From ad399343c9568f6f496be6159a6ca4893169a579 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 27 May 2021 15:26:59 +0200 Subject: [PATCH] Skip defaults when appending configuration --- README.md | 33 ++++++++++++++++++++++++++++++-- examples/example-accept-env.yml | 1 - tasks/install.yml | 2 ++ tests/tests_namespace_append.yml | 2 -- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e0ea982..6200b44 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,8 @@ If set to *false*, the role will be completely disabled. Defaults to *true*. If set to *true*, don't apply default values. This means that you must have a complete set of configuration defaults via either the `sshd` dict, or -`sshd_Key` variables. Defaults to *false*. +`sshd_Key` variables. Defaults to *false* unless `sshd_namespace_append` is +set. * `sshd_manage_service` @@ -161,7 +162,8 @@ This is useful mostly when generating configuration snippets to Include. By default (*null*), the role defines whole content of the configuration file including system defaults. You can use this variable to invoke this role from other roles or from multiple places in a single playbook on systems that do not -support drop-in directory. +support drop-in directory. The `sshd_skip_defaults` is ignored and no system +defaults are used in this case. When this variable is set, the role places the configuration that you specify to configuration snippets in a existing configuration file under the given @@ -301,6 +303,33 @@ for example: X11Forwarding: yes ``` +You can just append a configuration snippet with the `sshd_namespace_append` +option: +``` +--- +- hosts: all + tasks: + - name: Configure sshd to accept some useful environment variables + include_role: + name: ansible-sshd + vars: + sshd_namespace_append: accept-env + sshd: + # there are some handy environment variables to accept + AcceptEnv: + LANG + LS_COLORS + EDITOR +``` +The following snippet will be appended to the default configuration file: +``` +# BEGIN sshd system role managed block: namespace accept-env +Match all + AcceptEnv LANG LS_COLORS EDITOR +# END sshd system role managed block: namespace accept-env +``` + + More example playbooks can be found in [`examples/`](examples/) directory. Template Generation diff --git a/examples/example-accept-env.yml b/examples/example-accept-env.yml index dc72a72..2cbcfc0 100644 --- a/examples/example-accept-env.yml +++ b/examples/example-accept-env.yml @@ -6,7 +6,6 @@ name: ansible-sshd vars: sshd_namespace_append: accept-env - sshd_skip_defaults: true sshd: # there are some handy environment variables to accept AcceptEnv: diff --git a/tasks/install.yml b/tasks/install.yml index aa6b4d6..1aefd26 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -119,6 +119,8 @@ when: sshd_namespace_append is none - name: Update configuration file snippet + vars: + sshd_skip_defaults: true blockinfile: path: "{{ sshd_config_file }}" owner: "{{ sshd_config_owner }}" diff --git a/tests/tests_namespace_append.yml b/tests/tests_namespace_append.yml index 80097be..8a27e56 100644 --- a/tests/tests_namespace_append.yml +++ b/tests/tests_namespace_append.yml @@ -12,7 +12,6 @@ name: ansible-sshd vars: sshd_config_file: /etc/ssh/sshd_config - sshd_skip_defaults: true sshd_namespace_append: nm1 sshd: AcceptEnv: EDITOR @@ -26,7 +25,6 @@ name: ansible-sshd vars: sshd_config_file: /etc/ssh/sshd_config - sshd_skip_defaults: true sshd_namespace_append: nm2 sshd: AcceptEnv: LS_COLORS