mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-01 07:00:17 +01:00
Merge pull request #233 from richm/firewall-platform-support
This commit is contained in:
commit
4c629407d7
2 changed files with 28 additions and 13 deletions
1
.github/workflows/ansible-centos-check.yml
vendored
1
.github/workflows/ansible-centos-check.yml
vendored
|
@ -22,6 +22,7 @@ jobs:
|
||||||
tests/tasks/restore.yml
|
tests/tasks/restore.yml
|
||||||
tests/tests_duplicate_role.yml
|
tests/tests_duplicate_role.yml
|
||||||
tests/tests_os_defaults.yml
|
tests/tests_os_defaults.yml
|
||||||
|
tests/tests_firewall_selinux.yml
|
||||||
- run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml"
|
- run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml"
|
||||||
|
|
||||||
- name: ansible check with centos 6
|
- name: ansible check with centos 6
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Test managing firewall and selinux from role
|
- name: Test managing firewall and selinux from role
|
||||||
hosts: all
|
hosts: all
|
||||||
|
gather_facts: true # needs os_family, etc.
|
||||||
vars:
|
vars:
|
||||||
__sshd_test_backup_files:
|
__sshd_test_backup_files:
|
||||||
- /etc/ssh/sshd_config
|
- /etc/ssh/sshd_config
|
||||||
|
@ -9,6 +10,23 @@
|
||||||
- name: "Backup configuration files"
|
- name: "Backup configuration files"
|
||||||
ansible.builtin.include_tasks: tasks/backup.yml
|
ansible.builtin.include_tasks: tasks/backup.yml
|
||||||
|
|
||||||
|
- name: Call role with no args to get access to __sshd_skip_virt_env
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: ansible-sshd
|
||||||
|
public: true
|
||||||
|
vars:
|
||||||
|
sshd_enable: false # skip everything but loading vars
|
||||||
|
|
||||||
|
- name: See if we can test firewall or selinux
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
sshd_enable: true # reset to true
|
||||||
|
__sshd_test_firewall: "{{ ansible_facts['os_family'] == 'RedHat' and
|
||||||
|
ansible_facts['distribution_version'] is version('7', '>=') and
|
||||||
|
ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
|
||||||
|
__sshd_test_selinux: "{{ ansible_facts['os_family'] == 'RedHat' and
|
||||||
|
ansible_facts['distribution_version'] is version('6', '>=') and
|
||||||
|
ansible_virtualization_type | d(None) not in __sshd_skip_virt_env }}"
|
||||||
|
|
||||||
##########
|
##########
|
||||||
# First test: default port
|
# First test: default port
|
||||||
##########
|
##########
|
||||||
|
@ -16,8 +34,8 @@
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ansible-sshd
|
name: ansible-sshd
|
||||||
vars:
|
vars:
|
||||||
sshd_manage_selinux: true
|
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
|
||||||
sshd_manage_firewall: true
|
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
|
||||||
sshd:
|
sshd:
|
||||||
Port: 22
|
Port: 22
|
||||||
|
|
||||||
|
@ -45,8 +63,8 @@
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ansible-sshd
|
name: ansible-sshd
|
||||||
vars:
|
vars:
|
||||||
sshd_manage_firewall: true
|
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
|
||||||
sshd_manage_selinux: true
|
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
|
||||||
sshd:
|
sshd:
|
||||||
Port: 222
|
Port: 222
|
||||||
|
|
||||||
|
@ -73,8 +91,8 @@
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ansible-sshd
|
name: ansible-sshd
|
||||||
vars:
|
vars:
|
||||||
sshd_manage_firewall: true
|
sshd_manage_firewall: "{{ __sshd_test_firewall }}"
|
||||||
sshd_manage_selinux: true
|
sshd_manage_selinux: "{{ __sshd_test_selinux }}"
|
||||||
sshd:
|
sshd:
|
||||||
Port:
|
Port:
|
||||||
- 22
|
- 22
|
||||||
|
@ -109,13 +127,11 @@
|
||||||
firewall:
|
firewall:
|
||||||
- port: "222/tcp"
|
- port: "222/tcp"
|
||||||
state: disabled
|
state: disabled
|
||||||
when:
|
when: __sshd_test_firewall
|
||||||
- ansible_facts['os_family'] == 'RedHat'
|
|
||||||
- ansible_virtualization_type | default(None) not in __sshd_skip_virt_env
|
|
||||||
|
|
||||||
- name: Remove the modification to the selinux policy
|
- name: Remove the modification to the selinux policy
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: fedora.linux_system_roles.firewall
|
name: fedora.linux_system_roles.selinux
|
||||||
vars:
|
vars:
|
||||||
selinux:
|
selinux:
|
||||||
port: 222
|
port: 222
|
||||||
|
@ -123,6 +139,4 @@
|
||||||
setype: ssh_port_t
|
setype: ssh_port_t
|
||||||
state: absent
|
state: absent
|
||||||
local: true
|
local: true
|
||||||
when:
|
when: __sshd_test_selinux
|
||||||
- ansible_facts['os_family'] == 'RedHat'
|
|
||||||
- ansible_virtualization_type | default(None) not in __sshd_skip_virt_env
|
|
||||||
|
|
Loading…
Reference in a new issue