mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-24 01:20:18 +01:00
Merge branch 'release/0.2.4'
This commit is contained in:
commit
34490a2927
14 changed files with 58 additions and 12 deletions
|
@ -1,3 +1,7 @@
|
||||||
|
0.2.4 13 January 2014 Matt Willsher <matt@willsher.systems>
|
||||||
|
- Allow reload to be skipped
|
||||||
|
- Test for OS support
|
||||||
|
- Documentation improvements
|
||||||
0.2.3 13 January 2014 Matt Willsher <matt@willsher.systems>
|
0.2.3 13 January 2014 Matt Willsher <matt@willsher.systems>
|
||||||
- Fixed HostbasedAuthentication typo
|
- Fixed HostbasedAuthentication typo
|
||||||
0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems>
|
0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems>
|
||||||
|
|
47
README.md
47
README.md
|
@ -39,12 +39,24 @@ It will likely work on other flavours and more direct support via suitable
|
||||||
Role variables
|
Role variables
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
* Unconfigured, this role will provide a sshd_config that matches the OS default,
|
Unconfigured, this role will provide a sshd_config that matches the OS default,
|
||||||
minus the comments and in a different order.
|
minus the comments and in a different order.
|
||||||
|
|
||||||
* Defaults can be disabled by setting `sshd_skip_defaults: true`
|
* sshd_skip_defaults
|
||||||
|
|
||||||
* Supports use of a dict to configure items:
|
If set to True, don't apply default values. This means that you must have a
|
||||||
|
complete set of configuration defaults via either the sshd dict, or sshd_Key
|
||||||
|
variables. Defaults to *False*.
|
||||||
|
|
||||||
|
* sshd_allow_reload
|
||||||
|
|
||||||
|
If set to False, a reload of sshd wont happen on change. This can help with
|
||||||
|
troubleshooting. You'll need to manually reload sshd if you want to apply the
|
||||||
|
changed configuration. Defaults to *True*.
|
||||||
|
|
||||||
|
* sshd
|
||||||
|
|
||||||
|
A dict containing configuration. e.g.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
sshd:
|
sshd:
|
||||||
|
@ -53,15 +65,17 @@ sshd:
|
||||||
- 0.0.0.0
|
- 0.0.0.0
|
||||||
```
|
```
|
||||||
|
|
||||||
* Simple variables can be used rather than a dict. Simple values override dict
|
* ssh_...
|
||||||
values:
|
|
||||||
|
Simple variables can be used rather than a dict. Simple values override dict
|
||||||
|
values. e.g.:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
sshd_Compression: off
|
sshd_Compression: off
|
||||||
```
|
```
|
||||||
|
|
||||||
* Correctly interprets booleans as yes and no in sshd configuration
|
In all cases, booleans correctly rendered as yes and no in sshd configuration.
|
||||||
* Supports lists for multi line configuration items:
|
Lists can be used for multiline configuration items. e.g.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
sshd_ListenAddress:
|
sshd_ListenAddress:
|
||||||
|
@ -69,11 +83,24 @@ sshd_ListenAddress:
|
||||||
- '::'
|
- '::'
|
||||||
```
|
```
|
||||||
|
|
||||||
* Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
|
Renders as:
|
||||||
|
|
||||||
|
```
|
||||||
|
ListenAddress 0.0.0.0
|
||||||
|
ListenAddress ::
|
||||||
|
```
|
||||||
|
|
||||||
|
* sshd_match
|
||||||
|
|
||||||
|
A list of dicts for a match section. See the example playbook.
|
||||||
|
|
||||||
|
* sshd_match_1 through sshd_match_9
|
||||||
|
|
||||||
|
A list of dicts or just a dict for a Match section.
|
||||||
|
|
||||||
Example Playbook
|
Example Playbook
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
|
@ -98,7 +125,7 @@ Example Playbook
|
||||||
|
|
||||||
Results in:
|
Results in:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Ansible managed: ...
|
# Ansible managed: ...
|
||||||
Compression yes
|
Compression yes
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
### USER OPTIONS
|
### USER OPTIONS
|
||||||
# Don't apply OS defaults when set to true
|
# Don't apply OS defaults when set to true
|
||||||
sshd_skip_defaults: false
|
sshd_skip_defaults: false
|
||||||
|
# If the below is false, don't reload the ssh deamon on change
|
||||||
|
sshd_allow_reload: yes
|
||||||
# Empty dicts to avoid errors
|
# Empty dicts to avoid errors
|
||||||
sshd: {}
|
sshd: {}
|
||||||
|
|
||||||
|
@ -18,3 +20,4 @@ sshd_binary: /usr/sbin/sshd
|
||||||
sshd_service: sshd
|
sshd_service: sshd
|
||||||
sshd_sftp_server: /usr/lib/openssh/sftp-server
|
sshd_sftp_server: /usr/lib/openssh/sftp-server
|
||||||
sshd_defaults: {}
|
sshd_defaults: {}
|
||||||
|
sshd_os_supported: no
|
||||||
|
|
|
@ -7,3 +7,4 @@
|
||||||
service:
|
service:
|
||||||
name: "{{ sshd_service }}"
|
name: "{{ sshd_service }}"
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: sshd_allow_reload == True
|
||||||
|
|
|
@ -6,10 +6,13 @@
|
||||||
- "{{ ansible_distribution }}.yml"
|
- "{{ ansible_distribution }}.yml"
|
||||||
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
||||||
- "{{ ansible_os_family }}.yml"
|
- "{{ ansible_os_family }}.yml"
|
||||||
- default.yml
|
|
||||||
tags:
|
tags:
|
||||||
- sshd
|
- sshd
|
||||||
|
|
||||||
|
- name: OS is supported
|
||||||
|
assert:
|
||||||
|
that: sshd_os_supported == True
|
||||||
|
|
||||||
- name: Installed
|
- name: Installed
|
||||||
action: >
|
action: >
|
||||||
{{ ansible_pkg_mgr }}
|
{{ ansible_pkg_mgr }}
|
||||||
|
@ -37,4 +40,3 @@
|
||||||
state: running
|
state: running
|
||||||
tags:
|
tags:
|
||||||
- sshd
|
- sshd
|
||||||
|
|
||||||
|
|
|
@ -20,3 +20,4 @@ sshd:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -12,3 +12,4 @@ sshd_defaults:
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
UsePrivilegeSeparation: sandbox
|
UsePrivilegeSeparation: sandbox
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -34,3 +34,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -35,3 +35,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -2,3 +2,4 @@
|
||||||
sshd_config_group: wheel
|
sshd_config_group: wheel
|
||||||
sshd_config_mode: "0644"
|
sshd_config_mode: "0644"
|
||||||
sshd_sftp_server: /usr/libexec/sftp-server
|
sshd_sftp_server: /usr/libexec/sftp-server
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -18,3 +18,4 @@ sshd_defaults:
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
X11Forwarding: yes
|
X11Forwarding: yes
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -22,3 +22,4 @@ sshd_defaults:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -33,3 +33,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
|
@ -35,3 +35,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
|
sshd_os_supported: yes
|
||||||
|
|
Loading…
Reference in a new issue