diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..3c9cae6 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +before_install: + # Make sure everything's up to date. + - sudo apt-get update -qq + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + + +script: + # Check the roles syntax + - "ansible-playbook -i tests/inventory tests/test.yml --syntax-check" + + # Run the role + - "ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) diff --git a/CHANGELOG b/CHANGELOG index f73241c..a4ecf50 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +0.2.1 12 January 2014 Matt Willsher +- Standardise README.md format +- Add basic Travis CI testing +- Add networking metadata type 0.2.0 04 January 2014 Matt Willsher - Change var file search order - Add Arch Linux defaults (thanks GitHub user @brenix). diff --git a/README.md b/README.md index 43b344e..8e845f9 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,38 @@ -# Ansible OpenSSH Daemon Role +OpenSSH Server +============== This role configures the OpenSSH daemon. It: -- By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting `sshd_skip_defaults: true` -- Supports use of a dict to configure items: +* By default configures the SSH daemon with the normal OS defaults. +* Works across a variety of UN*X like distributions +* Can be configured by dict or simple variables +* Supports Match sets +* Supports all sshd_config options. Templates are programmatically generated. + (see [meta/make_option_list](meta/make_option_list)) +* Tests the sshd_config before reloading sshd. + +Requirements +------------ + +Tested on: + +* Ubuntu precise, trusty +* Debian wheezy, jessie +* FreeBSD 10.1 +* EL 6,7 derived distributions + +It will likely work on other flavours and more direct support via suitable +[vars/](vars/) files is welcome. + +Role variables +--------------- + +* Unconfigured, this role will provide a sshd_config that matches the OS default, +minus the comments and in a different order. + +* Defaults can be disabled by setting `sshd_skip_defaults: true` + +* Supports use of a dict to configure items: ```yaml sshd: @@ -12,43 +41,47 @@ sshd: - 0.0.0.0 ``` -- Can use scalars rather than a dict. Scalar values override dict values: +* Simple variables can be used rather than a dict. Simple values override dict +values: ```yaml sshd_Compression: off ``` -- Correctly interprets booleans as yes and no in sshd configuration -- Supports lists for multi line configuration items: +* Correctly interprets booleans as yes and no in sshd configuration +* Supports lists for multi line configuration items: ```yaml sshd_ListenAddress: - 0.0.0.0 - - :: + - '::' ``` -- Tests the sshd_config before reloading sshd -- Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run `./make_option_list >../templates/sshd_config.j2` -- Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array. +* Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array. -## Complete example +Example Playbook +---------------- ```yaml --- -sshd_skip_defaults: true -sshd: - Compression: true - ListenAddress: - - "0.0.0.0" - - "::" - GSSAPIAuthentication: no - Match: - - Condition: "Group user" - GSSAPIAuthentication: yes -sshd_UsePrivilegeSeparation: sandbox -sshd_match: - - Condition: "Group xusers" - X11Forwarding: yes +- hosts: all + vars: + sshd_skip_defaults: true + sshd: + Compression: true + ListenAddress: + - "0.0.0.0" + - "::" + GSSAPIAuthentication: no + Match: + - Condition: "Group user" + GSSAPIAuthentication: yes + sshd_UsePrivilegeSeparation: sandbox + sshd_match: + - Condition: "Group xusers" + X11Forwarding: yes + roles: + - role: willshersystems.sshd ``` Results in: @@ -63,8 +96,16 @@ Match Group user Match Group xusers X11Forwarding yes ``` -### Author -Copyright 2014 Matt Willsher +License +------- -Code in this repository is licensed under the LGPLv3 license. See LICENSE for full details. +LGPLv3 + + +Author +------ + +Matt Willsher + +Copyright 2014,2015 Willsher Systems diff --git a/meta/main.yml b/meta/main.yml index 8c7e101..5515780 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -22,5 +22,6 @@ galaxy_info: - 6 - 7 categories: + - networking - system dependencies: [] diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..17d75e7 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-sshd +