Categories: howto, gizmo, SailfishOS

Ansible and Sailfish OS

Table of Contents

Since I seem to set up new Sailfish OS devices at least once a year (because I got myself a new toy) and I am lazy, I set up my current Sailfish OS device, a Gemini PDA, up to work with Ansible.

These are my notes on using Ansible with my Gemini PDA running Sailfish OS 3.0.1.14

What this post is about

Getting your Sailfish OS device into a state where you can use ansible on it.

Overview of Steps

  1. Install Sailfish OS
  2. Complete the Tutorial
  3. Enable Developer Mode
  4. Install Python
  5. Enable ssh Access for Ansible
  6. Add Sailfish OS Device to Your Inventory
  7. Test Ansible Connectivity
  8. View Ansible Facts
  9. Use SailfishOS with Ansible

Install Sailfish OS

If you are using Sailfish X on one of the following devices

  • Sailfish X for Gemini PDA
  • Sailfish X for Sony Xperia™ X
  • Sailfish X for Sony Xperia™ XA2
  • Sailfish X for Sony Xperia™ XA2 Plus
  • Sailfish X for Sony Xperia™ XA2 Ultra

Then you will have to flash your OS first. Proceed as instructed by Jolla.

If on the other hand, your device came pre-installed with Sailfish OS, you are already done with this step.

Complete the Tutorial

It seems you can not skip the tutorial on first boot, complete it to gain control of you device.

Enable Developer Mode

Follow Jolla’s instructions

Install Python

For Ansible to be able to control your Sailfish X device, you will need to install python.

user@workstation ~ $ ssh nemo@sailfishx
Last login: Sun Mar  3 14:07:56 CET 2019 from 192.168.50.35 on pts/20
,---
| Sailfish OS 3.0.1.14 (Sipoonkorpi)
'---
[nemo@Sailfish ~]$ devel-su
[root@Sailfish ~]# pkcon refresh
Refreshing cache
Waiting for authentication
Starting
Refreshing software list
Finished
[root@Sailfish ~]# pkcon install python
Resolving
Querying
Testing changes
Finished
The following packages have to be installed:
 gdbm-1.8.3-1.1.4.jolla.armv7hl	GNU Database Routines
 python-2.7.9-1.1.7.jolla.armv7hl	An interpreted, interactive, object-oriented programming language
 python-libs-2.7.9-1.1.7.jolla.armv7hl	Runtime libraries for Python
Proceed with changes? [N/y] y
Installing
Querying
Resolving dependencies
Installing packages
Downloading packages
Installing packages
Finished

Enable ssh Access for Ansible

I’ll ssh in directly as root. This saves me from having to make devel-su a valid become_method

To be able to ssh in as root, you need to

  • enable developer mode in Jolla Settings
  • enable remote access in Jolla Settings
  • put your ssh pubkey in /root/.ssh/authorized_keys
  • chmod 0700 /root/.ssh/
  • chmod 0600 /root/.ssh/authorized_keys

Add Sailfish OS Device to Your Inventory

gemini    ansible_user=root

Test Ansible Connectivity

user@workstation ~ $ ansible gemini -m ping
gemini | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

View Ansible Facts

user@workstation ~ $ ansible -m setup gemini
gemini | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
[...]

Use SailfishOS with Ansible

Now you can use your Sailfish device with Ansible.

Use The Right Ansible Modules and Roles

Note that you should enable/disable repos with ssu.

Software should be installed with pkcon.

Neither of these seem to have corresponding ansible modules.

You could try with zypper but YMMV. I’ll be limiting myself to ansible operations for which I have modules.

My Playbook

Currently, my play sailfish.yml is as follows

- name: SailfishOS config

hosts:
- gemini
- pro1
- Xperia10II-DualSIM


become: no # we ssh in directly as root with ssh key, to avoid dealing with devel-su


handlers:
- name: restart systemd-journald
systemd:
name:       systemd-journald.service
state:      restarted
- name: restart sshd
systemd:
name:       sshd.service
state:      restarted


tasks:
# Ensure sshd config is set up to my liking, the disconnect after 15 mins is simply because I tend to forget for hours that I ssh-ed in and this will have a battery hit
- name: SSHD | ensure AuthorizedKeysFile is configured
lineinfile:
path:         /etc/ssh/sshd_config
regexp:       '^AuthorizedKeysFile'
insertbefore: '^#AuthorizedPrincipalsFile none'
line:         'AuthorizedKeysFile	.ssh/authorized_keys'
notify: restart sshd


- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">SSHD | ensure PasswordAuthentication is off</span>
  <span style="color:#f92672">lineinfile</span>:
    <span style="color:#f92672">path</span>:         <span style="color:#ae81ff">/etc/ssh/sshd_config</span>
    <span style="color:#f92672">regexp</span>:       <span style="color:#e6db74">&#39;^PasswordAuthentication&#39;</span>
    <span style="color:#f92672">insertafter</span>:  <span style="color:#e6db74">&#39;^#PasswordAuthentication&#39;</span>
    <span style="color:#f92672">line</span>:         <span style="color:#e6db74">&#39;PasswordAuthentication no&#39;</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart sshd</span>

- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">SSHD | ensure that a response is requested from the client after 1 minute of inactivity</span>
  <span style="color:#f92672">lineinfile</span>:
    <span style="color:#f92672">path</span>:         <span style="color:#ae81ff">/etc/ssh/sshd_config</span>
    <span style="color:#f92672">regexp</span>:       <span style="color:#e6db74">&#39;^ClientAliveInterval&#39;</span>
    <span style="color:#f92672">insertafter</span>:  <span style="color:#e6db74">&#39;^#ClientAliveInterval&#39;</span>
    <span style="color:#f92672">line</span>:         <span style="color:#e6db74">&#39;ClientAliveInterval 1m&#39;</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart sshd</span>

- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">SSHD | ensure that a client is disconnected after 3 missed response requests</span>
  <span style="color:#f92672">lineinfile</span>:
    <span style="color:#f92672">path</span>:         <span style="color:#ae81ff">/etc/ssh/sshd_config</span>
    <span style="color:#f92672">regexp</span>:       <span style="color:#e6db74">&#39;^ClientAliveCountMax&#39;</span>
    <span style="color:#f92672">insertafter</span>:  <span style="color:#e6db74">&#39;^#ClientAliveCountMax&#39;</span>
    <span style="color:#f92672">line</span>:         <span style="color:#e6db74">&#39;ClientAliveCountMax 3&#39;</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart sshd</span>

<span style="color:#75715e"># set either &#39;volatile&#39; or &#39;persistent&#39;</span>
<span style="color:#75715e"># if you enable the use of persistent journal, then also see</span>
<span style="color:#75715e"># https://together.jolla.com/question/4842/how-to-enable-more-detailed-and-persistent-logs-on-jolla-device/</span>
- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Ensure journald.conf is NOT set to save to persistent storage</span>
  <span style="color:#f92672">ini_file</span>:
    <span style="color:#f92672">path</span>:             <span style="color:#ae81ff">/etc/systemd/journald.conf</span>
    <span style="color:#f92672">section</span>:          <span style="color:#ae81ff">Journal</span>
    <span style="color:#f92672">option</span>:           <span style="color:#ae81ff">Storage</span>
    <span style="color:#f92672">value</span>:            <span style="color:#ae81ff">volatile</span>
    <span style="color:#f92672">no_extra_spaces</span>:  <span style="color:#66d9ef">True</span>
    <span style="color:#f92672">backup</span>:           <span style="color:#66d9ef">False</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart systemd-journald</span>

- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Ensure journald.conf has a more reasonable setting than the default RuntimeMaxUse=1M</span>
  <span style="color:#f92672">ini_file</span>:
    <span style="color:#f92672">path</span>:             <span style="color:#ae81ff">/etc/systemd/journald.conf</span>
    <span style="color:#f92672">section</span>:          <span style="color:#ae81ff">Journal</span>
    <span style="color:#f92672">option</span>:           <span style="color:#ae81ff">RuntimeMaxUse</span>
    <span style="color:#f92672">value</span>:            <span style="color:#ae81ff">10M</span>
    <span style="color:#f92672">no_extra_spaces</span>:  <span style="color:#66d9ef">True</span>
    <span style="color:#f92672">backup</span>:           <span style="color:#66d9ef">False</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart systemd-journald</span>

<span style="color:#75715e"># While with the ini file entry Storage=persistent, systemd should create the target dir, ensure it is there like the above URL suggests</span>
<span style="color:#75715e"># bounce the journald if the directory was changed</span>
- <span style="color:#f92672">name</span>: <span style="color:#ae81ff">Ensure /var/log/journal is present</span>
  <span style="color:#f92672">file</span>:
    <span style="color:#f92672">path</span>:   <span style="color:#ae81ff">/var/log/journal</span>
    <span style="color:#f92672">state</span>:  <span style="color:#ae81ff">directory</span>
    <span style="color:#f92672">owner</span>:  <span style="color:#ae81ff">root</span>
    <span style="color:#f92672">group</span>:  <span style="color:#ae81ff">systemd-journal</span>
  <span style="color:#f92672">notify</span>: <span style="color:#ae81ff">restart systemd-journald</span>

Related