additions and 2 deletions
--- a/forge-pod.yml
+++ b/forge-pod.yml
@ -71,9 +71,20 @@ spec:
      image: setup
      volumeMounts:
        - mountPath: /certs
-          subPath: ssh
          name: ublue-os_forge-certs-pvc
          readOnly: true
+      env:
+        - name: ANSIBLE_FORGE_HOST_USER
+          valueFrom:
+            secretKeyRef:
+              name: ublue-os_forge-secure
+              key: ANSIBLE_FORGE_HOST_USER
+
+        - name: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ublue-os_forge-secure
+              key: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
      workingDir: /ansible
      command:
        - ansible-playbook
--- a/setup/Containerfile
+++ b/setup/Containerfile
@ -1,6 +1,9 @@
 # Source Image
 FROM docker.io/library/python:alpine3.17

+# Install SSH
+RUN apk add openssh
+
 # Install ansible and dependencies
 WORKDIR /ansible
 COPY ./ansible .
--- a/setup/ansible/ansible.cfg
+++ b/setup/ansible/ansible.cfg
@ -7,6 +7,8 @@ roles_path = ./roles
 collections_paths = ./collections
 # Localtion for plugins & modules
 library = ./library
+# SSH
+private_key_file = /certs/ssh/ublue-os_forge-id_ed25519
 # Console log settings
 display_skipped_hosts = false
 # Use the stdout_callback when running ad-hoc commands.
--- a/setup/ansible/main.yml
+++ b/setup/ansible/main.yml
@ -20,6 +20,8 @@
        groups:
          - forge
        ansible_host: "{{ container_host_ip }}"
+        ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}"
+        ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}"

    - name: Add Ansible Semaphore to inventory
      ansible.builtin.add_host:
@ -30,7 +32,31 @@
        ansible_connection: local
        ansible_python_interpreter: "{{ ansible_playbook_python }}"

-## TODO: Add play to configure host system
+- name: Configure host system
+  hosts: forge
+  gather_facts: true
+  tasks:
+    - name: Add ublue.local entries to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        search_string: 127.0.0.1 registry.ublue.local forge.ublue.local
+        line: 127.0.0.1 registry.ublue.local forge.ublue.local
+        state: present
+      become: true
+
+    - name: Add ublue.local TSL root certificate to trust anchors
+      ansible.builtin.copy:
+        src: /certs/tls/ublue-os_forge-root.pem
+        dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem
+        force: true
+        mode: "0644"
+      become: true
+
+    - name: Update ca-trust store
+      ansible.builtin.command:
+        cmd: update-ca-trust
+      changed_when: false
+      become: true

 - name: Configure Ansible Semaphore
  hosts: semaphore