From: Chuck Lever <cel@kernel.org>
To: <kdevops@lists.linux.dev>
Cc: Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v1 4/6] guestfs: Use the alternate ssh port for Ansible control
Date: Thu, 2 Oct 2025 16:21:38 -0400 [thread overview]
Message-ID: <20251002202140.3596787-5-cel@kernel.org> (raw)
In-Reply-To: <20251002202140.3596787-1-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
When provisioning guestfs instances, make use of the Ansible ssh
port setting, in case it is set to something other than port 22.
Generated-by: Claude AI
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
playbooks/nixos.yml | 2 +-
playbooks/roles/guestfs/tasks/bringup/main.yml | 11 ++++++++++-
scripts/update_ssh_config_guestfs.py | 3 ++-
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/playbooks/nixos.yml b/playbooks/nixos.yml
index bdc9b1e8555e..262855202ca6 100644
--- a/playbooks/nixos.yml
+++ b/playbooks/nixos.yml
@@ -430,7 +430,7 @@
python3 {{ playbook_dir }}/../scripts/update_ssh_config_nixos.py update \
{{ item }} \
{{ nixos_vm_ips[item] }} \
- 22 \
+ {{ ansible_cfg_ssh_port }} \
kdevops \
{{ nixos_ssh_config_file | default(ansible_env.HOME + '/.ssh/config') }} \
{{ ssh_key_path_for_config.stdout | trim }} \
diff --git a/playbooks/roles/guestfs/tasks/bringup/main.yml b/playbooks/roles/guestfs/tasks/bringup/main.yml
index ce7e4122d6e9..81bac7ceb6aa 100644
--- a/playbooks/roles/guestfs/tasks/bringup/main.yml
+++ b/playbooks/roles/guestfs/tasks/bringup/main.yml
@@ -71,7 +71,16 @@
"--hostname", inventory_hostname,
"--ssh-inject", "kdevops:file:" + ssh_key + ".pub",
"--timezone", host_timezone.stdout
- ]
+ ] + (
+ [
+ "--run-command", "sed -i '/^#*Port /d' /etc/ssh/sshd_config",
+ "--append-line", "/etc/ssh/sshd_config:Port " + (ansible_cfg_ssh_port | string),
+ "--firstboot-command", "semanage port -a -t ssh_port_t -p tcp " + (ansible_cfg_ssh_port | string) + " 2>/dev/null || semanage port -m -t ssh_port_t -p tcp " + (ansible_cfg_ssh_port | string) + "; systemctl restart sshd",
+ "--firstboot-command", "if command -v firewall-cmd >/dev/null 2>&1 && systemctl is-enabled firewalld >/dev/null 2>&1; then firewall-cmd --permanent --add-port=" + (ansible_cfg_ssh_port | string) + "/tcp && firewall-cmd --reload; fi",
+ "--firstboot-command", "if command -v ufw >/dev/null 2>&1 && systemctl is-active ufw >/dev/null 2>&1; then ufw allow " + (ansible_cfg_ssh_port | string) + "/tcp; fi"
+ ]
+ if ansible_cfg_ssh_port | int != 22 else []
+ )
}}
- name: Build the root image for each target node (as root)
diff --git a/scripts/update_ssh_config_guestfs.py b/scripts/update_ssh_config_guestfs.py
index 143ff4fc24c4..40f1ccad02b6 100755
--- a/scripts/update_ssh_config_guestfs.py
+++ b/scripts/update_ssh_config_guestfs.py
@@ -21,7 +21,7 @@ from pathlib import Path
ssh_template = """Host {name} {addr}
HostName {addr}
User kdevops
- Port 22
+ Port {port}
IdentityFile {sshkey}
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
@@ -97,6 +97,7 @@ def main():
context = {
"name": name,
"addr": addr,
+ "port": extra_vars.get("ansible_cfg_ssh_port", 22),
"sshkey": f"{extra_vars['guestfs_path']}/{name}/ssh/id_ed25519",
}
sshconf.write(ssh_template.format(**context))
--
2.51.0
next prev parent reply other threads:[~2025-10-02 20:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-02 20:21 [PATCH v1 0/6] Enable users to set an alternate ssh port Chuck Lever
2025-10-02 20:21 ` [PATCH v1 1/6] ansible.cfg: Allow the use of alternate ssh ports Chuck Lever
2025-10-02 20:21 ` [PATCH v1 2/6] base_image: Make the semanage command available on base images Chuck Lever
2025-10-02 20:21 ` [PATCH v1 3/6] guestfs: Refactor the construction of the virt-sysprep command line Chuck Lever
2025-10-02 20:21 ` Chuck Lever [this message]
2025-10-02 20:21 ` [PATCH v1 5/6] terraform: Hoist the AWS cloud-init script into terraform/ Chuck Lever
2025-10-02 20:21 ` [PATCH v1 6/6] terraform: Use the alternate ssh port for Ansible control Chuck Lever
2025-10-02 20:25 ` Chuck Lever
2025-10-03 0:50 ` [PATCH v1 0/6] Enable users to set an alternate ssh port Luis Chamberlain
2025-10-03 13:44 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251002202140.3596787-5-cel@kernel.org \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=kdevops@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.