Using ansible in fedora-toolbox to configure local system

So I just got SilverBlue installed on my laptop. I’d previously written some playbooks that run against localhost to configure the system to my liking. I began converting these playbooks for SilverBlue ( e.g. RPM->Flatpak ). I installed ansible in my fedora-toolbox and tried to run them, but they don’t seem to work. Flatpak module throws an error, changes I make to /etc don’t show up outside the toolbox. Anybody gone down this road before?

1 Like

The problem is that localhost inside the toolbox is not the same as localhost outside the toolbox because the toolbox is just a container. Try to run the hostname command inside and outside of the container and you should see that they differ.

So if you replace localhost with the hostname of your local machine it should be working and you should see the changes also outside the toolbox.

By changing the hostname, that would make ansible connect via SSH rather than local connection, and thus bust out of the container and do stuff directly on the host? That’s a good idea. Lemme give that a shot.

As a side note, personally I just installed Ansible as a layered package, it was just simpler to do overall.

Well that was a journey of discovery, but I got it working. Your route, @refi64, probably would have been eaiser. Just in case anyone else wants to try it here is what I ended up doing:

  • Enable SSH
    sudo systemctl enable sshd.service

  • For security only accept connections from localhost. In sshd_config I added:

ListenAddress 127.0.0.1
ListenAddress ::1
  • Set my user for passwordless sudo
visudo /etc/sudoers.d/<myusername>
<myuser>   ALL=(ALL)   NOPASSWD: ALL
  • Create host file for ansible for my laptop (britomic) specifying ansible host as localhost, and python for interpreter.
britomic ansible_host=::1 ansible_python_interpreter=/usr/bin/python3
  • Update all the playbooks to run on my laptop hostname. e.g.
hosts: britomic
  become: true
  tasks:
  - name: Add the flathub flatpak repository
    flatpak_remote:
      name: flathub
      state: present
      flatpakrepo_url: https://dl.flathub.org/repo/flathub.flatpakrepo

  - name: Install system flatpaks
    flatpak:
      name: "{{ item }}"
      state: present
    with_items:
      - com.slack.Slack
      - io.atom.Atom
      - org.libreoffice.LibreOffice
      - org.signal.Signal
      - org.remmina.Remmina

And then inside my fedora-toolbox, I created a venv, installed ansible in the venv, and ran the playbooks. I’m off and running. Thanks for the help!

3 Likes

One other thing I forgot to mention. I had to turn SELinux from Enforcing to Permissive to allow for ssh login using key. In enforcing mode, it just kept prompting for password. I’m sure I just need to change the label on my .ssh folder or something simple like that, but I haven’t dug into it yet.

I fixed this with:

chcon -R -v system_u:object_r:usr_t:s0 ~/.ssh/

I’m quite interested on this (SSH to a local Toolbox). If I understood correctly, enabling sshd service on the host, should be enough (I would have to type my password always)?

PD: Not interested on the Ansible part