AIX support for role (including new AIX handler)

2024-11-25 04:20:18 +01:00 · 2019-07-10 12:07:07 -05:00 · 2019-07-10 12:07:07 -05:00 · 53a89b677e
commit 53a89b677e
parent a6652594ba
3 changed files with 34 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -34,6 +34,7 @@ Tested on:
 * EL 6,7 derived distributions
 * Fedora 22, 23
 * OpenBSD 6.0
+* AIX 7.1, 7.2

 It will likely work on other flavours and more direct support via suitable
 [vars/](vars/) files is welcome.
@ -58,14 +59,17 @@ variables. Defaults to *False*.

 If set to False, the service/daemon won't be **managed** at all, i.e. will not
 try to enable on boot or start or reload the service.  Defaults to *True*
-unless running inside a docker container (it is assumed ansible is used during
-build phase).
+unless: Running inside a docker container (it is assumed ansible is used during
+build phase) or AIX (Ansible `service` module does not currently support `enabled` 
+for AIX)

 * `sshd_allow_reload`

 If set to False, a reload of sshd wont happen on change. This can help with
 troubleshooting. You'll need to manually reload sshd if you want to apply the
-changed configuration. Defaults to the same value as ``sshd_manage_service``.
+changed configuration. Defaults to the same value as ``sshd_manage_service``. 
+(Except on AIX, where `sshd_manage_service` is default *False*, but 
+`sshd_allow_reload` is default *True*)

 * `sshd_install_service`

--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -7,4 +7,19 @@
    - sshd_allow_reload|bool
    - ansible_virtualization_type|default(None) != 'docker'
    - ansible_connection != 'chroot'
+    - ansible_os_family != 'AIX'
  listen: reload_sshd
+
+# sshd on AIX cannot be 'reloaded', it must be Stopped+Started.  
+# It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
+# Instead, use a dirty shell script:
+#  https://www.ibm.com/developerworks/community/blogs/brian/entry/scripting_the_stop_and_restart_of_src_controlled_processes_on_aix6
+- name: Reload sshd Service (AIX)
+  shell: |
+    stopsrc -s sshd
+    until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done 
+    startsrc -s sshd
+  listen: reload_sshd
+  when:
+    - sshd_allow_reload|bool
+    - ansible_os_family == 'AIX'
--- a/vars/AIX.yml
+++ b/vars/AIX.yml
@ -0,0 +1,12 @@
+---
+__sshd_config_mode: '0644'
+__sshd_packages: [ ] # sshd is not installed by yum / AIX toolbox for Linux.  You'll need to manually install them using AIX Web Download Packs.
+__sshd_sftp_server: /usr/sbin/sftp-server
+__sshd_config_group: system
+__sshd_defaults:
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes
+
+sshd_install_service: no
+sshd_manage_service: no
+sshd_allow_reload: yes