mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-25 18:10:18 +01:00
Adds ability to install a systemd service
This commit is contained in:
parent
d2ba81107a
commit
5774f7f44f
10 changed files with 158 additions and 57 deletions
|
@ -2,24 +2,38 @@
|
|||
### USER OPTIONS
|
||||
# Don't apply OS defaults when set to true
|
||||
sshd_skip_defaults: false
|
||||
|
||||
# If the below is false, don't manage the service or reload the SSH
|
||||
# daemon at all
|
||||
sshd_manage_service: true
|
||||
|
||||
# If the below is true, also install service files from the templates pointed
|
||||
# to by the `sshd_service_template_*` variables
|
||||
sshd_install_service: false
|
||||
sshd_service_template_service: sshd.service.j2
|
||||
sshd_service_template_at_service: sshd@.service.j2
|
||||
sshd_service_template_socket: sshd.socket.j2
|
||||
|
||||
# If the below is false, don't reload the ssh daemon on change
|
||||
sshd_allow_reload: true
|
||||
|
||||
# Empty dicts to avoid errors
|
||||
sshd: {}
|
||||
|
||||
### VARS DEFAULTS
|
||||
### The following are defaults for OS specific configuration in var files in
|
||||
### this role. They should not be set by role users.
|
||||
sshd_packages: []
|
||||
sshd_config_owner: root
|
||||
sshd_config_group: root
|
||||
sshd_config_mode: "0600"
|
||||
sshd_config_file: /etc/ssh/sshd_config
|
||||
sshd_binary: /usr/sbin/sshd
|
||||
sshd_service: sshd
|
||||
sshd_sftp_server: /usr/lib/openssh/sftp-server
|
||||
sshd_defaults: {}
|
||||
sshd_os_supported: no
|
||||
### this role. They should not be set directly by role users. If you really
|
||||
### need to override them,use the corresponding, unprefixed variables (eg
|
||||
### `sshd_packages` to override __sshd_packages).
|
||||
__sshd_packages: []
|
||||
__sshd_config_owner: root
|
||||
__sshd_config_group: root
|
||||
__sshd_config_mode: "0600"
|
||||
__sshd_config_file: /etc/ssh/sshd_config
|
||||
__sshd_binary: /usr/sbin/sshd
|
||||
__sshd_service: sshd
|
||||
__sshd_sftp_server: /usr/lib/openssh/sftp-server
|
||||
|
||||
### These variables are used by role internals and should not be used.
|
||||
__sshd_defaults: {}
|
||||
__sshd_os_supported: no
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
{% set value = override %}
|
||||
{% elif sshd[key] is defined %}
|
||||
{% set value = sshd[key] %}
|
||||
{% elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||
{% set value = sshd_defaults[key] %}
|
||||
{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||
{% set value = __sshd_defaults[key] %}
|
||||
{% endif %}
|
||||
{{ render_option(key,value) -}}
|
||||
{% endmacro %}
|
||||
|
|
48
tasks/install.yml
Normal file
48
tasks/install.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
|
||||
- name: OS is supported
|
||||
assert:
|
||||
that: __sshd_os_supported == True
|
||||
|
||||
- name: Install ssh packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ sshd_packages }}"
|
||||
|
||||
- name: Configuration
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: "{{ sshd_config_file }}"
|
||||
owner: "{{ sshd_config_owner }}"
|
||||
group: "{{ sshd_config_group }}"
|
||||
mode: "{{ sshd_config_mode }}"
|
||||
validate: "{{ sshd_binary }} -t -f %s"
|
||||
notify: reload_sshd
|
||||
|
||||
- name: Install systemd service files
|
||||
block:
|
||||
- template:
|
||||
src: "{{ sshd_service_template_service }}"
|
||||
dest: "/etc/systemd/system/{{ sshd_service }}.service"
|
||||
notify: reload_sshd
|
||||
- template:
|
||||
src: "{{ sshd_service_template_at_service }}"
|
||||
dest: "/etc/systemd/system/{{ sshd_service }}@.service"
|
||||
notify: reload_sshd
|
||||
- template:
|
||||
src: "{{ sshd_service_template_socket }}"
|
||||
dest: "/etc/systemd/system/{{ sshd_service }}.socket"
|
||||
notify: reload_sshd
|
||||
when: sshd_install_service
|
||||
|
||||
- name: Service enabled and running
|
||||
service:
|
||||
name: "{{ sshd_service }}"
|
||||
enabled: true
|
||||
state: started
|
||||
when: "sshd_manage_service and ansible_virtualization_type|default(None) != 'docker'"
|
||||
|
||||
- name: Register that this role has run
|
||||
set_fact: sshd_has_run=true
|
||||
when: sshd_has_run is not defined
|
|
@ -1,40 +1,5 @@
|
|||
---
|
||||
- name: Set OS dependent variables
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- default.yml
|
||||
|
||||
- name: OS is supported
|
||||
assert:
|
||||
that: sshd_os_supported == True
|
||||
- include_tasks: variables.yml
|
||||
|
||||
- name: Install ssh packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ sshd_packages }}"
|
||||
|
||||
- name: Configuration
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: "{{ sshd_config_file }}"
|
||||
owner: "{{ sshd_config_owner }}"
|
||||
group: "{{ sshd_config_group }}"
|
||||
mode: "{{ sshd_config_mode }}"
|
||||
validate: "{{ sshd_binary }} -t -f %s"
|
||||
notify: reload_sshd
|
||||
|
||||
- name: Service enabled and running
|
||||
service:
|
||||
name: "{{ sshd_service }}"
|
||||
enabled: true
|
||||
state: started
|
||||
when: "sshd_manage_service and ansible_virtualization_type|default(None) != 'docker'"
|
||||
|
||||
- name: Register that this role has run
|
||||
set_fact: sshd_has_run=true
|
||||
when: sshd_has_run is not defined
|
||||
- include_tasks: install.yml
|
||||
|
|
37
tasks/variables.yml
Normal file
37
tasks/variables.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
|
||||
- name: Set OS dependent variables
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- default.yml
|
||||
|
||||
- name: Override OS defaults
|
||||
block:
|
||||
- set_fact:
|
||||
sshd_packages: "{{ __sshd_packages }}"
|
||||
when: sshd_packages is not defined
|
||||
- set_fact:
|
||||
sshd_config_owner: "{{ __sshd_config_owner }}"
|
||||
when: sshd_config_owner is not defined
|
||||
- set_fact:
|
||||
sshd_config_group: "{{ __sshd_config_group }}"
|
||||
when: sshd_config_group is not defined
|
||||
- set_fact:
|
||||
sshd_config_mode: "{{ __sshd_config_mode }}"
|
||||
when: sshd_config_mode is not defined
|
||||
- set_fact:
|
||||
sshd_config_file: "{{ __sshd_config_file }}"
|
||||
when: sshd_config_file is not defined
|
||||
- set_fact:
|
||||
sshd_binary: "{{ __sshd_binary }}"
|
||||
when: sshd_binary is not defined
|
||||
- set_fact:
|
||||
sshd_service: "{{ __sshd_service }}"
|
||||
when: sshd_service is not defined
|
||||
- set_fact:
|
||||
sshd_sftp_server: "{{ __sshd_sftp_server }}"
|
||||
when: sshd_sftp_server is not defined
|
17
templates/sshd.service.j2
Normal file
17
templates/sshd.service.j2
Normal file
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=OpenBSD Secure Shell server
|
||||
|
||||
[Service]
|
||||
ExecStartPre={{ sshd_binary }} -t
|
||||
ExecStart={{ sshd_binary }} -D -f {{ sshd_config_file }}
|
||||
ExecReload={{ sshd_binary }} -t
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartPreventExitStatus=255
|
||||
Type=notify
|
||||
RuntimeDirectory={{ sshd_binary }}
|
||||
RuntimeDirectoryMode=0755
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
11
templates/sshd.socket.j2
Normal file
11
templates/sshd.socket.j2
Normal file
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=OpenBSD Secure Shell server socket
|
||||
Before={{ sshd_service }}.service
|
||||
Conflicts={{sshd_service }}.service
|
||||
|
||||
[Socket]
|
||||
ListenStream=22
|
||||
Accept=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
9
templates/sshd@.service.j2
Normal file
9
templates/sshd@.service.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=OpenBSD Secure Shell server per-connection daemon
|
||||
After=auditd.service
|
||||
|
||||
[Service]
|
||||
ExecStart=-{{ sshd_binary }} -i -f {{ sshd_config_file }}
|
||||
StandardInput=socket
|
||||
RuntimeDirectory={{ sshd_binary }}
|
||||
RuntimeDirectoryMode=0755
|
|
@ -21,8 +21,8 @@
|
|||
{% set value = override %}
|
||||
{% elif sshd[key] is defined %}
|
||||
{% set value = sshd[key] %}
|
||||
{% elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||
{% set value = sshd_defaults[key] %}
|
||||
{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||
{% set value = __sshd_defaults[key] %}
|
||||
{% endif %}
|
||||
{{ render_option(key,value) -}}
|
||||
{% endmacro %}
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
sshd_service: ssh
|
||||
sshd_packages:
|
||||
__sshd_service: ssh
|
||||
__sshd_packages:
|
||||
- openssh-server
|
||||
sshd_config_mode: "0644"
|
||||
sshd_defaults:
|
||||
__sshd_config_mode: "0644"
|
||||
__sshd_defaults:
|
||||
Port: 22
|
||||
Protocol: 2
|
||||
HostKey:
|
||||
|
@ -33,4 +33,4 @@ sshd_defaults:
|
|||
AcceptEnv: LANG LC_*
|
||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||
UsePAM: yes
|
||||
sshd_os_supported: yes
|
||||
__sshd_os_supported: yes
|
||||
|
|
Loading…
Reference in a new issue