ansible-sshd/tasks/install_service.yml

---
- name: Install systemd service files
  when:
    - sshd_install_service | bool
    - ansible_facts['service_mgr'] == 'systemd' or
      (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7')
  block:
    - name: Install service unit file
      ansible.builtin.template:
        src: "{{ sshd_service_template_service }}"
        dest: "/etc/systemd/system/{{ sshd_service }}.service"
        owner: root
        group: root
        mode: "0644"
      notify: Reload_sshd

    - name: Install instanced service unit file
      ansible.builtin.template:
        src: "{{ sshd_service_template_at_service }}"
        dest: "/etc/systemd/system/{{ sshd_service }}@.service"
        owner: root
        group: root
        mode: "0644"
      notify: Reload_sshd
      when:
        - __sshd_socket_accept | bool

    - name: Install socket unit file
      ansible.builtin.template:
        src: "{{ sshd_service_template_socket }}"
        dest: "/etc/systemd/system/{{ sshd_service }}.socket"
        owner: root
        group: root
        mode: "0644"
      notify: Reload_sshd

- name: Service enabled and running
  ansible.builtin.service:
    name: "{{ sshd_service }}"
    enabled: true
    state: started
  when:
    - sshd_manage_service|bool
    - ansible_facts['virtualization_type'] | default(None) not in __sshd_skip_virt_env
    - ansible_connection != 'chroot'

# Due to ansible bug 21026, cannot use service module on RHEL 7
- name: Enable service in chroot
  ansible.builtin.command: systemctl enable {{ sshd_service }}  # noqa command-instead-of-module
  when:
    - ansible_connection == 'chroot'
    - ansible_facts['os_family'] == 'RedHat'
    - ansible_facts['distribution_major_version'] | int >= 7
  changed_when: true
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`---`
			`- name: Install systemd service files`
Workaround for CentOS7 reporting ansible_facts['service_mgr'] == 'sysvinit' in containers Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2024-02-06 09:43:37 +01:00			`when:`
			`- sshd_install_service \| bool`
			`- ansible_facts['service_mgr'] == 'systemd' or`
			`(ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7')`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`block:`
			`- name: Install service unit file`
Fix various linting issues 2022-06-03 12:22:17 +02:00			`ansible.builtin.template:`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`src: "{{ sshd_service_template_service }}"`
			`dest: "/etc/systemd/system/{{ sshd_service }}.service"`
			`owner: root`
			`group: root`
			`mode: "0644"`
feat: Ubuntu noble (#290) * feat: Add support for Ubuntu Nobel/24.04 LTS * fix: Add missing PrintMotd to Ubuntu 22.04 * fix(tests): Various linting fixes --------- Co-authored-by: Jakub Jelen <jjelen@redhat.com> 2024-06-21 10:12:02 +02:00			`notify: Reload_sshd`
Update service/socket files to match main OS's defaults Specifics: * Debian 12 has no longer the instantiated service using inet, see the following commit: https://salsa.debian.org/ssh-team/openssh/-/commit/0dc73888bbfc17fae04b891ac0c80f35f9c44f48 * I am not matching the Description tag verbosely as I do not find it crucial for functionality. * We generate additional -f switch to the sshd CLI pointing go the main sshd config we manage * The Before=sshd.service in the socket is not generated as I find it unnecessary when we conflict the service. * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I set for all Ubuntu/Debian as it should not hurt. Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2023-10-30 17:51:44 +01:00
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`- name: Install instanced service unit file`
Fix various linting issues 2022-06-03 12:22:17 +02:00			`ansible.builtin.template:`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`src: "{{ sshd_service_template_at_service }}"`
			`dest: "/etc/systemd/system/{{ sshd_service }}@.service"`
			`owner: root`
			`group: root`
			`mode: "0644"`
feat: Ubuntu noble (#290) * feat: Add support for Ubuntu Nobel/24.04 LTS * fix: Add missing PrintMotd to Ubuntu 22.04 * fix(tests): Various linting fixes --------- Co-authored-by: Jakub Jelen <jjelen@redhat.com> 2024-06-21 10:12:02 +02:00			`notify: Reload_sshd`
Update service/socket files to match main OS's defaults Specifics: * Debian 12 has no longer the instantiated service using inet, see the following commit: https://salsa.debian.org/ssh-team/openssh/-/commit/0dc73888bbfc17fae04b891ac0c80f35f9c44f48 * I am not matching the Description tag verbosely as I do not find it crucial for functionality. * We generate additional -f switch to the sshd CLI pointing go the main sshd config we manage * The Before=sshd.service in the socket is not generated as I find it unnecessary when we conflict the service. * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I set for all Ubuntu/Debian as it should not hurt. Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2023-10-30 17:51:44 +01:00			`when:`
			`- __sshd_socket_accept \| bool`

Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`- name: Install socket unit file`
Fix various linting issues 2022-06-03 12:22:17 +02:00			`ansible.builtin.template:`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`src: "{{ sshd_service_template_socket }}"`
			`dest: "/etc/systemd/system/{{ sshd_service }}.socket"`
			`owner: root`
			`group: root`
			`mode: "0644"`
feat: Ubuntu noble (#290) * feat: Add support for Ubuntu Nobel/24.04 LTS * fix: Add missing PrintMotd to Ubuntu 22.04 * fix(tests): Various linting fixes --------- Co-authored-by: Jakub Jelen <jjelen@redhat.com> 2024-06-21 10:12:02 +02:00			`notify: Reload_sshd`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00
			`- name: Service enabled and running`
Fix various linting issues 2022-06-03 12:22:17 +02:00			`ansible.builtin.service:`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`name: "{{ sshd_service }}"`
			`enabled: true`
			`state: started`
			`when:`
			`- sshd_manage_service\|bool`
Add whitespace around the filter symbol Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2024-01-22 16:17:38 +01:00			`- ansible_facts['virtualization_type'] \| default(None) not in __sshd_skip_virt_env`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`- ansible_connection != 'chroot'`

			`# Due to ansible bug 21026, cannot use service module on RHEL 7`
			`- name: Enable service in chroot`
Linting fixes 2022-09-07 10:33:33 +02:00			`ansible.builtin.command: systemctl enable {{ sshd_service }} # noqa command-instead-of-module`
Refactor tasks to separate files based on the context Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2022-05-02 14:39:00 +02:00			`when:`
			`- ansible_connection == 'chroot'`
Support inject_facts_as_vars = false Use facts via ansible_facts only. Made using: git ls-files -z\|grep -z yml\|xargs -0r sed --follow-symlinks -Ei \ "s/ansible_(virtualization_type\|os_family\|distribution\w*)/ansible_facts['\1']/g" 2023-08-05 12:01:19 +02:00			`- ansible_facts['os_family'] == 'RedHat'`
Add whitespace around the filter symbol Signed-off-by: Jakub Jelen <jjelen@redhat.com> 2024-01-22 16:17:38 +01:00			`- ansible_facts['distribution_major_version'] \| int >= 7`
ansible-lint - align with current Ansible recommendations Use `true/false` instead of `yes/no` Ensure use of FQCN for builtin modules Use correct spacing in Jinja expressions All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter Use `ansible.posix.mount` instead of `ansible.builtin.mount` Use `set -o pipefail` with `shell` module where supported by the platform shell Signed-off-by: Rich Megginson <rmeggins@redhat.com> 2023-04-10 22:19:29 +02:00			`changed_when: true`