Merge branch 'release/0.2.1'

This commit is contained in:
Matt Willsher 2015-01-12 21:43:47 +00:00
commit 284a07de60
6 changed files with 110 additions and 28 deletions

29
.travis.yml Normal file
View file

@ -0,0 +1,29 @@
---
language: python
python: "2.7"
before_install:
# Make sure everything's up to date.
- sudo apt-get update -qq
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the roles syntax
- "ansible-playbook -i tests/inventory tests/test.yml --syntax-check"
# Run the role
- "ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)

View file

@ -1,3 +1,7 @@
0.2.1 12 January 2014 Matt Willsher <matt@willsher.systems>
- Standardise README.md format
- Add basic Travis CI testing
- Add networking metadata type
0.2.0 04 January 2014 Matt Willsher <matt@willsher.systems> 0.2.0 04 January 2014 Matt Willsher <matt@willsher.systems>
- Change var file search order - Change var file search order
- Add Arch Linux defaults (thanks GitHub user @brenix). - Add Arch Linux defaults (thanks GitHub user @brenix).

View file

@ -1,9 +1,38 @@
# Ansible OpenSSH Daemon Role OpenSSH Server
==============
This role configures the OpenSSH daemon. It: This role configures the OpenSSH daemon. It:
- By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting `sshd_skip_defaults: true` * By default configures the SSH daemon with the normal OS defaults.
- Supports use of a dict to configure items: * Works across a variety of UN*X like distributions
* Can be configured by dict or simple variables
* Supports Match sets
* Supports all sshd_config options. Templates are programmatically generated.
(see [meta/make_option_list](meta/make_option_list))
* Tests the sshd_config before reloading sshd.
Requirements
------------
Tested on:
* Ubuntu precise, trusty
* Debian wheezy, jessie
* FreeBSD 10.1
* EL 6,7 derived distributions
It will likely work on other flavours and more direct support via suitable
[vars/](vars/) files is welcome.
Role variables
---------------
* Unconfigured, this role will provide a sshd_config that matches the OS default,
minus the comments and in a different order.
* Defaults can be disabled by setting `sshd_skip_defaults: true`
* Supports use of a dict to configure items:
```yaml ```yaml
sshd: sshd:
@ -12,43 +41,47 @@ sshd:
- 0.0.0.0 - 0.0.0.0
``` ```
- Can use scalars rather than a dict. Scalar values override dict values: * Simple variables can be used rather than a dict. Simple values override dict
values:
```yaml ```yaml
sshd_Compression: off sshd_Compression: off
``` ```
- Correctly interprets booleans as yes and no in sshd configuration * Correctly interprets booleans as yes and no in sshd configuration
- Supports lists for multi line configuration items: * Supports lists for multi line configuration items:
```yaml ```yaml
sshd_ListenAddress: sshd_ListenAddress:
- 0.0.0.0 - 0.0.0.0
- :: - '::'
``` ```
- Tests the sshd_config before reloading sshd * Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
- Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run `./make_option_list >../templates/sshd_config.j2`
- Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
## Complete example Example Playbook
----------------
```yaml ```yaml
--- ---
sshd_skip_defaults: true - hosts: all
sshd: vars:
Compression: true sshd_skip_defaults: true
ListenAddress: sshd:
- "0.0.0.0" Compression: true
- "::" ListenAddress:
GSSAPIAuthentication: no - "0.0.0.0"
Match: - "::"
- Condition: "Group user" GSSAPIAuthentication: no
GSSAPIAuthentication: yes Match:
sshd_UsePrivilegeSeparation: sandbox - Condition: "Group user"
sshd_match: GSSAPIAuthentication: yes
- Condition: "Group xusers" sshd_UsePrivilegeSeparation: sandbox
X11Forwarding: yes sshd_match:
- Condition: "Group xusers"
X11Forwarding: yes
roles:
- role: willshersystems.sshd
``` ```
Results in: Results in:
@ -63,8 +96,16 @@ Match Group user
Match Group xusers Match Group xusers
X11Forwarding yes X11Forwarding yes
``` ```
### Author
Copyright 2014 Matt Willsher License
-------
Code in this repository is licensed under the LGPLv3 license. See LICENSE for full details. LGPLv3
Author
------
Matt Willsher <matt@willsher.systems>
Copyright 2014,2015 Willsher Systems

View file

@ -22,5 +22,6 @@ galaxy_info:
- 6 - 6
- 7 - 7
categories: categories:
- networking
- system - system
dependencies: [] dependencies: []

1
tests/inventory Normal file
View file

@ -0,0 +1 @@
localhost

6
tests/test.yml Normal file
View file

@ -0,0 +1,6 @@
---
- hosts: localhost
remote_user: root
roles:
- ansible-sshd