From d0b2b029a1ac6ea639ee928f91ea7c8e9e83f571 Mon Sep 17 00:00:00 2001
From: jitakirin <jitakirin@gmail.com>
Date: Fri, 26 Jun 2015 11:38:09 +0100
Subject: [PATCH] Verify SSHd config early

This uses the validate option to check the config file early, which
avoids putting bad settings in place at all, and also enables a
fail-fast behaviour (errors out when processing the template module).
---
 handlers/main.yml | 4 ----
 tasks/main.yml    | 3 ++-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 2772fc7..7713d75 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,8 +1,4 @@
 ---
-- name: check_and_reload_sshd
-  command: "{{ sshd_binary }} -t"
-  notify: reload_sshd
-
 - name: reload_sshd
   service:
     name: "{{ sshd_service }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 0a60944..04fa9e3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -38,7 +38,8 @@
     owner: "{{ sshd_config_owner }}"
     group: "{{ sshd_config_group }}"
     mode: "{{ sshd_config_mode }}"
-  notify: check_and_reload_sshd
+    validate: "{{ sshd_binary }} -t -f %s"
+  notify: reload_sshd
   tags:
     - sshd