mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-25 04:20:18 +01:00
Fix issues found by linters - enable all tests on all repos - remove suppressions
Cleaning up yamllint errors. - Use .yamllint.yml and .yamllint_defaults.yml instead of .yamllint.yaml. - Fix the invalid indentations. Cleaning up ansible-lint errors. - Add "name" to every task. - Use command rather than shell - Add "changed_when: false". - Use '|' instead of '>' for the shell module. - Fix '/bin/sh: line 3: CRYPTO_POLICY: unbound variable'. - Add "set -eu" and "set -o pipefail" if pipefail is available. Note: "pipefail" is not available in "sh" and "dash". - Add "- '306' # Shells that use pipes should set the pipefail option" to .ansible-lint since ansible-lint does not recognize it if it's set in "if set -o | grep pipefail". RHELPLAN-73804
This commit is contained in:
parent
428d390668
commit
6887864d2c
31 changed files with 831 additions and 765 deletions
|
@ -1,2 +1,3 @@
|
||||||
warn_list: # or 'skip_list' to silence them completely │
|
warn_list: # or 'skip_list' to silence them completely │
|
||||||
- '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
|
- '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
|
||||||
|
- '306' # Shells that use pipes should set the pipefail option
|
||||||
|
|
3
.github/workflows/ansible-centos7.yml
vendored
3
.github/workflows/ansible-centos7.yml
vendored
|
@ -6,7 +6,8 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with centos:7
|
- name: ansible check with centos:7
|
||||||
uses: roles-ansible/check-ansible-centos-centos7-action@master
|
uses: roles-ansible/check-ansible-centos-centos7-action@master
|
||||||
|
|
3
.github/workflows/ansible-centos8.yml
vendored
3
.github/workflows/ansible-centos8.yml
vendored
|
@ -6,7 +6,8 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with centos:8
|
- name: ansible check with centos:8
|
||||||
uses: roles-ansible/check-ansible-centos-centos8-action@master
|
uses: roles-ansible/check-ansible-centos-centos8-action@master
|
||||||
|
|
3
.github/workflows/ansible-debian-buster.yml
vendored
3
.github/workflows/ansible-debian-buster.yml
vendored
|
@ -7,7 +7,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with debian:buster (10)
|
- name: ansible check with debian:buster (10)
|
||||||
uses: roles-ansible/check-ansible-debian-buster-action@master
|
uses: roles-ansible/check-ansible-debian-buster-action@master
|
||||||
|
|
3
.github/workflows/ansible-debian-stretch.yml
vendored
3
.github/workflows/ansible-debian-stretch.yml
vendored
|
@ -7,7 +7,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with debian:stretch (9)
|
- name: ansible check with debian:stretch (9)
|
||||||
uses: roles-ansible/check-ansible-debian-stretch-action@master
|
uses: roles-ansible/check-ansible-debian-stretch-action@master
|
||||||
|
|
3
.github/workflows/ansible-debian.yml
vendored
3
.github/workflows/ansible-debian.yml
vendored
|
@ -7,7 +7,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with debian:latest
|
- name: ansible check with debian:latest
|
||||||
uses: roles-ansible/check-ansible-debian-latest-action@master
|
uses: roles-ansible/check-ansible-debian-latest-action@master
|
||||||
|
|
3
.github/workflows/ansible-fedora.yml
vendored
3
.github/workflows/ansible-fedora.yml
vendored
|
@ -7,7 +7,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with fedora:latest
|
- name: ansible check with fedora:latest
|
||||||
uses: roles-ansible/check-ansible-fedora-latest-action@master
|
uses: roles-ansible/check-ansible-fedora-latest-action@master
|
||||||
|
|
9
.github/workflows/ansible-lint.yml
vendored
9
.github/workflows/ansible-lint.yml
vendored
|
@ -6,7 +6,8 @@ jobs:
|
||||||
# test-ansible28:
|
# test-ansible28:
|
||||||
# runs-on: ubuntu-latest
|
# runs-on: ubuntu-latest
|
||||||
# steps:
|
# steps:
|
||||||
# - uses: actions/checkout@v2
|
# - name: checkout PR
|
||||||
|
# uses: actions/checkout@v2
|
||||||
# - name: Lint Ansible Playbook
|
# - name: Lint Ansible Playbook
|
||||||
# uses: ansible/ansible-lint-action@master
|
# uses: ansible/ansible-lint-action@master
|
||||||
# with:
|
# with:
|
||||||
|
@ -17,7 +18,8 @@ jobs:
|
||||||
# test-ansible29:
|
# test-ansible29:
|
||||||
# runs-on: ubuntu-latest
|
# runs-on: ubuntu-latest
|
||||||
# steps:
|
# steps:
|
||||||
# - uses: actions/checkout@v2
|
# - name: checkout PR
|
||||||
|
# uses: actions/checkout@v2
|
||||||
# - name: Lint Ansible Playbook
|
# - name: Lint Ansible Playbook
|
||||||
# uses: ansible/ansible-lint-action@master
|
# uses: ansible/ansible-lint-action@master
|
||||||
# with:
|
# with:
|
||||||
|
@ -28,7 +30,8 @@ jobs:
|
||||||
test-ansible210:
|
test-ansible210:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
- name: Lint Ansible Playbook
|
- name: Lint Ansible Playbook
|
||||||
uses: ansible/ansible-lint-action@master
|
uses: ansible/ansible-lint-action@master
|
||||||
with:
|
with:
|
||||||
|
|
3
.github/workflows/ansible-ubuntu.yml
vendored
3
.github/workflows/ansible-ubuntu.yml
vendored
|
@ -7,7 +7,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
# Important: This sets up your GITHUB_WORKSPACE environment variable
|
||||||
- uses: actions/checkout@v2
|
- name: checkout PR
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: ansible check with ubuntu:latest
|
- name: ansible check with ubuntu:latest
|
||||||
uses: roles-ansible/check-ansible-ubuntu-latest-action@master
|
uses: roles-ansible/check-ansible-ubuntu-latest-action@master
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
# Based on ansible-lint config
|
|
||||||
extends: default
|
|
||||||
|
|
||||||
rules:
|
|
||||||
braces: {max-spaces-inside: 1, level: error}
|
|
||||||
brackets: {max-spaces-inside: 1, level: error}
|
|
||||||
colons: {max-spaces-after: -1, level: error}
|
|
||||||
commas: {max-spaces-after: -1, level: error}
|
|
||||||
comments: disable
|
|
||||||
comments-indentation: disable
|
|
||||||
document-start: disable
|
|
||||||
empty-lines: {max: 3, level: error}
|
|
||||||
hyphens: {level: error}
|
|
||||||
indentation: disable
|
|
||||||
key-duplicates: enable
|
|
||||||
line-length: disable
|
|
||||||
new-line-at-end-of-file: disable
|
|
||||||
new-lines: {type: unix}
|
|
||||||
trailing-spaces: disable
|
|
||||||
truthy: disable
|
|
18
.yamllint.yml
Normal file
18
.yamllint.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
---
|
||||||
|
extends: .yamllint_defaults.yml
|
||||||
|
# possible customizations over the base yamllint config
|
||||||
|
# skip the yaml files in the /tests/ directory
|
||||||
|
# NOTE: If you want to customize `ignore` you'll have to
|
||||||
|
# copy in all of the config from .yamllint.yml, then
|
||||||
|
# add your own - so if you want to just add /tests/ to
|
||||||
|
# be ignored, you'll have to add the ignores from the base
|
||||||
|
ignore: |
|
||||||
|
/.tox/
|
||||||
|
/.github/
|
||||||
|
# /tests/
|
||||||
|
# skip checking line length
|
||||||
|
# NOTE: the above does not apply to `rules` - you do not
|
||||||
|
# have to copy all of the rules from the base config
|
||||||
|
rules:
|
||||||
|
line-length: disable
|
16
.yamllint_defaults.yml
Normal file
16
.yamllint_defaults.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# SPDX-License-Identifier: MIT
|
||||||
|
---
|
||||||
|
ignore: |
|
||||||
|
/.tox/
|
||||||
|
extends: default
|
||||||
|
rules:
|
||||||
|
braces:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
brackets:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
truthy:
|
||||||
|
allowed-values: ["yes", "no", "true", "false"]
|
||||||
|
level: error
|
||||||
|
document-start: disable
|
|
@ -19,10 +19,15 @@
|
||||||
# https://www.ibm.com/developerworks/community/blogs/brian/entry/scripting_the_stop_and_restart_of_src_controlled_processes_on_aix6
|
# https://www.ibm.com/developerworks/community/blogs/brian/entry/scripting_the_stop_and_restart_of_src_controlled_processes_on_aix6
|
||||||
- name: Reload sshd Service (AIX)
|
- name: Reload sshd Service (AIX)
|
||||||
shell: |
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
stopsrc -s sshd
|
stopsrc -s sshd
|
||||||
until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done
|
until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done
|
||||||
startsrc -s sshd
|
startsrc -s sshd
|
||||||
listen: reload_sshd
|
listen: reload_sshd
|
||||||
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- sshd_allow_reload|bool
|
- sshd_allow_reload|bool
|
||||||
- ansible_os_family == 'AIX'
|
- ansible_os_family == 'AIX'
|
||||||
|
|
|
@ -50,14 +50,19 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
block:
|
block:
|
||||||
- name: Make sure hostkeys are available
|
- name: Make sure hostkeys are available
|
||||||
shell: >
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
{% if sshd_sysconfig %}
|
{% if sshd_sysconfig %}
|
||||||
source /etc/sysconfig/sshd;
|
source /etc/sysconfig/sshd
|
||||||
{% endif %}
|
{% endif %}
|
||||||
ssh-keygen -q -t {{ item | regex_search('(rsa|dsa|ecdsa|ed25519)') }} -f {{ item }} -C '' -N ''
|
ssh-keygen -q -t {{ item | regex_search('(rsa|dsa|ecdsa|ed25519)') }} -f {{ item }} -C '' -N ''
|
||||||
args:
|
args:
|
||||||
creates: "{{ item }}"
|
creates: "{{ item }}"
|
||||||
loop: "{{ __sshd_verify_hostkeys | from_json | list }}"
|
loop: "{{ __sshd_verify_hostkeys | from_json | list }}"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Make sure private hostkeys have expected permissions
|
- name: Make sure private hostkeys have expected permissions
|
||||||
file:
|
file:
|
||||||
|
@ -75,14 +80,15 @@
|
||||||
tempfile:
|
tempfile:
|
||||||
state: directory
|
state: directory
|
||||||
register: sshd_test_hostkey
|
register: sshd_test_hostkey
|
||||||
changed_when: False
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- __sshd_hostkeys_from_config | from_json == []
|
- __sshd_hostkeys_from_config | from_json == []
|
||||||
- sshd_config_file != "/etc/ssh/sshd_config"
|
- sshd_config_file != "/etc/ssh/sshd_config"
|
||||||
|
|
||||||
- name: Generate temporary hostkey
|
- name: Generate temporary hostkey
|
||||||
shell: "ssh-keygen -q -t rsa -f {{ sshd_test_hostkey.path }}/rsa_key -C '' -N ''"
|
command: >
|
||||||
changed_when: False
|
ssh-keygen -q -t rsa -f '{{ sshd_test_hostkey.path }}/rsa_key' -C '' -N ''
|
||||||
|
changed_when: false
|
||||||
when: sshd_test_hostkey.path is defined
|
when: sshd_test_hostkey.path is defined
|
||||||
|
|
||||||
- name: Make sure sshd runtime directory is present
|
- name: Make sure sshd runtime directory is present
|
||||||
|
@ -119,7 +125,7 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ sshd_test_hostkey.path }}"
|
path: "{{ sshd_test_hostkey.path }}"
|
||||||
state: absent
|
state: absent
|
||||||
changed_when: False
|
changed_when: false
|
||||||
when: sshd_test_hostkey.path is defined
|
when: sshd_test_hostkey.path is defined
|
||||||
|
|
||||||
- name: Install systemd service files
|
- name: Install systemd service files
|
||||||
|
|
|
@ -6,17 +6,21 @@
|
||||||
tempfile:
|
tempfile:
|
||||||
state: directory
|
state: directory
|
||||||
register: __sshd_test_backup
|
register: __sshd_test_backup
|
||||||
changed_when: False
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- sshd_test_backup_skip is not defined
|
- sshd_test_backup_skip is not defined
|
||||||
|
|
||||||
- name: Backup files
|
- name: Backup files
|
||||||
shell: >
|
shell: |
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
|
set -eu
|
||||||
if test -f {{ item }}; then
|
if test -f {{ item }}; then
|
||||||
mkdir -p {{ __sshd_test_backup.path }}/$(dirname {{ item }});
|
mkdir -p {{ __sshd_test_backup.path }}/$(dirname {{ item }})
|
||||||
cp {{ item }} {{ __sshd_test_backup.path }}/$(dirname {{ item }})
|
cp {{ item }} {{ __sshd_test_backup.path }}/$(dirname {{ item }})
|
||||||
fi
|
fi
|
||||||
changed_when: False
|
changed_when: false
|
||||||
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
||||||
when:
|
when:
|
||||||
- __sshd_test_backup is defined
|
- __sshd_test_backup is defined
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
---
|
---
|
||||||
- name: Restore backed up files and remove what was not present
|
- name: Restore backed up files and remove what was not present
|
||||||
shell: >
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
if test -f {{ __sshd_test_backup.path }}/{{ item }}; then
|
if test -f {{ __sshd_test_backup.path }}/{{ item }}; then
|
||||||
cp {{ __sshd_test_backup.path }}/{{ item }} $(dirname {{ item }})
|
cp {{ __sshd_test_backup.path }}/{{ item }} $(dirname {{ item }})
|
||||||
elif test -f {{ item }}; then
|
elif test -f {{ item }}; then
|
||||||
rm {{ item }}
|
rm {{ item }}
|
||||||
fi
|
fi
|
||||||
changed_when: False
|
changed_when: false
|
||||||
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
loop: "{{ __sshd_test_backup_files | d([]) }}"
|
||||||
when:
|
when:
|
||||||
- __sshd_test_backup is defined
|
- __sshd_test_backup is defined
|
||||||
|
@ -16,7 +20,7 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ __sshd_test_backup.path }}"
|
path: "{{ __sshd_test_backup.path }}"
|
||||||
state: absent
|
state: absent
|
||||||
changed_when: False
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- __sshd_test_backup is defined
|
- __sshd_test_backup is defined
|
||||||
- __sshd_test_backup.path is defined
|
- __sshd_test_backup.path is defined
|
||||||
|
@ -25,7 +29,7 @@
|
||||||
service:
|
service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: reloaded
|
state: reloaded
|
||||||
changed_when: False
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- __sshd_test_backup is defined
|
- __sshd_test_backup is defined
|
||||||
- ansible_virtualization_type|default(None) != 'docker'
|
- ansible_virtualization_type|default(None) != 'docker'
|
||||||
|
|
|
@ -54,11 +54,13 @@
|
||||||
src: "{{ main_sshd_config }}"
|
src: "{{ main_sshd_config }}"
|
||||||
register: config
|
register: config
|
||||||
|
|
||||||
- stat:
|
- name: Get stat of private key
|
||||||
|
stat:
|
||||||
path: /tmp/ssh_host_rsa_key2
|
path: /tmp/ssh_host_rsa_key2
|
||||||
register: privkey
|
register: privkey
|
||||||
|
|
||||||
- stat:
|
- name: Get stat of public key
|
||||||
|
stat:
|
||||||
path: /tmp/ssh_host_rsa_key2.pub
|
path: /tmp/ssh_host_rsa_key2.pub
|
||||||
register: pubkey
|
register: pubkey
|
||||||
|
|
||||||
|
|
|
@ -11,18 +11,24 @@
|
||||||
include_tasks: tasks/backup.yml
|
include_tasks: tasks/backup.yml
|
||||||
|
|
||||||
- name: Show effective configuration before running role (system defaults)
|
- name: Show effective configuration before running role (system defaults)
|
||||||
shell: >
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
if test ! -f /etc/ssh/ssh_host_rsa_key; then
|
if test ! -f /etc/ssh/ssh_host_rsa_key; then
|
||||||
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
||||||
fi;
|
fi
|
||||||
sshd -T
|
sshd -T
|
||||||
register: runtime_before
|
register: runtime_before
|
||||||
|
changed_when: false
|
||||||
- name: Configure sshd
|
- name: Configure sshd
|
||||||
include_role:
|
include_role:
|
||||||
name: ansible-sshd
|
name: ansible-sshd
|
||||||
- name: Show effective configuration after running role (role defaults)
|
- name: Show effective configuration after running role (role defaults)
|
||||||
shell: sshd -T
|
command: sshd -T
|
||||||
register: runtime_after
|
register: runtime_after
|
||||||
|
changed_when: false
|
||||||
- debug:
|
- debug:
|
||||||
var: ansible_facts['distribution']
|
var: ansible_facts['distribution']
|
||||||
- debug:
|
- debug:
|
||||||
|
|
|
@ -25,12 +25,17 @@
|
||||||
register: config
|
register: config
|
||||||
|
|
||||||
- name: Print effective configuration
|
- name: Print effective configuration
|
||||||
shell: >
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
if test ! -f /etc/ssh/ssh_host_rsa_key; then
|
if test ! -f /etc/ssh/ssh_host_rsa_key; then
|
||||||
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
||||||
fi;
|
fi
|
||||||
sshd -T
|
sshd -T
|
||||||
register: runtime
|
register: runtime
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Check the options were not applied
|
- name: Check the options were not applied
|
||||||
# note, the options are in lower-case here
|
# note, the options are in lower-case here
|
||||||
|
|
|
@ -28,18 +28,28 @@
|
||||||
|
|
||||||
- name: Evaluate sysconfig similarly as systemd
|
- name: Evaluate sysconfig similarly as systemd
|
||||||
shell: |
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
source /etc/sysconfig/sshd
|
source /etc/sysconfig/sshd
|
||||||
echo "CP=|$CRYPTO_POLICY|"
|
echo "CP=|${CRYPTO_POLICY:-}|"
|
||||||
echo "RNG=|$SSH_USE_STRONG_RNG|"
|
echo "RNG=|${SSH_USE_STRONG_RNG:-}|"
|
||||||
register: evaluation
|
register: evaluation
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Evaluate sysconfig similarly as systemd on RHEL 8
|
- name: Evaluate sysconfig similarly as systemd on RHEL 8
|
||||||
shell: |
|
shell: |
|
||||||
|
set -eu
|
||||||
|
if set -o | grep pipefail 2>&1 /dev/null ; then
|
||||||
|
set -o pipefail
|
||||||
|
fi
|
||||||
source /etc/crypto-policies/back-ends/opensshserver.config
|
source /etc/crypto-policies/back-ends/opensshserver.config
|
||||||
source /etc/sysconfig/sshd
|
source /etc/sysconfig/sshd
|
||||||
echo "CP=|$CRYPTO_POLICY|"
|
echo "CP=|${CRYPTO_POLICY:-}|"
|
||||||
echo "RNG=|$SSH_USE_STRONG_RNG|"
|
echo "RNG=|${SSH_USE_STRONG_RNG:-}|"
|
||||||
register: evaluation8
|
register: evaluation8
|
||||||
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- ansible_facts['os_family'] == "RedHat"
|
- ansible_facts['os_family'] == "RedHat"
|
||||||
- ansible_facts['distribution_major_version'] == "8"
|
- ansible_facts['distribution_major_version'] == "8"
|
||||||
|
|
Loading…
Reference in a new issue