Merge branch 'release/0.2.2'

2024-11-08 21:03:29 +01:00 · 2015-01-13 13:31:52 +00:00 · 2015-01-13 13:31:52 +00:00 · bd4fd564aa
commit bd4fd564aa
parent 284a07de60 b8278f0801
7 changed files with 23 additions and 12 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems>
+- Add warnings to README
+- Tidy up naming
+- Remove blacklist packages from Debian based distros
 0.2.1 12 January 2014 Matt Willsher <matt@willsher.systems>
 - Standardise README.md format
 - Add basic Travis CI testing
--- a/README.md
+++ b/README.md
@ -1,3 +1,5 @@
+[![Build Status](https://travis-ci.org/WillsherSystems/ansible-sshd.svg?branch=master)](https://travis-ci.org/WillsherSystems/ansible-sshd) [![Ansible Galaxy](http://img.shields.io/badge/galaxy-willshersystems.sshd-660198.svg?style=flat)](https://galaxy.ansible.com/list#/roles/2488)
+
 OpenSSH Server
 ==============

@ -11,6 +13,16 @@ This role configures the OpenSSH daemon. It:
  (see [meta/make_option_list](meta/make_option_list))
 * Tests the sshd_config before reloading sshd.

+**WARNING** Misconfiguration of this role can lock you out of your server!
+Please test your configuration and its interaction with your users configuration
+before using in production!
+
+**WARNING** Digital Ocean allows root with passwords via SSH on Debian and
+Ubuntu. This is not the default assigned by this module - it will set
+`PermitRootLogin without-password` which will allow access via SSH key but not
+via simple password. If you need this functionality, be sure to set
+`ssh_PermitRootLogin yes` for those hosts.
+
 Requirements
 ------------

--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,9 +1,9 @@
 ---
- name: check and reload sshd
+- name: check_and_reload_sshd
  command: "{{ sshd_binary }} -t"
-  notify: reload sshd
+  notify: reload_sshd

- name: reload sshd
+- name: reload_sshd
  service:
    name: "{{ sshd_service }}"
    state: reloaded
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,5 +1,5 @@
 ---
- name: Role set up
+- name: Set OS dependent variables
  include_vars: "{{ item }}"
  with_first_found:
   - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
@ -19,14 +19,14 @@
  tags:
    - sshd

- name: Configured
+- name: Configuration
  template:
    src: sshd_config.j2
    dest: "{{ sshd_config_file }}"
    owner: "{{ sshd_config_owner }}"
    group: "{{ sshd_config_group }}"
    mode: "{{ sshd_config_mode }}"
-  notify: check and reload sshd
+  notify: check_and_reload_sshd
  tags:
    - sshd

@ -37,3 +37,4 @@
    state: running
  tags:
    - sshd
+
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
  - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
  - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults:
--- a/vars/Debian_8.yml
+++ b/vars/Debian_8.yml
@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
  - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
  - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults:
--- a/vars/Ubuntu_14.yml
+++ b/vars/Ubuntu_14.yml
@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
  - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
  - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults: