Add ssh external

roles/docker-cluster/files/etc/ha.d/haresources

@@ -1 +1,2 @@
 node-02 IPaddr::192.168.50.100/24/eth0:0
+node-02 ssh-external

roles/docker-cluster/files/etc/ha.d/resource.d/ssh-external

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+SERVICE=sshd-external
+
+case "$1" in
+  start)
+    systemctl start "${SERVICE}"
+    ;;
+  stop)
+    systemctl stop "${SERVICE}"
+    ;;
+  reload)
+    systemctl reload "${SERVICE}"
+    ;;
+  force-reload)
+    systemctl force-reload "${SERVICE}"
+    ;;
+  restart)
+    systemctl restart "${SERVICE}"
+    ;;
+  status)
+    systemctl status "${SERVICE}"
+    ;;
+  *)
+    echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|status}" || true
+    exit 1
+    ;;
+esac

roles/docker-cluster/files/lib/systemd/system/sshd-external.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenBSD Secure Shell server
+After=network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/sbin/sshd -t
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
+ExecReload=/usr/sbin/sshd -t
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartPreventExitStatus=255
+Type=notify
+
+[Install]
+WantedBy=multi-user.target
+Alias=sshd-external.service

roles/docker-cluster/tasks/main.yml

@@ -11,4 +11,6 @@
 
 - import_tasks: hostfile.yml
 
-- import_tasks: docker-watcher.yml
+- import_tasks: docker-watcher.yml
+
+- import_tasks: ssh-external.yml

roles/docker-cluster/tasks/ssh-external.yml

@@ -0,0 +1,24 @@
+---
+- become: yes
+  block:
+    - name: copy config
+      copy:
+        owner: root
+        group: root
+        mode: 0600
+        directory_mode: yes
+        src: etc/ssh
+        dest: /etc
+
+    - name: copy ha.d resource ssh-external
+      copy:
+        owner: root
+        group: root
+        mode: 0755
+        src: etc/ha.d/resource.d/ssh-external
+        dest: /etc/ha.d/resource.d/ssh-external
+
+    - name: add systemd service
+      copy:
+        src: lib/systemd/system/sshd-external.service
+        dest: /lib/systemd/system/sshd-external.service