2020-11-20 23:12:48 +01:00
|
|
|
---
|
|
|
|
- hosts: all
|
|
|
|
vars:
|
|
|
|
__sshd_test_backup_files:
|
|
|
|
- /etc/ssh/sshd_config
|
|
|
|
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
|
|
- /etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
tasks:
|
2021-04-07 20:12:03 +02:00
|
|
|
- name: Backup configuration files
|
|
|
|
include_tasks: tasks/backup.yml
|
2020-11-20 23:12:48 +01:00
|
|
|
|
2021-04-07 20:12:03 +02:00
|
|
|
- name: Show effective configuration before running role (system defaults)
|
|
|
|
shell: |
|
|
|
|
set -eu
|
|
|
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
|
|
|
set -o pipefail
|
|
|
|
fi
|
|
|
|
if test ! -f /etc/ssh/ssh_host_rsa_key; then
|
|
|
|
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
|
|
|
fi
|
|
|
|
sshd -T
|
|
|
|
register: runtime_before
|
|
|
|
changed_when: false
|
|
|
|
- name: Configure sshd
|
|
|
|
include_role:
|
|
|
|
name: ansible-sshd
|
|
|
|
- name: Show effective configuration after running role (role defaults)
|
|
|
|
command: sshd -T
|
|
|
|
register: runtime_after
|
|
|
|
changed_when: false
|
|
|
|
- name: Check that the effective configuration did not change from OS defaults
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- runtime_before.stdout == runtime_after.stdout
|
|
|
|
when:
|
|
|
|
- not (ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6')
|
2020-11-20 23:12:48 +01:00
|
|
|
|
2021-04-07 20:12:03 +02:00
|
|
|
- name: Restore configuration files
|
|
|
|
include_tasks: tasks/restore.yml
|