Добавил ssh в ansible-base и стырил плейбук для создания LXD контейнеров

ansible/ansible-base/playbook.yml

@@ -4,6 +4,7 @@
    roles:
       - packages
       - configs
+      - ssh
 
  - hosts: playgs
    roles:

ansible/ansible-base/roles/ssh/files/auth_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3b/t76DskXtbMwVpyjpXoOKG/ezcLVGPM1l3OAU2mBon9qdt2WgLCiwSiFdbrEbWKLFP7+bEHkmcj5XWCBGpLlKQUn3GsnLqJu16ue+2qI3jHv4TTyNwN3AzERz5BQdPgat1qYTZ6UTkLdT208RDhVn7/sSx+zmdHbuX3kR9TgF43RjS2ijV5/9iaPbgnXIEL74eeJ2Fl8z+FaCWpe7Ja12R+rZKtpBGZQy4L37KlSPw8CC5vVkrmfvriSmV2J/OaaleosDqENFRVUHzzFTIt+CARMMkSKqLmFausb1I00vcL9iuh3islJIZvidfZKL20eRxauK3Q2dyH+cFu90yx knflkr@arch-llz

ansible/ansible-base/roles/ssh/files/sshd_config

@@ -0,0 +1,121 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/auth_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

ansible/ansible-base/roles/ssh/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+
+ - name: Put authorized keys
+   template:
+     src: files/auth_keys
+     dest: /etc/ssh/auth_keys
+
+ - name: Put sshd config
+   template:
+     src: files/sshd_config
+     dest: /etc/ssh/sshd_config
+   notify: Reload sshd
+
+ - name: Reload sshd
+   ansible.builtin.service:
+     name: sshd
+     state: restarted
+

ansible/lxc-create-multiple/README.md

@@ -0,0 +1,3 @@
+Создает контейнеры из указанного inventory с указанными в нем же IPшниками
+
+Source: https://dev.to/livioribeiro/using-lxd-and-ansible-to-simulate-infrastructure-2g8l

ansible/lxc-create-multiple/ansible.cfg

@@ -0,0 +1,3 @@
+# ansible.cfg
+[defaults]
+inventory = inventory

ansible/lxc-create-multiple/inventory

@@ -0,0 +1,16 @@
+# inventory/hosts
+
+[centos]
+centos1         ip_address=10.222.43.101
+centos2         ip_address=10.222.43.102
+centos3         ip_address=10.222.43.103
+
+[ubuntu]
+ubuntu1   ip_address=10.222.43.111
+ubuntu2   ip_address=10.222.43.112
+ubuntu3   ip_address=10.222.43.113
+
+
+[all:vars]
+ansible_connection=lxd
+ansible_python_interpreter=/usr/bin/python3

ansible/lxc-create-multiple/playbook.yml

@@ -0,0 +1,62 @@
+---
+- hosts: localhost
+  # run this task in the host
+  connection: local
+  tasks:
+    - name: create containers cent
+      # get all host names from inventory
+      loop: "{{ groups['centos'] }}"
+      # use lxd_container module from ansible to create containers
+      lxd_container:
+        # container name is the hostname
+        name: "{{ item }}"
+        state: started
+        source:
+          type: image
+          mode: pull
+          server: https://images.linuxcontainers.org
+          protocol: simplestreams
+          alias: centos/8-Stream/cloud
+        config:
+          # nomad clients need some privileges to be able to run docker containers
+          security.nesting: "{{ 'true' if item in ['nomad-client1', 'nomad-client2', 'nomad-client3'] else 'false' }}"
+          security.privileged: "{{ 'true' if item in ['nomad-client1', 'nomad-client2', 'nomad-client3'] else 'false' }}"
+        devices:
+          # configure network interface
+          eth0:
+            type: nic
+            nictype: bridged
+            parent: lxdbr0
+            # get ip address from inventory
+            ipv4.address: "{{ hostvars[item].ip_address }}"
+        # # uncomment if you installed lxd using snap
+        # url: unix:/var/snap/lxd/common/lxd/unix.socket
+
+    - name: create containers ubuntu
+      # get all host names from inventory
+      loop: "{{ groups['ubuntu'] }}"
+      # use lxd_container module from ansible to create containers
+      lxd_container:
+        # container name is the hostname
+        name: "{{ item }}"
+        state: started
+        source:
+          type: image
+          mode: pull
+          server: https://images.linuxcontainers.org
+          protocol: simplestreams
+          alias: ubuntu/bionic/amd64
+        config:
+          # nomad clients need some privileges to be able to run docker containers
+          security.nesting: "{{ 'true' if item in ['nomad-client1', 'nomad-client2', 'nomad-client3'] else 'false' }}"
+          security.privileged: "{{ 'true' if item in ['nomad-client1', 'nomad-client2', 'nomad-client3'] else 'false' }}"
+        devices:
+          # configure network interface
+          eth0:
+            type: nic
+            nictype: bridged
+            parent: lxdbr0
+            # get ip address from inventory
+            ipv4.address: "{{ hostvars[item].ip_address }}"
+        # # uncomment if you installed lxd using snap
+        # url: unix:/var/snap/lxd/common/lxd/unix.socket