mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 09:00:19 +01:00
Create temporary hostkeys for test if there are none
and if we are not writing the main configuration file
This commit is contained in:
parent
dd820d1c24
commit
94553a887e
1 changed files with 52 additions and 19 deletions
|
@ -22,22 +22,24 @@
|
|||
notify: reload_sshd
|
||||
|
||||
- name: Make sure hostkeys are available and have expected permissions
|
||||
vars:
|
||||
vars: &share_vars
|
||||
# This mimics the macro body_option() in sshd_config.j2
|
||||
# The explicit to_json filter is needed for Python 2 compatibility
|
||||
__sshd_hostkeys_from_config: >-
|
||||
{% if sshd_HostKey is defined %}
|
||||
{{ sshd_HostKey | to_json }}
|
||||
{% elif sshd['HostKey'] is defined %}
|
||||
{{ sshd['HostKey'] | to_json }}
|
||||
{% elif __sshd_defaults['HostKey'] is defined and not sshd_skip_defaults %}
|
||||
{{ __sshd_defaults['HostKey'] | to_json }}
|
||||
{% else %}
|
||||
[]
|
||||
{% endif %}
|
||||
__sshd_verify_hostkeys: >-
|
||||
{% if not sshd_verify_hostkeys %}
|
||||
[]
|
||||
{% elif sshd_verify_hostkeys == 'auto' %}
|
||||
{% if sshd_HostKey is defined %}
|
||||
{{ sshd_HostKey | to_json}}
|
||||
{% elif sshd['HostKey'] is defined %}
|
||||
{{ sshd['HostKey'] | to_json }}
|
||||
{% elif __sshd_defaults['HostKey'] is defined and not sshd_skip_defaults %}
|
||||
{{ __sshd_defaults['HostKey'] | to_json }}
|
||||
{% else %}
|
||||
[]
|
||||
{% endif %}
|
||||
{{ __sshd_hostkeys_from_config }}
|
||||
{% else %}
|
||||
{{ sshd_verify_hostkeys | to_json }}
|
||||
{% endif %}
|
||||
|
@ -61,15 +63,46 @@
|
|||
loop: "{{ __sshd_verify_hostkeys | from_json | list }}"
|
||||
|
||||
- name: Apply configuration
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: "{{ sshd_config_file }}"
|
||||
owner: "{{ sshd_config_owner }}"
|
||||
group: "{{ sshd_config_group }}"
|
||||
mode: "{{ sshd_config_mode }}"
|
||||
validate: "{{ sshd_binary }} -t -f %s"
|
||||
backup: "{{ sshd_backup }}"
|
||||
notify: reload_sshd
|
||||
vars:
|
||||
<<: *share_vars
|
||||
block:
|
||||
- name: Create a temporary hostkey for syntax verification if needed
|
||||
tempfile:
|
||||
state: directory
|
||||
register: sshd_test_hostkey
|
||||
when:
|
||||
- __sshd_hostkeys_from_config | from_json == []
|
||||
- sshd_config_file != "/etc/ssh/sshd_config"
|
||||
|
||||
- name: Generate temporary hostkey
|
||||
shell: "ssh-keygen -q -t rsa -f {{ sshd_test_hostkey.path }}/rsa_key -C '' -N ''"
|
||||
when: sshd_test_hostkey.path is defined
|
||||
|
||||
- name: Create the configuration file
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: "{{ sshd_config_file }}"
|
||||
owner: "{{ sshd_config_owner }}"
|
||||
group: "{{ sshd_config_group }}"
|
||||
mode: "{{ sshd_config_mode }}"
|
||||
validate: >-
|
||||
{% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
|
||||
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
|
||||
{% else %}
|
||||
{{ sshd_binary }} -t -f %s
|
||||
{% endif %}
|
||||
backup: "{{ sshd_backup }}"
|
||||
notify: reload_sshd
|
||||
rescue:
|
||||
- name: re-raise the error
|
||||
fail:
|
||||
msg: "{{ ansible_failed_result }}"
|
||||
always:
|
||||
- name: Remove temporary host keys
|
||||
file:
|
||||
path: "{{ sshd_test_hostkey.path }}"
|
||||
state: absent
|
||||
when: sshd_test_hostkey.path is defined
|
||||
|
||||
- name: Install systemd service files
|
||||
block:
|
||||
|
|
Loading…
Reference in a new issue