first test with ansible

deploy.sh

+#!/bin/bash
+
+# This script is executed on the virtual machine during the *Deployment* phase.
+# It is used to apply parameters specific to the current deployment.
+# It is executed secondly during a cloud deployement in IFB-Biosphere, after the *Installation* phase.
+
+source /etc/profile.d/ifb.sh
+LOCUSER=${LOCUSER:-ubuntu}
+LOCUSER_DIR=`eval echo "~$LOCUSER"`
+
+# Docker params
+# APP_IMG="gitlab-registry.in2p3.fr/ifb-biosphere/apps/<...>"
+
+# Configure  default user
+# IFB_DATADIR is set in profile ‘ifb.sh'
+ln -s $IFB_DATADIR $LOCUSER_DIR/data
+# Allow local user to run docker
+usermod -a -G docker $LOCUSER
+
+# Manage ephemeral disk
+EPHEM_DIR=`df | grep vdb | awk '{print $6}'`
+if [ -n "$EPHEM_DIR" ]; then
+  chown $LOCUSER:$LOCUSER $EPHEM_DIR
+  ln -s $EPHEM_DIR $IFB_DATADIR/mydatalocal
+
+  # Move docker data dir to ephemeral disk
+  DOCKER_DJSON=/etc/docker/daemon.json
+  export DOCKER_DATADIR=${EPHEM_DIR}/docker-data
+  mkdir $DOCKER_DATADIR
+  if [ -e $DOCKER_DJSON ]
+  then
+    curjson="$(jq '."data-root"=env.DOCKER_DATADIR' $DOCKER_DJSON)"
+    echo "${curjson}" > $DOCKER_DJSON
+  else
+    echo -e "{\n  \"data-root\": \"$DOCKER_DATADIR\"\n}" > $DOCKER_DJSON
+  fi
+  systemctl restart docker
+
+else
+  mkdir $IFB_DATADIR/mydatalocal
+fi
+
+# Mount IFB shared volumes
+ifb_sharedvols=$(ss-get --timeout=5 ifb_share_endpoints)
+if [ -n "$ifb_sharedvols" ]; then
+  wget -O /root/config_partages.py https://raw.githubusercontent.com/IFB-ElixirFr/biosphere-commons/master/scripts/utils/config_partages.py
+  python3 /root/config_partages.py $ifb_sharedvols
+  rm /root/config_partages.py
+fi
+
+USER_LOGIN=etudiant
 USER_PASSWORD=$( openssl rand -hex 12 )
-sudo passwd etudiant << EOF
+
+useradd -m -s /bin/bash -g users -G adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev ${USER_LOGIN}
+cp /etc/skel/.* /home/${USER_LOGIN}/
+
+passwd ${USER_LOGIN} << EOF
 ${USER_PASSWORD}
 ${USER_PASSWORD}
 EOF
+
+HOST_NAME=$( ss-get --timeout=3 hostname )
 HTTP_ENDP="https://$HOST_NAME"
 ss-set url.service "${HTTP_ENDP}"
-ss-set ss:url.service "[HTTPS]$HTTP_ENDP,[LOGIN]$etudiant,[PASSWORD]$USER_PASSWORD"
+ss-set ss:url.service "[HTTPS]$HTTP_ENDP,[LOGIN]$USER_LOGIN,[PASSWORD]$USER_PASSWORD"

install.sh

-sudo apt update
-sudo apt install --yes openssl shellinabox
-sudo sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox
-sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
-sudo iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
-sudo iptables-save
-sudo systemctl restart shellinabox
-sudo useradd -m -s /bin/bash -g users -G adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev etudiant
-sudo cp /etc/skel/.* /home/etudiant/
+#!/bin/bash
+
+# This script is executed on the virtual machine during the Installation phase (need to be ran as root!).
+# It is used to record a predefined VM-image of the appliance.
+# Otherwise executed first during a cloud deployement in IFB-Biosphere
+
+# Install Ansible
+export DEBIAN_FRONTEND=noninteractive
+APT_OPT=""
+if [ $(lsb_release -is) = "Debian" ]; then
+    apt-get install -y software-properties-common dirmngr
+	if [ $(lsb_release -cs) = "stretch" ]; then apt-add-repository "deb http://deb.debian.org/debian stretch-backports main"; fi
+	APT_OPT="-t $(lsb_release -cs)-backports --allow-unauthenticated"
+    apt-get -y --allow-unauthenticated dist-upgrade
+elif [ $(lsb_release -cs) != "focal" ]; then
+    apt-add-repository -y ppa:ansible/ansible
+fi
+apt-get update
+apt-get install $APT_OPT -y ansible
+
+# Run app playbook
+ansible-playbook -c local -i 127.0.0.1, -b -e 'ansible_python_interpreter=/usr/bin/python3' ubuntu-shellinabox.yaml
+
+
 
 
 

profile_ifb.sh

+# IFB Bioinformatics environment
+export IFB_MAIN=/ifb
+export IFB_BIN=$IFB_MAIN/bin
+export IFB_DATADIR=$IFB_MAIN/data
+export PATH=$PATH:$IFB_BIN
+

ubuntu-shellinabox.yaml

+- hosts: all
+  tasks:
+
+  - name: Update the system
+    apt:
+      upgrade: dist
+
+  - name: Install requirements
+    apt:
+      name: 
+        - autofs
+        - fail2ban
+        - python3-pip
+        - nfs-common
+        - jq
+        - openssl
+        - shellinabox
+      state: latest
+
+  - name: Remove old Docker version
+    apt:
+      name:
+        - docker
+        - docker-engine
+        - docker.io
+        - containerd
+        - runc
+      state: absent
+
+  - name: Install Docker deps
+    apt:
+      name:
+        - apt-transport-https
+        - ca-certificates
+        - curl
+        - gnupg-agent
+        - software-properties-common
+      state: latest
+
+  - name: Add Docker’s official GPG key
+    apt_key:
+      url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+      state: present
+
+  - name: Add Docker's repository into sources list
+    apt_repository:
+      repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+      state: present
+
+  - name: Install Docker engine community
+    apt:
+      name:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+      state: latest
+
+  - name: Configure shell in a box 
+    shell: sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox
+
+  - name: Configure network
+    shell: iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT && iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT && iptables-save
+sudo systemctl restart shellinabox
+
+  - name: Enable services
+    systemd:
+      name: "{{ item }}" 
+      enabled: yes
+      state: started
+    loop:
+      - docker
+      - fail2ban
+
+  - name: Restart services
+    systemd:
+      name: "{{ item }}" 
+      enabled: yes
+      state: restarted
+    loop:
+      - shellinabox 
+
+  - name: Update pip
+    pip:
+      name: 
+        - pip
+      executable: pip3
+      state: latest
+
+  - name: Install docker-compose
+    pip:
+      name: 
+        - docker-compose
+      executable: pip3
+      state: latest
+
+  - name: Install Miniconda
+    script: miniconda-install.sh
+
+  - name: Copy IFB profile
+    copy:
+      src: profile_ifb.sh
+      dest: /etc/profile.d/ifb.sh
+      owner: root
+      mode: '0644'
+
+  - name: Create IFB root dir and bin
+    shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_BIN
+
+  - name: Create IFB data dir
+    shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_DATADIR
+