mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-24 12:00:19 +01:00
fix: Document and streamline the sshd_main_config_file
The option was introduced in6bb0d7b456without documentation and intended use. The recent changef6ae2094fepropagated this option to the generated service files, which is resulting in unexpected results, when a user decided to set only `sshd_config_file` for the second sshd service causing the service file points to the system-wide configuration file. This is an attempt to fix this by introducing some heuristics to guess if the user wants to set up second drop-in directory (ending with .d) or create a standalone configuration file. Fixes: #280
This commit is contained in:
Jakub Jelen
Jakub Jelen
parent
683c07e633
commit
e83cb52ded
8 changed files with 24 additions and 9 deletions
13
README.md
13
README.md
|
|
@ -209,6 +209,19 @@ When this path points to a drop-in directory (like
|
|||
with the variable `sshd_main_config_file`) is checked to contain a proper
|
||||
`Include` directive.
|
||||
|
||||
#### sshd_main_config_file
|
||||
|
||||
When the system is using drop-in directory, this option can be used to set
|
||||
a path to the main configuration file and let you configure only the drop-in
|
||||
configuration file using `sshd_config_file`. This is useful in cases when
|
||||
you need to configure second independent sshd service with different
|
||||
configuration file. This is also the file used in the service file.
|
||||
|
||||
On systems without drop-in directory, it defaults to `None`. Otherwise it
|
||||
defaults to `/etc/ssh/sshd_config`. When the `sshd_config_file` is set
|
||||
outside of the drop in directory (its parent directory is not
|
||||
`sshd_main_config_file` ~ '.d'), this variable is ignored.
|
||||
|
||||
#### sshd_config_namespace
|
||||
|
||||
By default (*null*), the role defines whole content of the configuration file
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
{% elif sshd[key] is defined %}
|
||||
{% set value = sshd[key] %}
|
||||
{% elif sshd_main_config_file is not none
|
||||
and sshd_config_file | dirname != sshd_main_config_file | dirname %}
|
||||
and sshd_config_file | dirname == sshd_main_config_file ~ '.d' %}
|
||||
{# Do not use the defaults from main file to avoid recursion #}
|
||||
{% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
|
||||
{% if key == 'HostKey' and __sshd_fips_mode %}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
mode: "{{ sshd_drop_in_dir_mode }}"
|
||||
when:
|
||||
- sshd_main_config_file is not none
|
||||
- sshd_config_file | dirname != sshd_main_config_file | dirname
|
||||
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
|
||||
|
||||
- name: Create the complete configuration file
|
||||
ansible.builtin.template:
|
||||
|
|
@ -46,4 +46,4 @@
|
|||
notify: reload_sshd
|
||||
when:
|
||||
- sshd_main_config_file is not none
|
||||
- sshd_config_file | dirname != sshd_main_config_file | dirname
|
||||
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
|
||||
|
|
|
|||
|
|
@ -20,7 +20,8 @@ EnvironmentFile=-{{ file }}
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
ExecStartPre={{ sshd_binary }} -t
|
||||
ExecStart={{ sshd_binary }} -D {{ __sshd_environment_variable }} -f {% if sshd_main_config_file is not none %}
|
||||
ExecStart={{ sshd_binary }} -D {{ __sshd_environment_variable }} -f
|
||||
{%- if sshd_main_config_file is not none and sshd_config_file | dirname == sshd_main_config_file ~ '.d' %}
|
||||
{{- sshd_main_config_file }}
|
||||
{% else %}
|
||||
{{- sshd_config_file }}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,8 @@ EnvironmentFile=-{{ __sshd_environment_file }}
|
|||
EnvironmentFile=-{{ file }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
ExecStart=-{{ sshd_binary }} -i {{ __sshd_environment_variable }} -f {% if sshd_main_config_file is not none %}
|
||||
ExecStart=-{{ sshd_binary }} -i {{ __sshd_environment_variable }} -f
|
||||
{%- if sshd_main_config_file is not none and sshd_config_file | dirname == sshd_main_config_file ~ '.d' %}
|
||||
{{- sshd_main_config_file }}
|
||||
{% else %}
|
||||
{{- sshd_config_file }}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
{% elif sshd[key] is defined %}
|
||||
{% set value = sshd[key] %}
|
||||
{% elif sshd_main_config_file is not none
|
||||
and sshd_config_file | dirname != sshd_main_config_file | dirname %}
|
||||
and sshd_config_file | dirname == sshd_main_config_file ~ '.d' %}
|
||||
{# Do not use the defaults from main file to avoid recursion #}
|
||||
{% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
|
||||
{% if key == 'HostKey' and __sshd_fips_mode %}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
{% elif sshd[key] is defined %}
|
||||
{% set value = sshd[key] %}
|
||||
{% elif sshd_main_config_file is not none
|
||||
and sshd_config_file | dirname != sshd_main_config_file | dirname %}
|
||||
and sshd_config_file | dirname == sshd_main_config_file ~ '.d' %}
|
||||
{# Do not use the defaults from main file to avoid recursion #}
|
||||
{% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
|
||||
{% if key == 'HostKey' and __sshd_fips_mode %}
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@
|
|||
- name: Verify the ExecStart line contains the configuration file
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "' -f /etc/ssh/' in service.content | b64decode"
|
||||
- "' -f/etc/ssh/' in service.content | b64decode"
|
||||
|
||||
- name: Decode socket file
|
||||
ansible.builtin.set_fact:
|
||||
|
|
@ -154,7 +154,7 @@
|
|||
- name: Verify the ExecStart line contains the configuration file
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "' -f /etc/ssh/' in service_inst.content | b64decode"
|
||||
- "' -f/etc/ssh/' in service_inst.content | b64decode"
|
||||
|
||||
- name: "Restore configuration files"
|
||||
ansible.builtin.include_tasks: tasks/restore.yml
|
||||
|
|
|
|||
Loading…
Reference in a new issue