libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2025-01-02 21:50:17 +01:00
Code Issues Projects Releases Packages Wiki Activity

Restart the service when needed

Browse source 
Some changes, such as sysconfig change, requires the service to be
restarted.

Fixes: #302

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Jakub Jelen 2024-12-16 13:39:01 +01:00 committed by Jakub Jelen
parent 426469d984
commit fcb09ccaa9
5 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -96,6 +96,14 @@ changed configuration. Defaults to the same value as `sshd_manage_service`.
(Except on AIX, where `sshd_manage_service` is default *false*, but (Except on AIX, where `sshd_manage_service` is default *false*, but
`sshd_allow_reload` is default *true*) `sshd_allow_reload` is default *true*)
#### sshd_allow_restart
Some changes, for example of the sysconfig and environment files require the full
restart of the service. If set to *false*, a restart of sshd won't happen on these
changes. This can help with troubleshooting. You'll need to manually restart sshd
if you want to apply the changed configuration. Defaults to the same value as
`sshd_manage_service`.
#### sshd_install_service #### sshd_install_service
If set to *true*, the role will install service files for the ssh service. If set to *true*, the role will install service files for the ssh service.

3
defaults/main.yml
View file

@ -13,6 +13,9 @@ sshd_manage_service: true
# If the below is false, don't reload the ssh daemon on change # If the below is false, don't reload the ssh daemon on change
sshd_allow_reload: true sshd_allow_reload: true
# If the below is false, don't restart the ssh daemon on change that requires restart
sshd_allow_restart: true
# If the below is true, also install service files from the templates pointed # If the below is true, also install service files from the templates pointed
# to by the `sshd_service_template_*` variables # to by the `sshd_service_template_*` variables
sshd_install_service: false sshd_install_service: false

12
handlers/main.yml
View file

@ -12,6 +12,18 @@
- ansible_facts['os_family'] != 'OpenWrt' - ansible_facts['os_family'] != 'OpenWrt'
listen: Reload_sshd listen: Reload_sshd
- name: Restart the SSH service
ansible.builtin.service:
name: "{{ sshd_service }}"
state: restarted
when:
- sshd_allow_restart|bool
- ansible_facts['virtualization_type'] | default(None) not in __sshd_skip_virt_env
- ansible_connection != 'chroot'
- ansible_facts['os_family'] != 'AIX'
- ansible_facts['os_family'] != 'OpenWrt'
listen: Restart_sshd
# sshd on AIX cannot be 'reloaded', it must be Stopped+Started. # sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
# It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it. # It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
# Instead, use a dirty shell script: # Instead, use a dirty shell script:

2
tasks/install.yml
View file

@ -25,7 +25,7 @@
when: when:
- sshd_sysconfig | bool - sshd_sysconfig | bool
- __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy - __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy
notify: Reload_sshd notify: Restart_sshd
- name: Check FIPS mode - name: Check FIPS mode
ansible.builtin.include_tasks: check_fips.yml ansible.builtin.include_tasks: check_fips.yml

1
vars/AIX.yml
View file

@ -12,3 +12,4 @@ __sshd_os_supported: true
sshd_install_service: false sshd_install_service: false
sshd_manage_service: false sshd_manage_service: false
sshd_allow_reload: true sshd_allow_reload: true
sshd_allow_restart: false