Ansible and Sailfish OS

Since I seem to set up new Sailfish OS devices at least once a year (because I got myself a new toy) and I am lazy, I set up my current SailfishOS device, a Gemini PDA, up to work with Ansible.

These are my notes on using Ansible with my Gemini PDA running Sailfish OS 3.0.1.14

What this post is about

Getting your Sailfish OS device into a state where you can use ansible on it.

Overview of Steps

  1. Install Sailfish OS
  2. Complete the Tutorial
  3. Enable Developer Mode
  4. Install Python
  5. Enable ssh Access for Ansible
  6. Add Sailfish OS Device to Your Inventory
  7. Test Ansible Connectivity
  8. View Ansible Facts
  9. Use SailfishOS with Ansible

Install Sailfish OS

If you are using Sailfish X on one of the following devices

  • Sailfish X for Gemini PDA
  • Sailfish X for Sony Xperia™ X
  • Sailfish X for Sony Xperia™ XA2
  • Sailfish X for Sony Xperia™ XA2 Plus
  • Sailfish X for Sony Xperia™ XA2 Ultra

Then you will have to flash your OS first. Proceed as instructed by Jolla.

If on the other hand, your device came pre-installed with SailfishOS, you are already done with this step.

Complete the Tutorial

It seems you can not skip the tutorial on first boot, complete it to gain control of you device.

Enable Developer Mode

Follow Jolla’s instructions

Install Python

For Ansible to be able to control your Sailfish X device, you will need to install python.

user@workstation ~ $ ssh nemo@sailfishx
Last login: Sun Mar  3 14:07:56 CET 2019 from 192.168.50.35 on pts/20
,---
| Sailfish OS 3.0.1.14 (Sipoonkorpi)
'---
[nemo@Sailfish ~]$ devel-su
[root@Sailfish ~]# pkcon refresh
Refreshing cache
Waiting for authentication
Starting
Refreshing software list
Finished
[root@Sailfish ~]# pkcon install python
Resolving
Querying
Testing changes
Finished
The following packages have to be installed:
 gdbm-1.8.3-1.1.4.jolla.armv7hl	GNU Database Routines
 python-2.7.9-1.1.7.jolla.armv7hl	An interpreted, interactive, object-oriented programming language
 python-libs-2.7.9-1.1.7.jolla.armv7hl	Runtime libraries for Python
Proceed with changes? [N/y] y
Installing
Querying
Resolving dependencies
Installing packages
Downloading packages
Installing packages
Finished

Enable ssh Access for Ansible

I’ll ssh in directly as root. This saves me from having to make devel-su a valid become_method

To be able to ssh in as root, you need to

  • enable developer mode in Jolla Settings
  • enable remote access in Jolla Settings
  • put your ssh pubkey in /root/.ssh/authorized_keys
  • chmod 0700 /root/.ssh/
  • chmod 0600 /root/.ssh/authorized_keys

Add Sailfish OS Device to Your Inventory

gemini    ansible_user=root

Test Ansible Connectivity

user@workstation ~ $ ansible gemini -m ping
gemini | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

View Ansible Facts

user@workstation ~ $ ansible -m setup gemini
gemini | SUCCESS => {
    "ansible_facts": {
        "ansible_all_ipv4_addresses": [
[...]

Use SailfishOS with Ansible

Now you can use your Sailfish device with Ansible.

Use The Right Ansible Modules and Roles

Note that you should enable/disable repos with ssu.

Software should be installed with pkcon.

Neither of these seem to have corresponding ansible modules.

You could try with zypper but YMMV. I’ll be limiting myself to ansible operations for which I have modules.

My Playbook

Currently, my play sailfish.yml is as follows

- name: Sailfish X config
  hosts:
    - gemini
  become: no # we ssh in directly as root with ssh key, to avoid dealing with devel-su
  tasks:
    - name: "SSHD | ensure sshd config is set up to my liking"
      block:
        - name: "SSHD | ensure AuthorizedKeysFile is configured"
          lineinfile:
            path:         /etc/ssh/sshd_config
            regexp:       '^AuthorizedKeysFile'
            insertbefore: '^#AuthorizedPrincipalsFile none'
            line:         'AuthorizedKeysFile	.ssh/authorized_keys'
        - name: "SSHD | ensure PasswordAuthentication is off"
          lineinfile:
            path:         /etc/ssh/sshd_config
            regexp:       '^PasswordAuthentication'
            insertafter:  '^#PasswordAuthentication'
            line:         'PasswordAuthentication no'