Workaround namespace feature also for RHEL6

The OpenSSH 5.3 in RHEL6 is so old it does not support "Match all" so we
need some creative workaround for this old stuff.

tasks/install.yml

@@ -126,7 +126,7 @@
         group: "{{ sshd_config_group }}"
         mode: "{{ sshd_config_mode }}"
         block: |
-          Match all
+          {{ __sshd_compat_match_all }}
           {{ lookup('template', 'sshd_config_snippet.j2') }}
         create: yes
         marker: "# {mark} sshd system role managed block: namespace {{ sshd_config_namespace }}"

tests/tests_config_namespace.yml

@@ -60,17 +60,31 @@
           command: sshd -T -Cuser=nobody,host=example.com,addr=127.0.0.2
           register: nonmatching
 
+        - name: Check content of configuration file (blocks)
+          assert:
+            that:
+              - "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
+              - "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
+          when:
+            - ansible_facts['os_family'] != 'RedHat' or ansible_facts['distribution_major_version'] != '6'
+
+        - name: Check content of configuration file (blocks for RHEL 6)
+          assert:
+            that:
+              - "config.content | b64decode | regex_search('Match address *\\s*AcceptEnv EDITOR')"
+              - "config.content | b64decode | regex_search('Match address *\\s*AcceptEnv LS_COLORS')"
+          when:
+            - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6'
+
         - name: Check content of configuration file
           assert:
             that:
               - "'AcceptEnv EDITOR' in config.content | b64decode"
-              - "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
               - "'PasswordAuthentication yes' in config.content | b64decode"
               - "'Match user root' in config.content | b64decode"
               - "'AllowAgentForwarding no' in config.content | b64decode"
               - "config.content | b64decode | regex_search('Match user root\\s*AllowAgentForwarding no')"
               - "'AcceptEnv LS_COLORS' in config.content | b64decode"
-              - "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
               - "'PasswordAuthentication no' in config.content | b64decode"
               - "'Match Address 127.0.0.1' in config.content | b64decode"
               - "'AllowTcpForwarding no' in config.content | b64decode"

vars/RedHat_6.yml

@@ -22,3 +22,4 @@ __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
+__sshd_compat_match_all: Match address *

vars/main.yml

@@ -5,3 +5,5 @@ __sshd_config_mode: "0600"
 __sshd_hostkey_owner: "root"
 __sshd_hostkey_group: "root"
 __sshd_hostkey_mode: "0600"
+# The OpenSSH 5.3 in RHEL6 does not support "Match all" so we need a workaround
+__sshd_compat_match_all: Match all