Moves internal non-overridable variables out of defaults

This commit is contained in:
Nikolaos Kakouros 2022-08-17 12:05:10 +00:00 committed by Jakub Jelen
parent d5b2f8df02
commit db39a733aa
8 changed files with 43 additions and 52 deletions

View file

@ -37,7 +37,6 @@ sshd_sysconfig_override_crypto_policy: false
# generator
sshd_sysconfig_use_strong_rng: 0
# Empty dicts to avoid errors
sshd: {}
@ -47,7 +46,9 @@ sshd_config_file: "{{ __sshd_config_file }}"
### VARS DEFAULTS
### The following are defaults for OS specific configuration in var files in
### this role. They should not be set directly by role users.
### this role. They should not be set directly by role users, unless they know
### what they are doing, e.g. installing extra packages or installing an
### alternative SystemD service file
sshd_packages: "{{ __sshd_packages }}"
sshd_config_owner: "{{ __sshd_config_owner }}"
sshd_config_group: "{{ __sshd_config_group }}"
@ -62,10 +63,7 @@ sshd_sftp_server: "{{ __sshd_sftp_server }}"
# configuration or restarting), we make sure the keys exist and have correct
# permissions. To disable this check, set sshd_verify_hostkeys to false
sshd_verify_hostkeys: "auto"
# The list of hostkeys to check when there are none listed in configuration file.
# This is usually the case when the selection is up to the OpenSSH defaults or
# drop-in directory is used.
__sshd_verify_hostkeys_default: []
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
@ -73,19 +71,3 @@ sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
# instead of replacing the whole configuration file, just add a specified
# snippet
sshd_config_namespace: null
### These variables are used by role internals and should not be used.
__sshd_defaults: {}
__sshd_os_supported: no
__sshd_sysconfig_supports_crypto_policy: false
__sshd_sysconfig_supports_use_strong_rng: false
__sshd_runtime_directory: false
__sshd_runtime_directory_mode: "0755"
# If the system supports drop-in directory, it is configured in this variable. It is used
# to distinguish if we are writing a configuration snippet or we should write defaults.
__sshd_drop_in_dir: false
# this is the path to the main sshd_config which is checked for Include directive when
# drop-in directory is used
__sshd_main_config_file: false

View file

@ -1,9 +0,0 @@
---
- name: Ensure ansible_facts used by role
ansible.builtin.setup:
gather_subset: min
when: not ansible_facts.keys() | list |
intersect(__sshd_required_facts) == __sshd_required_facts
- name: Include common vars
ansible.builtin.include_vars: vars/common.yml

View file

@ -1,7 +1,4 @@
---
- name: Set common variables and ensure basic facts are gathered
ansible.builtin.include_tasks: set_common_vars.yml
- name: Set platform/version specific variables
ansible.builtin.include_tasks: variables.yml

View file

@ -1,6 +1,9 @@
---
- name: Set common vars
ansible.builtin.include_vars: vars/common.yml
- name: Ensure ansible_facts used by role
ansible.builtin.setup:
gather_subset: min
when: not ansible_facts.keys() | list |
intersect(__sshd_required_facts) == __sshd_required_facts
- name: Set OS dependent variables
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
@ -24,7 +27,7 @@
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- default.yml
- main.yml # fallback, vars/main.yml is always loaded by Ansible
paths:
- "{{ role_path }}/vars"
- "{{ playbook_dir }}/vars"

View file

@ -26,10 +26,8 @@
- __sshd_test_backup.path is defined
- name: Include common variables
ansible.builtin.include_role:
name: ansible-sshd
tasks_from: set_common_vars.yml
public: true
ansible.builtin.include_vars:
file: ../../vars/main.yml
- name: Restart sshd service
ansible.builtin.service:

View file

@ -1,10 +0,0 @@
__sshd_skip_virt_env:
- docker
- podman
- container
- containerd
- VirtualPC
__sshd_binary: /usr/sbin/sshd
__sshd_service: sshd
__sshd_sftp_server: /usr/lib/openssh/sftp-server

View file

@ -1 +0,0 @@
---

View file

@ -14,3 +14,34 @@ __sshd_required_facts:
- distribution
- distribution_major_version
- os_family
__sshd_skip_virt_env:
- docker
- podman
- container
- containerd
- VirtualPC
__sshd_binary: /usr/sbin/sshd
__sshd_service: sshd
__sshd_sftp_server: /usr/lib/openssh/sftp-server
__sshd_defaults: {}
__sshd_os_supported: no
__sshd_sysconfig_supports_crypto_policy: false
__sshd_sysconfig_supports_use_strong_rng: false
__sshd_runtime_directory: false
__sshd_runtime_directory_mode: "0755"
# If the system supports drop-in directory, it is configured in this variable. It is used
# to distinguish if we are writing a configuration snippet or we should write defaults.
__sshd_drop_in_dir: false
# this is the path to the main sshd_config which is checked for Include directive when
# drop-in directory is used
__sshd_main_config_file: false
# The list of hostkeys to check when there are none listed in configuration file.
# This is usually the case when the selection is up to the OpenSSH defaults or
# drop-in directory is used.
__sshd_verify_hostkeys_default: []