libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2025-01-11 01:30:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Create temporary hostkeys for test if there are none

Browse source 
and if we are not writing the main configuration file
This commit is contained in:
Jakub Jelen 2020-11-05 17:02:33 +01:00
parent dd820d1c24
commit 94553a887e
1 changed files with 52 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
tasks/install.yml
View file

@ -22,22 +22,24 @@
notify: reload_sshd notify: reload_sshd
- name: Make sure hostkeys are available and have expected permissions - name: Make sure hostkeys are available and have expected permissions
vars: vars: &share_vars
# This mimics the macro body_option() in sshd_config.j2 # This mimics the macro body_option() in sshd_config.j2
# The explicit to_json filter is needed for Python 2 compatibility # The explicit to_json filter is needed for Python 2 compatibility
__sshd_hostkeys_from_config: >-
{% if sshd_HostKey is defined %}
{{ sshd_HostKey | to_json }}
{% elif sshd['HostKey'] is defined %}
{{ sshd['HostKey'] | to_json }}
{% elif __sshd_defaults['HostKey'] is defined and not sshd_skip_defaults %}
{{ __sshd_defaults['HostKey'] | to_json }}
{% else %}
[]
{% endif %}
__sshd_verify_hostkeys: >- __sshd_verify_hostkeys: >-
{% if not sshd_verify_hostkeys %} {% if not sshd_verify_hostkeys %}
[] []
{% elif sshd_verify_hostkeys == 'auto' %} {% elif sshd_verify_hostkeys == 'auto' %}
{% if sshd_HostKey is defined %} {{ __sshd_hostkeys_from_config }}
{{ sshd_HostKey | to_json}}
{% elif sshd['HostKey'] is defined %}
{{ sshd['HostKey'] | to_json }}
{% elif __sshd_defaults['HostKey'] is defined and not sshd_skip_defaults %}
{{ __sshd_defaults['HostKey'] | to_json }}
{% else %}
[]
{% endif %}
{% else %} {% else %}
{{ sshd_verify_hostkeys | to_json }} {{ sshd_verify_hostkeys | to_json }}
{% endif %} {% endif %}
@ -61,15 +63,46 @@
loop: "{{ __sshd_verify_hostkeys | from_json | list }}" loop: "{{ __sshd_verify_hostkeys | from_json | list }}"
- name: Apply configuration - name: Apply configuration
template: vars:
src: sshd_config.j2 <<: *share_vars
dest: "{{ sshd_config_file }}" block:
owner: "{{ sshd_config_owner }}" - name: Create a temporary hostkey for syntax verification if needed
group: "{{ sshd_config_group }}" tempfile:
mode: "{{ sshd_config_mode }}" state: directory
validate: "{{ sshd_binary }} -t -f %s" register: sshd_test_hostkey
backup: "{{ sshd_backup }}" when:
notify: reload_sshd - __sshd_hostkeys_from_config | from_json == []
- sshd_config_file != "/etc/ssh/sshd_config"
- name: Generate temporary hostkey
shell: "ssh-keygen -q -t rsa -f {{ sshd_test_hostkey.path }}/rsa_key -C '' -N ''"
when: sshd_test_hostkey.path is defined
- name: Create the configuration file
template:
src: sshd_config.j2
dest: "{{ sshd_config_file }}"
owner: "{{ sshd_config_owner }}"
group: "{{ sshd_config_group }}"
mode: "{{ sshd_config_mode }}"
validate: >-
{% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
{% else %}
{{ sshd_binary }} -t -f %s
{% endif %}
backup: "{{ sshd_backup }}"
notify: reload_sshd
rescue:
- name: re-raise the error
fail:
msg: "{{ ansible_failed_result }}"
always:
- name: Remove temporary host keys
file:
path: "{{ sshd_test_hostkey.path }}"
state: absent
when: sshd_test_hostkey.path is defined
- name: Install systemd service files - name: Install systemd service files
block: block: