mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 09:00:19 +01:00
Ubuntu 20 already supports drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
parent
cea077a704
commit
84e6a71509
5 changed files with 33 additions and 9 deletions
|
@ -58,4 +58,4 @@
|
||||||
main_sshd_config_path: /etc/ssh/sshd_config.d/
|
main_sshd_config_path: /etc/ssh/sshd_config.d/
|
||||||
when:
|
when:
|
||||||
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
||||||
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 22)
|
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)
|
||||||
|
|
|
@ -135,12 +135,19 @@
|
||||||
- ansible_facts['os_family'] == 'Debian'
|
- ansible_facts['os_family'] == 'Debian'
|
||||||
- ansible_facts['distribution_major_version'] | int < 22
|
- ansible_facts['distribution_major_version'] | int < 22
|
||||||
|
|
||||||
- name: Check Ubuntu 22 defaults are present in the first configuration file
|
- name: Check Ubuntu 20+ defaults are present in the first configuration file
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- "'Include /etc/ssh/sshd_config.d/*.conf' in config3.content | b64decode"
|
- "'Include /etc/ssh/sshd_config.d/*.conf' in config3.content | b64decode"
|
||||||
- "'KbdInteractiveAuthentication no' in config.content | b64decode"
|
|
||||||
- "'UsePAM yes' in config.content | b64decode"
|
- "'UsePAM yes' in config.content | b64decode"
|
||||||
|
when:
|
||||||
|
- ansible_facts['distribution'] == 'Ubuntu'
|
||||||
|
- ansible_facts['distribution_major_version'] | int >= 20
|
||||||
|
|
||||||
|
- name: Check Ubuntu 22+ defaults are present in the first configuration file
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "'KbdInteractiveAuthentication no' in config.content | b64decode"
|
||||||
when:
|
when:
|
||||||
- ansible_facts['distribution'] == 'Ubuntu'
|
- ansible_facts['distribution'] == 'Ubuntu'
|
||||||
- ansible_facts['distribution_major_version'] | int >= 22
|
- ansible_facts['distribution_major_version'] | int >= 22
|
||||||
|
|
|
@ -153,12 +153,19 @@
|
||||||
- ansible_facts['os_family'] == 'Debian'
|
- ansible_facts['os_family'] == 'Debian'
|
||||||
- ansible_facts['distribution_major_version'] | int < 22
|
- ansible_facts['distribution_major_version'] | int < 22
|
||||||
|
|
||||||
- name: Check Ubuntu 22 defaults are present in the first configuration file
|
- name: Check Ubuntu 20+ defaults are present in the first configuration file
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- "'Include /etc/ssh/sshd_config.d/*.conf' in config3.content | b64decode"
|
- "'Include /etc/ssh/sshd_config.d/*.conf' in config3.content | b64decode"
|
||||||
- "'KbdInteractiveAuthentication no' in config.content | b64decode"
|
|
||||||
- "'UsePAM yes' in config.content | b64decode"
|
- "'UsePAM yes' in config.content | b64decode"
|
||||||
|
when:
|
||||||
|
- ansible_facts['distribution'] == 'Ubuntu'
|
||||||
|
- ansible_facts['distribution_major_version'] | int >= 20
|
||||||
|
|
||||||
|
- name: Check Ubuntu 22+ defaults are present in the first configuration file
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "'KbdInteractiveAuthentication no' in config.content | b64decode"
|
||||||
when:
|
when:
|
||||||
- ansible_facts['distribution'] == 'Ubuntu'
|
- ansible_facts['distribution'] == 'Ubuntu'
|
||||||
- ansible_facts['distribution_major_version'] | int >= 22
|
- ansible_facts['distribution_major_version'] | int >= 22
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
when:
|
when:
|
||||||
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
||||||
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 22)
|
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)
|
||||||
|
|
||||||
- name: Create a new configuration in drop-in directory
|
- name: Create a new configuration in drop-in directory
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
|
@ -29,12 +29,12 @@
|
||||||
Ciphers: aes192-ctr
|
Ciphers: aes192-ctr
|
||||||
when:
|
when:
|
||||||
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
||||||
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 22)
|
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)
|
||||||
|
|
||||||
- name: Verify the options are correctly set
|
- name: Verify the options are correctly set
|
||||||
when:
|
when:
|
||||||
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
||||||
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 22)
|
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)
|
||||||
tags: tests::verify
|
tags: tests::verify
|
||||||
block:
|
block:
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
|
|
|
@ -1,15 +1,25 @@
|
||||||
---
|
---
|
||||||
|
__sshd_os_supported: true
|
||||||
|
|
||||||
__sshd_service: ssh
|
__sshd_service: ssh
|
||||||
__sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
|
# Ubuntu 20.04 backported support for drop-in directory so we touch
|
||||||
|
# just the included file with highest priority by default
|
||||||
|
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||||
__sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
|
# the defaults here represent the defaults shipped in the main sshd_config
|
||||||
__sshd_defaults:
|
__sshd_defaults:
|
||||||
|
Include: /etc/ssh/sshd_config.d/*.conf
|
||||||
ChallengeResponseAuthentication: false
|
ChallengeResponseAuthentication: false
|
||||||
UsePAM: true
|
UsePAM: true
|
||||||
X11Forwarding: true
|
X11Forwarding: true
|
||||||
PrintMotd: false
|
PrintMotd: false
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||||
__sshd_os_supported: true
|
|
||||||
__sshd_runtime_directory: sshd
|
__sshd_runtime_directory: sshd
|
||||||
|
|
||||||
|
__sshd_drop_in_dir_mode: '0755'
|
||||||
|
__sshd_main_config_file: /etc/ssh/sshd_config
|
||||||
|
|
Loading…
Reference in a new issue