Merge pull request #135 from Jakuje/cleanup

Cleanup lint issues, update documentation, fix typos
This commit is contained in:
Matt Willsher 2020-09-23 21:28:53 +01:00 committed by GitHub
commit b598348356
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 123 additions and 108 deletions

View file

@ -21,7 +21,7 @@ jobs:
- name: Lint Ansible Playbook
uses: ansible/ansible-lint-action@master
with:
targets: "tests/test_*.yml"
targets: "tests/test_*.yml
override-deps: |
ansible==2.9
args: ""
@ -36,3 +36,4 @@ jobs:
override-deps: |
ansible==2.10
args: ""

View file

@ -21,18 +21,18 @@ before using in production!
Ubuntu. This is not the default assigned by this module - it will set
`PermitRootLogin without-password` which will allow access via SSH key but not
via simple password. If you need this functionality, be sure to set
`ssh_PermitRootLogin yes` for those hosts.
`sshd_PermitRootLogin yes` for those hosts.
Requirements
------------
Tested on:
* Ubuntu precise, trusty
* Debian wheezy, jessie
* Ubuntu precise, trusty, xenial, bionic, focal
* Debian wheezy, jessie, stretch, buster
* FreeBSD 10.1
* EL 6,7 derived distributions
* Fedora 22, 23
* EL 6, 7, 8 derived distributions
* Fedora 31, 32, 33
* OpenBSD 6.0
* AIX 7.1, 7.2
@ -97,7 +97,7 @@ sshd:
- 0.0.0.0
```
* `ssh_...`
* `sshd_...`
Simple variables can be used rather than a dict. Simple values override dict
values. e.g.:

View file

@ -1,7 +1,7 @@
---
### USER OPTIONS
# Set to False to disable this role completely
sshd_enable: True
# Set to false to disable this role completely
sshd_enable: true
# Don't apply OS defaults when set to true
sshd_skip_defaults: false
@ -21,7 +21,7 @@ sshd_service_template_socket: sshd.socket.j2
sshd_allow_reload: true
# If the below is true, create a backup of the config file when the template is copied
sshd_backup: false
sshd_backup: true
# Empty dicts to avoid errors
sshd: {}

View file

@ -29,8 +29,9 @@ galaxy_info:
- 8
- name: Fedora
versions:
- 22
- 23
- 31
- 32
- 33
- name: OpenBSD
versions:
- 6.0

View file

@ -1,6 +1,8 @@
---
__sshd_config_mode: '0644'
__sshd_packages: [ ] # sshd is not installed by yum / AIX toolbox for Linux. You'll need to manually install them using AIX Web Download Packs.
# sshd is not installed by yum / AIX toolbox for Linux.
# You'll need to manually install them using AIX Web Download Packs.
__sshd_packages: []
__sshd_sftp_server: /usr/sbin/sftp-server
__sshd_config_group: system
__sshd_defaults:

View file

@ -3,23 +3,9 @@ __sshd_packages:
- openssh
- openssh-server
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
# Fedora 32 ships with drop-in directory support so we touch
# just included file with highest priority by default and have
# empty defaults
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
__sshd_defaults:
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
SyslogFacility: AUTHPRIV
AuthorizedKeysFile: .ssh/authorized_keys
PasswordAuthentication: yes
ChallengeResponseAuthentication: no
GSSAPIAuthentication: yes
GSSAPICleanupCredentials: no
UsePAM: yes
X11Forwarding: yes
AcceptEnv:
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS
Subsystem: "sftp {{ sshd_sftp_server }}"
__sshd_os_supported: yes

25
vars/Fedora_31.yml Normal file
View file

@ -0,0 +1,25 @@
---
__sshd_packages:
- openssh
- openssh-server
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
__sshd_defaults:
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
SyslogFacility: AUTHPRIV
AuthorizedKeysFile: .ssh/authorized_keys
PasswordAuthentication: yes
ChallengeResponseAuthentication: no
GSSAPIAuthentication: yes
GSSAPICleanupCredentials: no
UsePAM: yes
X11Forwarding: yes
AcceptEnv:
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS
Subsystem: "sftp {{ sshd_sftp_server }}"
__sshd_os_supported: yes

View file

@ -13,7 +13,7 @@ __sshd_defaults:
PasswordAuthentication: yes
ChallengeResponseAuthentication: no
GSSAPIAuthentication: yes
GSSAPICleanupCredentials: yes
GSSAPICleanupCredentials: no
# Note that UsePAM: no is not supported under RHEL/CentOS. See
# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
UsePAM: yes