Merge branch 'release/0.2.4'

This commit is contained in:
Matt Willsher 2015-01-13 17:45:20 +00:00
commit 34490a2927
14 changed files with 58 additions and 12 deletions

View file

@ -1,3 +1,7 @@
0.2.4 13 January 2014 Matt Willsher <matt@willsher.systems>
- Allow reload to be skipped
- Test for OS support
- Documentation improvements
0.2.3 13 January 2014 Matt Willsher <matt@willsher.systems> 0.2.3 13 January 2014 Matt Willsher <matt@willsher.systems>
- Fixed HostbasedAuthentication typo - Fixed HostbasedAuthentication typo
0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems> 0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems>

View file

@ -39,12 +39,24 @@ It will likely work on other flavours and more direct support via suitable
Role variables Role variables
--------------- ---------------
* Unconfigured, this role will provide a sshd_config that matches the OS default, Unconfigured, this role will provide a sshd_config that matches the OS default,
minus the comments and in a different order. minus the comments and in a different order.
* Defaults can be disabled by setting `sshd_skip_defaults: true` * sshd_skip_defaults
* Supports use of a dict to configure items: If set to True, don't apply default values. This means that you must have a
complete set of configuration defaults via either the sshd dict, or sshd_Key
variables. Defaults to *False*.
* sshd_allow_reload
If set to False, a reload of sshd wont happen on change. This can help with
troubleshooting. You'll need to manually reload sshd if you want to apply the
changed configuration. Defaults to *True*.
* sshd
A dict containing configuration. e.g.
```yaml ```yaml
sshd: sshd:
@ -53,15 +65,17 @@ sshd:
- 0.0.0.0 - 0.0.0.0
``` ```
* Simple variables can be used rather than a dict. Simple values override dict * ssh_...
values:
Simple variables can be used rather than a dict. Simple values override dict
values. e.g.:
```yaml ```yaml
sshd_Compression: off sshd_Compression: off
``` ```
* Correctly interprets booleans as yes and no in sshd configuration In all cases, booleans correctly rendered as yes and no in sshd configuration.
* Supports lists for multi line configuration items: Lists can be used for multiline configuration items. e.g.
```yaml ```yaml
sshd_ListenAddress: sshd_ListenAddress:
@ -69,7 +83,20 @@ sshd_ListenAddress:
- '::' - '::'
``` ```
* Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array. Renders as:
```
ListenAddress 0.0.0.0
ListenAddress ::
```
* sshd_match
A list of dicts for a match section. See the example playbook.
* sshd_match_1 through sshd_match_9
A list of dicts or just a dict for a Match section.
Example Playbook Example Playbook
---------------- ----------------

View file

@ -2,6 +2,8 @@
### USER OPTIONS ### USER OPTIONS
# Don't apply OS defaults when set to true # Don't apply OS defaults when set to true
sshd_skip_defaults: false sshd_skip_defaults: false
# If the below is false, don't reload the ssh deamon on change
sshd_allow_reload: yes
# Empty dicts to avoid errors # Empty dicts to avoid errors
sshd: {} sshd: {}
@ -18,3 +20,4 @@ sshd_binary: /usr/sbin/sshd
sshd_service: sshd sshd_service: sshd
sshd_sftp_server: /usr/lib/openssh/sftp-server sshd_sftp_server: /usr/lib/openssh/sftp-server
sshd_defaults: {} sshd_defaults: {}
sshd_os_supported: no

View file

@ -7,3 +7,4 @@
service: service:
name: "{{ sshd_service }}" name: "{{ sshd_service }}"
state: reloaded state: reloaded
when: sshd_allow_reload == True

View file

@ -6,10 +6,13 @@
- "{{ ansible_distribution }}.yml" - "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_os_family }}.yml" - "{{ ansible_os_family }}.yml"
- default.yml
tags: tags:
- sshd - sshd
- name: OS is supported
assert:
that: sshd_os_supported == True
- name: Installed - name: Installed
action: > action: >
{{ ansible_pkg_mgr }} {{ ansible_pkg_mgr }}
@ -37,4 +40,3 @@
state: running state: running
tags: tags:
- sshd - sshd

View file

@ -20,3 +20,4 @@ sshd:
- LC_IDENTIFICATION LC_ALL LANGUAGE - LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS - XMODIFIERS
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
sshd_os_supported: yes

View file

@ -12,3 +12,4 @@ sshd_defaults:
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes UsePAM: yes
UsePrivilegeSeparation: sandbox UsePrivilegeSeparation: sandbox
sshd_os_supported: yes

View file

@ -34,3 +34,4 @@ sshd_defaults:
AcceptEnv: LANG LC_* AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes UsePAM: yes
sshd_os_supported: yes

View file

@ -35,3 +35,4 @@ sshd_defaults:
AcceptEnv: LANG LC_* AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes UsePAM: yes
sshd_os_supported: yes

View file

@ -2,3 +2,4 @@
sshd_config_group: wheel sshd_config_group: wheel
sshd_config_mode: "0644" sshd_config_mode: "0644"
sshd_sftp_server: /usr/libexec/sftp-server sshd_sftp_server: /usr/libexec/sftp-server
sshd_os_supported: yes

View file

@ -18,3 +18,4 @@ sshd_defaults:
- XMODIFIERS - XMODIFIERS
X11Forwarding: yes X11Forwarding: yes
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
sshd_os_supported: yes

View file

@ -22,3 +22,4 @@ sshd_defaults:
- LC_IDENTIFICATION LC_ALL LANGUAGE - LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS - XMODIFIERS
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
sshd_os_supported: yes

View file

@ -33,3 +33,4 @@ sshd_defaults:
AcceptEnv: LANG LC_* AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes UsePAM: yes
sshd_os_supported: yes

View file

@ -35,3 +35,4 @@ sshd_defaults:
AcceptEnv: LANG LC_* AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}" Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes UsePAM: yes
sshd_os_supported: yes