Ansible and Sailfish OS
Table of Contents
Since I seem to set up new Sailfish OS devices at least once a year (because I got myself a new toy) and I am lazy, I set up my current Sailfish OS device, a Gemini PDA, up to work with Ansible.
These are my notes on using Ansible with my Gemini PDA running Sailfish OS 3.0.1.14
What this post is about
Getting your Sailfish OS device into a state where you can use ansible on it.
Overview of Steps
- Install Sailfish OS
- Complete the Tutorial
- Enable Developer Mode
- Install Python
- Enable ssh Access for Ansible
- Add Sailfish OS Device to Your Inventory
- Test Ansible Connectivity
- View Ansible Facts
- Use SailfishOS with Ansible
Install Sailfish OS
If you are using Sailfish X on one of the following devices
- Sailfish X for Gemini PDA
- Sailfish X for Sony Xperia™ X
- Sailfish X for Sony Xperia™ XA2
- Sailfish X for Sony Xperia™ XA2 Plus
- Sailfish X for Sony Xperia™ XA2 Ultra
Then you will have to flash your OS first. Proceed as instructed by Jolla.
If on the other hand, your device came pre-installed with Sailfish OS, you are already done with this step.
Complete the Tutorial
It seems you can not skip the tutorial on first boot, complete it to gain control of you device.
Enable Developer Mode
Follow Jolla’s instructions
Install Python
For Ansible to be able to control your Sailfish X device, you will need to install python.
user@workstation ~ $ ssh nemo@sailfishx
Last login: Sun Mar 3 14:07:56 CET 2019 from 192.168.50.35 on pts/20
,---
| Sailfish OS 3.0.1.14 (Sipoonkorpi)
'---
[nemo@Sailfish ~]$ devel-su
[root@Sailfish ~]# pkcon refresh
Refreshing cache
Waiting for authentication
Starting
Refreshing software list
Finished
[root@Sailfish ~]# pkcon install python
Resolving
Querying
Testing changes
Finished
The following packages have to be installed:
gdbm-1.8.3-1.1.4.jolla.armv7hl GNU Database Routines
python-2.7.9-1.1.7.jolla.armv7hl An interpreted, interactive, object-oriented programming language
python-libs-2.7.9-1.1.7.jolla.armv7hl Runtime libraries for Python
Proceed with changes? [N/y] y
Installing
Querying
Resolving dependencies
Installing packages
Downloading packages
Installing packages
Finished
Enable ssh Access for Ansible
I’ll ssh in directly as root. This saves me from having to make devel-su a valid
become_method
To be able to ssh in as root, you need to
- enable developer mode in Jolla Settings
- enable remote access in Jolla Settings
- put your ssh pubkey in
/root/.ssh/authorized_keys chmod 0700 /root/.ssh/chmod 0600 /root/.ssh/authorized_keys
Add Sailfish OS Device to Your Inventory
gemini ansible_user=root
Test Ansible Connectivity
user@workstation ~ $ ansible gemini -m ping
gemini | SUCCESS => {
"changed": false,
"ping": "pong"
}
View Ansible Facts
user@workstation ~ $ ansible -m setup gemini
gemini | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
[...]
Use SailfishOS with Ansible
Now you can use your Sailfish device with Ansible.
Use The Right Ansible Modules and Roles
Note that you should enable/disable repos with ssu.
Software should be installed with pkcon.
Neither of these seem to have corresponding ansible modules.
You could try with zypper but YMMV. I’ll be limiting myself to ansible
operations for which I have modules.
My Playbook
Currently, my play sailfish.yml is as follows
- name: SailfishOS config
hosts:
- gemini
- pro1
- Xperia10II-DualSIM
become: no # we ssh in directly as root with ssh key, to avoid dealing with devel-su
handlers:
- name: restart systemd-journald
systemd:
name: systemd-journald.service
state: restarted
- name: restart sshd
systemd:
name: sshd.service
state: restarted
tasks:
# Ensure sshd config is set up to my liking, the disconnect after 15 mins is simply because I tend to forget for hours that I ssh-ed in and this will have a battery hit
- name: SSHD | ensure AuthorizedKeysFile is configured
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^AuthorizedKeysFile'
insertbefore: '^#AuthorizedPrincipalsFile none'
line: 'AuthorizedKeysFile .ssh/authorized_keys'
notify: restart sshd
- name: SSHD | ensure PasswordAuthentication is off
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
insertafter: '^#PasswordAuthentication'
line: 'PasswordAuthentication no'
notify: restart sshd
- name: SSHD | ensure that a response is requested from the client after 1 minute of inactivity
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^ClientAliveInterval'
insertafter: '^#ClientAliveInterval'
line: 'ClientAliveInterval 1m'
notify: restart sshd
- name: SSHD | ensure that a client is disconnected after 3 missed response requests
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^ClientAliveCountMax'
insertafter: '^#ClientAliveCountMax'
line: 'ClientAliveCountMax 3'
notify: restart sshd
# set either 'volatile' or 'persistent'
# if you enable the use of persistent journal, then also see
# https://together.jolla.com/question/4842/how-to-enable-more-detailed-and-persistent-logs-on-jolla-device/
- name: Ensure journald.conf is NOT set to save to persistent storage
ini_file:
path: /etc/systemd/journald.conf
section: Journal
option: Storage
value: volatile
no_extra_spaces: True
backup: False
notify: restart systemd-journald
- name: Ensure journald.conf has a more reasonable setting than the default RuntimeMaxUse=1M
ini_file:
path: /etc/systemd/journald.conf
section: Journal
option: RuntimeMaxUse
value: 10M
no_extra_spaces: True
backup: False
notify: restart systemd-journald
# While with the ini file entry Storage=persistent, systemd should create the target dir, ensure it is there like the above URL suggests
# bounce the journald if the directory was changed
- name: Ensure /var/log/journal is present
file:
path: /var/log/journal
state: directory
owner: root
group: systemd-journal
notify: restart systemd-journald