| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- - docker_container:
- name: '{{ mysqldump_sshd_container_name }}'
- image: '{{ mysqldump_sshd_container_image }}'
- env:
- SSH_CLIENT_PUBLIC_KEYS: '{{ mysqldump_sshd_client_public_keys }}'
- MYSQLDUMP_ARGS: '{{ mysqldump_sshd_mysqldump_args }}'
- read_only: yes
- mounts:
- - type: volume
- source: '{{ mysqldump_sshd_container_name }}_host_keys'
- target: /etc/ssh/host_keys
- read_only: no
- - type: tmpfs
- target: /home/dump/.ssh # authorized_keys
- tmpfs_size: 16k
- # > Fails in subsequent container starts.
- # https://github.com/moby/moby/issues/20437
- tmpfs_mode: '1777'
- networks: [name: '{{ mysqldump_sshd_network_name }}']
- purge_networks: yes
- published_ports: ['0.0.0.0:{{ mysqldump_sshd_published_port }}:2200']
- cap_drop: [ALL]
- security_opts: [no-new-privileges]
- cpu_quota: 2000
- cpu_period: 10000
- memory: 64M
- restart_policy: unless-stopped
- state: started
- register: _container
- - name: wait for host keys
- wait_for:
- path: >-
- {{ (_container.container.Mounts
- | items2dict(key_name='Destination', value_name='Source'))
- ['/etc/ssh/host_keys'] }}/{{ item }}.pub
- loop: [rsa, ed25519]
- register: _host_keys_files
- - name: read host keys
- slurp:
- src: '{{ item }}'
- loop: "{{ _host_keys_files.results | map(attribute='path') | list }}"
- register: _host_keys_base64
- - name: decode host keys
- set_fact:
- mysqldump_sshd_host_keys: >-
- {{ _host_keys_base64.results | map(attribute='content') | map('b64decode') | map('trim') | list }}
|
