Restart the service when needed

Some changes, such as sysconfig change, requires the service to be restarted. Fixes: #302 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2025-01-02 21:50:17 +01:00 · 2024-12-16 13:39:01 +01:00 · 2024-12-16 13:39:01 +01:00 · fcb09ccaa9
commit fcb09ccaa9
parent 426469d984
5 changed files with 25 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -96,6 +96,14 @@ changed configuration. Defaults to the same value as `sshd_manage_service`.
 (Except on AIX, where `sshd_manage_service` is default *false*, but
 `sshd_allow_reload` is default *true*)

+#### sshd_allow_restart
+
+Some changes, for example of the sysconfig and environment files require the full
+restart of the service. If set to *false*, a restart of sshd won't happen on these
+changes. This can help with troubleshooting. You'll need to manually restart sshd
+if you want to apply the changed configuration. Defaults to the same value as
+`sshd_manage_service`.
+
 #### sshd_install_service

 If set to *true*, the role will install service files for the ssh service.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,6 +13,9 @@ sshd_manage_service: true
 # If the below is false, don't reload the ssh daemon on change
 sshd_allow_reload: true

+# If the below is false, don't restart the ssh daemon on change that requires restart
+sshd_allow_restart: true
+
 # If the below is true, also install service files from the templates pointed
 # to by the `sshd_service_template_*` variables
 sshd_install_service: false
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -12,6 +12,18 @@
    - ansible_facts['os_family'] != 'OpenWrt'
  listen: Reload_sshd

+- name: Restart the SSH service
+  ansible.builtin.service:
+    name: "{{ sshd_service }}"
+    state: restarted
+  when:
+    - sshd_allow_restart|bool
+    - ansible_facts['virtualization_type'] | default(None) not in __sshd_skip_virt_env
+    - ansible_connection != 'chroot'
+    - ansible_facts['os_family'] != 'AIX'
+    - ansible_facts['os_family'] != 'OpenWrt'
+  listen: Restart_sshd
+
 # sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
 # It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
 # Instead, use a dirty shell script:
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -25,7 +25,7 @@
  when:
    - sshd_sysconfig | bool
    - __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy
-  notify: Reload_sshd
+  notify: Restart_sshd

 - name: Check FIPS mode
  ansible.builtin.include_tasks: check_fips.yml
--- a/vars/AIX.yml
+++ b/vars/AIX.yml
@ -12,3 +12,4 @@ __sshd_os_supported: true
 sshd_install_service: false
 sshd_manage_service: false
 sshd_allow_reload: true
+sshd_allow_restart: false