mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-26 18:30:18 +01:00
feat: Ubuntu noble (#290)
* feat: Add support for Ubuntu Nobel/24.04 LTS * fix: Add missing PrintMotd to Ubuntu 22.04 * fix(tests): Various linting fixes --------- Co-authored-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
parent
7c76e9d6ce
commit
d4eae954c1
20 changed files with 76 additions and 17 deletions
|
@ -5,6 +5,7 @@ exclude_paths:
|
|||
- .markdownlint.yaml
|
||||
skip_list:
|
||||
- var-naming[no-role-prefix]
|
||||
- meta-runtime[unsupported-version]
|
||||
mock_roles:
|
||||
- willshersystems.sshd.ansible-sshd
|
||||
mock_modules:
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
repos:
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.27.1
|
||||
rev: 81e9f98ffd059efe8aa9c1b1a42e5cce61b640c6 # frozen: v1.35.1
|
||||
hooks:
|
||||
- id: yamllint
|
||||
files: \.(yaml|yml)$
|
||||
types: [file, yaml]
|
||||
entry: yamllint --strict
|
||||
- repo: https://github.com/ansible/ansible-lint.git
|
||||
rev: v6.5.2
|
||||
rev: 2d9f1ed1e6d08e1f6a18e50f789ab1580220c7db # frozen: v24.6.0
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
files: \.(yaml|yml)$
|
||||
|
|
|
@ -4,6 +4,12 @@ ignore: |
|
|||
/.tox/
|
||||
/.github/
|
||||
/tests/roles/
|
||||
# skip checking line length
|
||||
rules:
|
||||
comments-indentation: false
|
||||
document-start: disable
|
||||
line-length: disable
|
||||
braces:
|
||||
max-spaces-inside: 1
|
||||
octal-values:
|
||||
forbid-implicit-octal: true
|
||||
forbid-explicit-octal: true
|
||||
|
|
|
@ -6,7 +6,7 @@ In the interest of fostering an open and welcoming environment, we as
|
|||
contributors and maintainers pledge to making participation in our project and
|
||||
our community a harassment-free experience for everyone, regardless of age, body
|
||||
size, disability, ethnicity, sex characteristics, gender identity and expression,
|
||||
level of experience, education, socio-economic status, nationality, personal
|
||||
level of experience, education, socioeconomic status, nationality, personal
|
||||
appearance, race, religion, or sexual identity and orientation.
|
||||
|
||||
## Our Standards
|
||||
|
|
|
@ -27,7 +27,7 @@ via simple password. If you need this functionality, be sure to set
|
|||
|
||||
Tested on:
|
||||
|
||||
* Ubuntu precise, trusty, xenial, bionic, focal, jammy
|
||||
* Ubuntu precise, trusty, xenial, bionic, focal, jammy, noble
|
||||
* [![Run tests on Ubuntu latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml)
|
||||
* Debian wheezy, jessie, stretch, buster, bullseye, bookworm
|
||||
* [![Run tests on Debian](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml)
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
- ansible_connection != 'chroot'
|
||||
- ansible_facts['os_family'] != 'AIX'
|
||||
- ansible_facts['os_family'] != 'OpenWrt'
|
||||
listen: reload_sshd
|
||||
listen: Reload_sshd
|
||||
|
||||
# sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
|
||||
# It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
|
||||
|
@ -25,7 +25,7 @@
|
|||
stopsrc -s sshd
|
||||
until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done
|
||||
startsrc -s sshd
|
||||
listen: reload_sshd
|
||||
listen: Reload_sshd
|
||||
changed_when: false
|
||||
when:
|
||||
- sshd_allow_reload|bool
|
||||
|
@ -39,4 +39,4 @@
|
|||
when:
|
||||
- sshd_allow_reload|bool
|
||||
- ansible_facts['os_family'] == 'OpenWrt'
|
||||
listen: reload_sshd
|
||||
listen: Reload_sshd
|
||||
|
|
|
@ -24,8 +24,9 @@ galaxy_info:
|
|||
- bionic
|
||||
- focal
|
||||
- jammy
|
||||
- noble
|
||||
- name: FreeBSD
|
||||
version:
|
||||
versions:
|
||||
- "10.1"
|
||||
- name: EL
|
||||
versions:
|
||||
|
|
2
meta/runtime.yml
Normal file
2
meta/runtime.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
requires_ansible: ">=2.15.0"
|
|
@ -22,7 +22,7 @@
|
|||
when:
|
||||
- sshd_sysconfig | bool
|
||||
- __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
|
||||
- name: Check FIPS mode
|
||||
ansible.builtin.include_tasks: check_fips.yml
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
{{ sshd_binary }} -t -f %s
|
||||
{% endif %}
|
||||
backup: "{{ sshd_backup }}"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
|
||||
- name: Make sure the include path is present in the main sshd_config
|
||||
ansible.builtin.lineinfile:
|
||||
|
@ -43,7 +43,7 @@
|
|||
{{ sshd_binary }} -t -f %s
|
||||
{% endif %}
|
||||
backup: "{{ sshd_backup }}"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
when:
|
||||
- sshd_main_config_file is not none
|
||||
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
|
||||
|
|
|
@ -21,4 +21,4 @@
|
|||
{{ sshd_binary }} -t -f %s
|
||||
{% endif %}
|
||||
backup: "{{ sshd_backup }}"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
|
||||
- name: Install instanced service unit file
|
||||
ansible.builtin.template:
|
||||
|
@ -21,7 +21,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
when:
|
||||
- __sshd_socket_accept | bool
|
||||
|
||||
|
@ -32,7 +32,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: reload_sshd
|
||||
notify: Reload_sshd
|
||||
|
||||
- name: Service enabled and running
|
||||
ansible.builtin.service:
|
||||
|
|
|
@ -14,6 +14,12 @@ Accept=yes
|
|||
{% else %}
|
||||
Accept=no
|
||||
{% endif %}
|
||||
{% if __sshd_socket_freebind is not none %}
|
||||
FreeBind={{ 'yes' if __sshd_socket_freebind else 'no' }}
|
||||
{% endif %}
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
{% if __sshd_socket_required_by is not none %}
|
||||
RequiredBy={{ __sshd_socket_required_by }}
|
||||
{% endif %}
|
||||
|
|
|
@ -93,7 +93,7 @@
|
|||
| grep -o '^\( \| \)[A-Z][A-Za-z0-9]*\(.\| \)' \
|
||||
| grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \
|
||||
| awk '{ print $1 }' \
|
||||
| grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\)$"
|
||||
| grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\|Aaron\|Each\)$"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: sshd_options
|
||||
|
|
|
@ -94,6 +94,7 @@
|
|||
- ansible_facts['service_mgr'] == 'systemd' or
|
||||
(ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7')
|
||||
- ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12
|
||||
- not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>='))
|
||||
block:
|
||||
- name: Read the created instantiated service file
|
||||
ansible.builtin.slurp:
|
||||
|
|
|
@ -106,6 +106,7 @@
|
|||
when:
|
||||
- ansible_facts['service_mgr'] == 'systemd'
|
||||
- ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12
|
||||
- not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>='))
|
||||
block:
|
||||
- name: Read the created instantiated service file
|
||||
ansible.builtin.slurp:
|
||||
|
|
|
@ -118,6 +118,7 @@
|
|||
- ansible_facts['service_mgr'] == 'systemd' or
|
||||
(ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7')
|
||||
- ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12
|
||||
- not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>='))
|
||||
block:
|
||||
- name: Read the distribution instantiated service file
|
||||
ansible.builtin.slurp:
|
||||
|
|
|
@ -14,6 +14,7 @@ __sshd_defaults:
|
|||
Include: /etc/ssh/sshd_config.d/*.conf
|
||||
KbdInteractiveAuthentication: false
|
||||
UsePAM: true
|
||||
PrintMotd: false
|
||||
AcceptEnv: LANG LC_*
|
||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||
|
||||
|
|
33
vars/Ubuntu_24.yml
Normal file
33
vars/Ubuntu_24.yml
Normal file
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
__sshd_os_supported: true
|
||||
|
||||
__sshd_service: ssh
|
||||
__sshd_packages:
|
||||
- openssh-server
|
||||
- openssh-sftp-server
|
||||
# Ubuntu 22.04 shipped with drop-in directory support so we touch
|
||||
# just included file with highest priority by default
|
||||
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
__sshd_config_mode: "0644"
|
||||
# the defaults here represent the defaults shipped in the main sshd_config
|
||||
__sshd_defaults:
|
||||
Include: /etc/ssh/sshd_config.d/*.conf
|
||||
KbdInteractiveAuthentication: false
|
||||
UsePAM: true
|
||||
PrintMotd: false
|
||||
AcceptEnv: LANG LC_*
|
||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||
|
||||
__sshd_runtime_directory: sshd
|
||||
|
||||
__sshd_drop_in_dir_mode: '0755'
|
||||
__sshd_main_config_file: /etc/ssh/sshd_config
|
||||
|
||||
__sshd_environment_file: /etc/default/ssh
|
||||
__sshd_environment_variable: $SSHD_OPTS
|
||||
__sshd_service_after: auditd.service
|
||||
__sshd_service_alias: sshd
|
||||
|
||||
__sshd_socket_accept: false
|
||||
__sshd_socket_freebind: true
|
||||
__sshd_socket_required_by: ssh.service
|
|
@ -87,3 +87,9 @@ __sshd_service_restart_timeout: ~
|
|||
|
||||
# The systemd socket file does not accept the connection
|
||||
__sshd_socket_accept: true
|
||||
|
||||
# Boolean to control if the systemd socket can be bound to non-local IP addresses
|
||||
__sshd_socket_freebind: ~
|
||||
|
||||
# Space separated list of service names that this socket is required by
|
||||
__sshd_socket_required_by: ~
|
||||
|
|
Loading…
Reference in a new issue