Sections
Packages and installation
- dropbear_initramfs__base_packages
List of APT packages to install for dropbear_initramfs support.
Supported versions:
dropbear-initramfs
dropbear
dropbear_initramfs__base_packages:
- '{{ "dropbear"
if (ansible_distribution == "Ubuntu" and ansible_distribution_release in ["trusty"])
else "dropbear-initramfs" }}'
- dropbear_initramfs__packages
List of additional APT packages to install during dropbear_initramfs configuration.
dropbear_initramfs__packages: []
- dropbear_initramfs__config_path
Path to dropbear initramfs configuration files.
dropbear_initramfs__config_path: '{{ "/etc/dropbear-initramfs"
if (ansible_distribution_release in ["stretch", "buster", "bullseye"])
else "/etc/dropbear/initramfs" }}'
- dropbear_initramfs__config_file
Path to dropbear initramfs configuration file.
dropbear_initramfs__config_file: '{{ dropbear_initramfs__config_path + "/"
+ ("config"
if (ansible_distribution_release in ["stretch", "buster", "bullseye"])
else "dropbear.conf") }}'
- dropbear_initramfs__deploy_state
What is the desired state which this role should achieve? Possible options:
present
Default. Ensure that dropbear is configured in the initramfs to allow ssh connections.
absent
Ensure that dropbear and related configuration maintained by this role are absent.
dropbear_initramfs__deploy_state: 'present'
Simple initramfs network
Refer to https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt for support configuration options.
Note that the IP
kernel parameter only supports legacy IPv4. But don’t
worry, the role has you covered. Refer to
dropbear_initramfs__interfaces
.
- dropbear_initramfs__network_autoconf
Method to use for autoconfiguration. Use off
or none
for manual
network configuration (see below).
dropbear_initramfs__network_autoconf: 'dhcp'
- dropbear_initramfs__network_device
Default network device.
dropbear_initramfs__network_device: '{{ ansible_default_ipv6.interface
if ansible_default_ipv6.interface | d()
else (ansible_default_ipv4.interface
if ansible_default_ipv4.interface | d()
else "eth0") }}'
- dropbear_initramfs__network_address
Manual network address to set.
dropbear_initramfs__network_address: '{{ ansible_default_ipv4.address }}'
- dropbear_initramfs__network_netmask
Manual subnet mask to set.
dropbear_initramfs__network_netmask: '{{ ansible_default_ipv4.netmask }}'
- dropbear_initramfs__network_gateway
Manual gateway to set.
dropbear_initramfs__network_gateway: '{{ ansible_default_ipv4.gateway }}'
- dropbear_initramfs__network_manual
The IP
kernel parameter used when
dropbear_initramfs__network_autoconf
is disabled.
The ipwrap filter causes IPv6 address to work on some platforms. Refer to: https://serverfault.com/questions/445296/is-there-a-linux-kernel-boot-parameter-to-configure-an-ipv6-address/701451#701451
dropbear_initramfs__network_manual: '{{
(dropbear_initramfs__network_address | ansible.utils.ipwrap) + "::" +
(dropbear_initramfs__network_gateway | ansible.utils.ipwrap) + ":" +
dropbear_initramfs__network_netmask + "::" +
dropbear_initramfs__network_device + ":none" }}'
- dropbear_initramfs__network
The IP
kernel parameter as it is configured by the role.
dropbear_initramfs__network: '{{ dropbear_initramfs__network_manual
if (dropbear_initramfs__network_autoconf in ["off", "none"])
else dropbear_initramfs__network_autoconf }}'
Complex initramfs network
These variables are dictionaries with additional network configuration. See dropbear_initramfs__interfaces documentation for more details.
- dropbear_initramfs__interfaces
Dictionary which holds the configuration of additional network configuration for all hosts in the Ansible inventory.
dropbear_initramfs__interfaces: {}
- dropbear_initramfs__group_interfaces
Dictionary which holds the configuration of additional network configuration for hosts in a specific Ansible inventory group.
dropbear_initramfs__group_interfaces: {}
- dropbear_initramfs__host_interfaces
Dictionary which holds the configuration of additional network configuration for specific hosts in the Ansible inventory.
dropbear_initramfs__host_interfaces: {}
- dropbear_initramfs__combined_interfaces
Dictionary which combines all of the other network interface configuration variables and is used in the role tasks and templates to generate the configuration.
dropbear_initramfs__combined_interfaces: '{{ lookup("template", "lookup/dropbear_initramfs__combined_interfaces.j2", convert_data=False) | from_yaml }}'
Initramfs generation
- dropbear_initramfs__update_options
Additional options for the update-initramfs command. The default is to regenerate the initramfs for all installed kernel versions.
dropbear_initramfs__update_options: '-k all'
Dropbear options
- dropbear_initramfs__port
The port dropbear listens on.
dropbear_initramfs__port: '22'
- dropbear_initramfs__disable_password_login
Disable password login?
dropbear_initramfs__disable_password_login: '{{
True
if dropbear_initramfs__combined_authorized_keys | d()
else False
}}'
- dropbear_initramfs__disable_port_forwarding
Disable local and remote port forwarding?
dropbear_initramfs__disable_port_forwarding: True
- dropbear_initramfs__idle_timeout
Count of seconds after that dropbear times out.
dropbear_initramfs__idle_timeout: '180'
- dropbear_initramfs__max_authentication_attempts
The maximum number of authentication attempts per connection.
dropbear_initramfs__max_authentication_attempts: '10'
- dropbear_initramfs__forced_command
Override the command provided by the user and always run this command.
dropbear_initramfs__forced_command: ''
- dropbear_initramfs__dropbear_options
Set options parsed to dropbear.
dropbear_initramfs__dropbear_options: '{{
"-p " + dropbear_initramfs__port +
(" -g -s" if dropbear_initramfs__disable_password_login | d() else "") +
(" -j -k" if dropbear_initramfs__disable_port_forwarding | d() else "") +
" -I " + dropbear_initramfs__idle_timeout +
" -T " + dropbear_initramfs__max_authentication_attempts +
(" -c " + dropbear_initramfs__forced_command if dropbear_initramfs__forced_command | d() else "")
}}'