2023-10-30 14:27:37 +01:00
|
|
|
---
|
|
|
|
- name: Test runtime directory
|
|
|
|
hosts: all
|
|
|
|
vars:
|
|
|
|
__sshd_test_backup_files:
|
|
|
|
- /etc/ssh/sshd_config
|
|
|
|
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
|
|
- /etc/systemd/system/sshd.service
|
|
|
|
- /etc/systemd/system/sshd@.service
|
|
|
|
- /etc/systemd/system/sshd.socket
|
|
|
|
- /etc/systemd/system/ssh.service
|
|
|
|
- /etc/systemd/system/ssh@.service
|
|
|
|
- /etc/systemd/system/ssh.socket
|
|
|
|
tasks:
|
|
|
|
- name: Backup configuration files
|
|
|
|
ansible.builtin.include_tasks: tasks/backup.yml
|
|
|
|
|
|
|
|
- name: Configure sshd with default options and install service
|
|
|
|
ansible.builtin.include_role:
|
|
|
|
name: ansible-sshd
|
|
|
|
vars:
|
|
|
|
sshd_install_service: true
|
|
|
|
|
2024-01-29 18:55:43 +01:00
|
|
|
- name: Verify the runtime directory is created on Debian
|
2023-10-30 14:27:37 +01:00
|
|
|
tags: tests::verify
|
|
|
|
when:
|
|
|
|
- ansible_facts['os_family'] == "Debian"
|
|
|
|
block:
|
|
|
|
- name: Stat the default runtime directory
|
|
|
|
ansible.builtin.stat:
|
|
|
|
path: /run/sshd
|
|
|
|
register: run_stat
|
|
|
|
|
|
|
|
- name: Check the runtime directory is present
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- run_stat.stat.isdir
|
|
|
|
- run_stat.stat.mode == "0755"
|
|
|
|
|
|
|
|
- name: Read the main service file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/ssh.service
|
|
|
|
register: service
|
|
|
|
|
|
|
|
- name: Read the instantiated service file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/ssh@.service
|
2023-10-30 17:51:44 +01:00
|
|
|
when:
|
|
|
|
- ansible_facts['distribution_major_version'] | int < 12
|
2023-10-30 14:27:37 +01:00
|
|
|
register: service_inst
|
|
|
|
|
|
|
|
- name: Read the main socket file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/ssh.socket
|
|
|
|
register: socket
|
|
|
|
|
|
|
|
- name: Check the runtime directory is in service files
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- '"RuntimeDirectory=sshd" in service.content | b64decode'
|
|
|
|
- '"RuntimeDirectoryMode=0755" in service.content | b64decode'
|
2023-10-30 17:51:44 +01:00
|
|
|
|
|
|
|
- name: Check the runtime directory is in instantiated service files
|
|
|
|
when:
|
|
|
|
- ansible_facts['distribution_major_version'] | int < 12
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
2023-10-30 14:27:37 +01:00
|
|
|
- '"RuntimeDirectory=sshd" in service_inst.content | b64decode'
|
|
|
|
- '"RuntimeDirectoryMode=0755" in service_inst.content | b64decode'
|
|
|
|
|
|
|
|
- name: Verify the RuntimeDirectory is not placed into services when empty
|
|
|
|
tags: tests::verify
|
|
|
|
when:
|
|
|
|
- ansible_facts['os_family'] != "Debian" and ansible_facts['service_mgr'] == 'systemd'
|
|
|
|
block:
|
|
|
|
- name: Read the main service file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/sshd.service
|
|
|
|
register: service
|
|
|
|
|
|
|
|
- name: Read the instantiated service file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/sshd@.service
|
|
|
|
register: service_inst
|
|
|
|
|
|
|
|
- name: Read the main socket file
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/systemd/system/sshd.socket
|
|
|
|
register: socket
|
|
|
|
|
|
|
|
- name: Check the runtime directory is in service files
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- '"RuntimeDirectory=" not in service.content | b64decode'
|
|
|
|
- '"RuntimeDirectoryMode=" not in service.content | b64decode'
|
|
|
|
- '"RuntimeDirectory=" not in service_inst.content | b64decode'
|
|
|
|
- '"RuntimeDirectoryMode=" not in service_inst.content | b64decode'
|
|
|
|
|
2024-01-29 18:55:43 +01:00
|
|
|
- name: Verify the runtime directory is not created in wrong places
|
2023-10-30 14:27:37 +01:00
|
|
|
tags: tests::verify
|
|
|
|
block:
|
|
|
|
- name: Stat the home directory for the runtime directory
|
|
|
|
ansible.builtin.stat:
|
|
|
|
path: ~/sshd
|
|
|
|
register: home_stat
|
|
|
|
|
|
|
|
- name: Stat the /run/~ for the runtime directory
|
|
|
|
ansible.builtin.stat:
|
|
|
|
path: /run/~
|
|
|
|
register: run_user_stat
|
|
|
|
|
|
|
|
- name: Check the wrong runtime directory is not present
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- not home_stat.stat.exists
|
|
|
|
- not run_user_stat.stat.exists
|
|
|
|
|
|
|
|
- name: "Restore configuration files"
|
|
|
|
ansible.builtin.include_tasks: tasks/restore.yml
|