mailbackup-relay.s2i2s.cloud.isti.cnr.it: use a newer almalinux 9 image.

2026-06-15 21:50:12 +02:00 · 2026-06-15 21:50:12 +02:00 · 9bcd928d96
parent 2465ab0913
commit 9bcd928d96
3 changed files with 35 additions and 3 deletions
--- a/modules/labs_common_variables/variables.tf
+++ b/modules/labs_common_variables/variables.tf
@ -67,8 +67,8 @@ variable "centos_7" {
 variable "almalinux_9" {
  type = map(string)
  default = {
-    name           = "AlmaLinux-9.0-20220718"
-    uuid           = "541650fc-dd19-4f38-bb1d-7333ed9dd688"
+    name           = "AlmaLinux-9.8 20260526"
+    uuid           = "172f1c52-fa06-4d7d-9db7-0735ab6ef403"
    user_data_file = "../../s2i2s_openstack_vm_data_scripts/almalinux9.sh"
  }
 }
--- a/s2i2s/mailbackup-relay/terraform.tfstate
+++ b/s2i2s/mailbackup-relay/terraform.tfstate
--- a/s2i2s_openstack_vm_data_scripts/almalinux9.sh
+++ b/s2i2s_openstack_vm_data_scripts/almalinux9.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+
+# The AlmaLinux-9.0-20220718 cloud image loses an early-boot race between
+# sshd.service and sshd-keygen.target on first boot: sshd tries to start
+# before the host keys exist and fails. cloud-init usually rescues it later,
+# but that recovery is not guaranteed (e.g. it is skipped on `server rebuild`,
+# which keeps the instance-id). Make it deterministic: (re)generate any
+# missing host keys and (re)start sshd. Both commands are idempotent —
+# ssh-keygen -A never overwrites existing keys.
+/usr/bin/ssh-keygen -A
+/usr/bin/systemctl enable sshd
+/usr/bin/systemctl restart sshd
+
+dnf -y install python3 policycoreutils-python-utils
+
+/sbin/useradd --system --home-dir /srv/ansible -m --shell /bin/bash -c "Used for the Ansible provisioning tasks" ansible
+
+# SSH keys of users authorized to execute ansible playbooks.
+# The ones in the example belong to Andrea Dell'Amico and Tommaso Piccioli.
+# Feel free to add yours if you are entitled to run the ansible provisioning on that server
+
+mkdir /srv/ansible/.ssh
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom" > /srv/ansible/.ssh/authorized_keys
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente" >> /srv/ansible/.ssh/authorized_keys
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5al6w7Lsm2hVP5Ak3y1YVuqB02vrCvlNQSjF3+y4U/KwSsLDk0EtK6cZQuplehVK+XkdiIxECTokyvwulfHSMa25p8l4bjUA44TTdeWlHjcFgt2SFXbSeAY/XeoukKlafccKqVF0ySrKIIQj94oWIB15qIZMSg8HVIU6XtpHjlF2w8K+YrzmDnU3hs+f1bHp9gi5Q2JKVqm3ZIiUIvb1bYGNq7rdMf0xjAn1ZGuvmEIRSwqR8YMtyIHnrPsMh+sdnV3PosyUQRt/b74Df/ufvJ2t9QBlOprrCQxWibcjYktDOBP4AT5he3giXjz51FJqx7hEj2ISVSiwln5G/cPor franca@Mac.local" >> /srv/ansible/.ssh/authorized_keys
+/bin/chown -R ansible:ansible /srv/ansible
+/bin/chmod 700 /srv/ansible/.ssh
+mkdir -p /etc/sudoers.d
+echo "ansible ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ansible-user
+/bin/chmod 600 /etc/sudoers.d/ansible-user
+
+semanage fcontext -a -e /home /srv/ansible ; restorecon -vR /srv/ansible