Ansible and Sailfish OS

Table of Contents

Since I seem to set up new Sailfish OS devices at least once a year (because I got myself a new toy) and I am lazy, I set up my current Sailfish OS device, a Gemini PDA, up to work with Ansible.

These are my notes on using Ansible with my Gemini PDA running Sailfish OS 3.0.1.14

What this post is about

Getting your Sailfish OS device into a state where you can use ansible on it.

Overview of Steps

  1. Install Sailfish OS
  2. Complete the Tutorial
  3. Enable Developer Mode
  4. Install Python
  5. Enable ssh Access for Ansible
  6. Add Sailfish OS Device to Your Inventory
  7. Test Ansible Connectivity
  8. View Ansible Facts
  9. Use SailfishOS with Ansible

Install Sailfish OS

If you are using Sailfish X on one of the following devices

  • Sailfish X for Gemini PDA
  • Sailfish X for Sony Xperia™ X
  • Sailfish X for Sony Xperia™ XA2
  • Sailfish X for Sony Xperia™ XA2 Plus
  • Sailfish X for Sony Xperia™ XA2 Ultra

Then you will have to flash your OS first. Proceed as instructed by Jolla.

If on the other hand, your device came pre-installed with Sailfish OS, you are already done with this step.

Complete the Tutorial

It seems you can not skip the tutorial on first boot, complete it to gain control of you device.

Enable Developer Mode

Follow Jolla’s instructions

Install Python

For Ansible to be able to control your Sailfish X device, you will need to install python.

user@workstation ~ $ ssh nemo@sailfishx
Last login: Sun Mar  3 14:07:56 CET 2019 from 192.168.50.35 on pts/20
,---
| Sailfish OS 3.0.1.14 (Sipoonkorpi)
'---
[nemo@Sailfish ~]$ devel-su
[root@Sailfish ~]# pkcon refresh
Refreshing cache
Waiting for authentication
Starting
Refreshing software list
Finished
[root@Sailfish ~]# pkcon install python
Resolving
Querying
Testing changes
Finished
The following packages have to be installed:
 gdbm-1.8.3-1.1.4.jolla.armv7hl	GNU Database Routines
 python-2.7.9-1.1.7.jolla.armv7hl	An interpreted, interactive, object-oriented programming language
 python-libs-2.7.9-1.1.7.jolla.armv7hl	Runtime libraries for Python
Proceed with changes? [N/y] y
Installing
Querying
Resolving dependencies
Installing packages
Downloading packages
Installing packages
Finished

Enable ssh Access for Ansible

I’ll ssh in directly as root. This saves me from having to make devel-su a valid become_method

To be able to ssh in as root, you need to

  • enable developer mode in Jolla Settings
  • enable remote access in Jolla Settings
  • put your ssh pubkey in /root/.ssh/authorized_keys
  • chmod 0700 /root/.ssh/
  • chmod 0600 /root/.ssh/authorized_keys

Add Sailfish OS Device to Your Inventory

gemini    ansible_user=root

Test Ansible Connectivity

user@workstation ~ $ ansible gemini -m ping
gemini | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

View Ansible Facts

user@workstation ~ $ ansible -m setup gemini
gemini | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
[...]

Use SailfishOS with Ansible

Now you can use your Sailfish device with Ansible.

Use The Right Ansible Modules and Roles

Note that you should enable/disable repos with ssu.

Software should be installed with pkcon.

Neither of these seem to have corresponding ansible modules.

You could try with zypper but YMMV. I’ll be limiting myself to ansible operations for which I have modules.

My Playbook

Currently, my play sailfish.yml is as follows

- name: SailfishOS config

  hosts:
    - gemini
    - pro1
    - Xperia10II-DualSIM

  become: no # we ssh in directly as root with ssh key, to avoid dealing with devel-su

  handlers:
    - name: restart systemd-journald
      systemd:
        name:       systemd-journald.service
        state:      restarted
    - name: restart sshd
      systemd:
        name:       sshd.service
        state:      restarted

  tasks:
    # Ensure sshd config is set up to my liking, the disconnect after 15 mins is simply because I tend to forget for hours that I ssh-ed in and this will have a battery hit
    - name: SSHD | ensure AuthorizedKeysFile is configured
      lineinfile:
        path:         /etc/ssh/sshd_config
        regexp:       '^AuthorizedKeysFile'
        insertbefore: '^#AuthorizedPrincipalsFile none'
        line:         'AuthorizedKeysFile	.ssh/authorized_keys'
      notify: restart sshd

    - name: SSHD | ensure PasswordAuthentication is off
      lineinfile:
        path:         /etc/ssh/sshd_config
        regexp:       '^PasswordAuthentication'
        insertafter:  '^#PasswordAuthentication'
        line:         'PasswordAuthentication no'
      notify: restart sshd

    - name: SSHD | ensure that a response is requested from the client after 1 minute of inactivity
      lineinfile:
        path:         /etc/ssh/sshd_config
        regexp:       '^ClientAliveInterval'
        insertafter:  '^#ClientAliveInterval'
        line:         'ClientAliveInterval 1m'
      notify: restart sshd

    - name: SSHD | ensure that a client is disconnected after 3 missed response requests
      lineinfile:
        path:         /etc/ssh/sshd_config
        regexp:       '^ClientAliveCountMax'
        insertafter:  '^#ClientAliveCountMax'
        line:         'ClientAliveCountMax 3'
      notify: restart sshd

    # set either 'volatile' or 'persistent'
    # if you enable the use of persistent journal, then also see
    # https://together.jolla.com/question/4842/how-to-enable-more-detailed-and-persistent-logs-on-jolla-device/
    - name: Ensure journald.conf is NOT set to save to persistent storage
      ini_file:
        path:             /etc/systemd/journald.conf
        section:          Journal
        option:           Storage
        value:            volatile
        no_extra_spaces:  True
        backup:           False
      notify: restart systemd-journald

    - name: Ensure journald.conf has a more reasonable setting than the default RuntimeMaxUse=1M
      ini_file:
        path:             /etc/systemd/journald.conf
        section:          Journal
        option:           RuntimeMaxUse
        value:            10M
        no_extra_spaces:  True
        backup:           False
      notify: restart systemd-journald

    # While with the ini file entry Storage=persistent, systemd should create the target dir, ensure it is there like the above URL suggests
    # bounce the journald if the directory was changed
    - name: Ensure /var/log/journal is present
      file:
        path:   /var/log/journal
        state:  directory
        owner:  root
        group:  systemd-journal
      notify: restart systemd-journald