Ansible and Sailfish OS
Table of Contents
Since I seem to set up new Sailfish OS devices at least once a year (because I got myself a new toy) and I am lazy, I set up my current Sailfish OS device, a Gemini PDA, up to work with Ansible.
These are my notes on using Ansible with my Gemini PDA running Sailfish OS 3.0.1.14
What this post is about
Getting your Sailfish OS device into a state where you can use ansible on it.
Overview of Steps
- Install Sailfish OS
- Complete the Tutorial
- Enable Developer Mode
- Install Python
- Enable ssh Access for Ansible
- Add Sailfish OS Device to Your Inventory
- Test Ansible Connectivity
- View Ansible Facts
- Use SailfishOS with Ansible
Install Sailfish OS
If you are using Sailfish X on one of the following devices
- Sailfish X for Gemini PDA
- Sailfish X for Sony Xperia™ X
- Sailfish X for Sony Xperia™ XA2
- Sailfish X for Sony Xperia™ XA2 Plus
- Sailfish X for Sony Xperia™ XA2 Ultra
Then you will have to flash your OS first. Proceed as instructed by Jolla.
If on the other hand, your device came pre-installed with Sailfish OS, you are already done with this step.
Complete the Tutorial
It seems you can not skip the tutorial on first boot, complete it to gain control of you device.
Enable Developer Mode
Follow Jolla’s instructions
Install Python
For Ansible to be able to control your Sailfish X device, you will need to install python.
user@workstation ~ $ ssh nemo@sailfishx
Last login: Sun Mar 3 14:07:56 CET 2019 from 192.168.50.35 on pts/20
,---
| Sailfish OS 3.0.1.14 (Sipoonkorpi)
'---
[nemo@Sailfish ~]$ devel-su
[root@Sailfish ~]# pkcon refresh
Refreshing cache
Waiting for authentication
Starting
Refreshing software list
Finished
[root@Sailfish ~]# pkcon install python
Resolving
Querying
Testing changes
Finished
The following packages have to be installed:
gdbm-1.8.3-1.1.4.jolla.armv7hl GNU Database Routines
python-2.7.9-1.1.7.jolla.armv7hl An interpreted, interactive, object-oriented programming language
python-libs-2.7.9-1.1.7.jolla.armv7hl Runtime libraries for Python
Proceed with changes? [N/y] y
Installing
Querying
Resolving dependencies
Installing packages
Downloading packages
Installing packages
Finished
Enable ssh Access for Ansible
I’ll ssh in directly as root. This saves me from having to make devel-su a valid
become_method
To be able to ssh in as root, you need to
- enable developer mode in Jolla Settings
- enable remote access in Jolla Settings
- put your ssh pubkey in
/root/.ssh/authorized_keys chmod 0700 /root/.ssh/chmod 0600 /root/.ssh/authorized_keys
Add Sailfish OS Device to Your Inventory
gemini ansible_user=root
Test Ansible Connectivity
user@workstation ~ $ ansible gemini -m ping
gemini | SUCCESS => {
"changed": false,
"ping": "pong"
}
View Ansible Facts
user@workstation ~ $ ansible -m setup gemini
gemini | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
[...]
Use SailfishOS with Ansible
Now you can use your Sailfish device with Ansible.
Use The Right Ansible Modules and Roles
Note that you should enable/disable repos with ssu.
Software should be installed with pkcon.
Neither of these seem to have corresponding ansible modules.
You could try with zypper but YMMV. I’ll be limiting myself to ansible
operations for which I have modules.
My Playbook
Currently, my play sailfish.yml is as follows
- name: SailfishOS config
hosts:
- gemini
- pro1
become: no # we ssh in directly as root with ssh key, to avoid dealing with devel-su
tasks:
- name: "SSHD | ensure sshd config is set up to my liking"
block:
- name: "SSHD | ensure AuthorizedKeysFile is configured"
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^AuthorizedKeysFile'
insertbefore: '^#AuthorizedPrincipalsFile none'
line: 'AuthorizedKeysFile .ssh/authorized_keys'
- name: "SSHD | ensure PasswordAuthentication is off"
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
insertafter: '^#PasswordAuthentication'
line: 'PasswordAuthentication no'