An earlier commit fixed the code to work with INJECT_FACTS_AS_VARS=false
https://github.com/willshersystems/ansible-sshd/pull/244
This ensures testing with INJECT_FACTS_AS_VARS=false so that we can catch
any changes in the future which might break this.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* Debug service and socket files in tests
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* Add systemd ephemeral authorized_keys to the instantiated service file on Fedora
Based on the following Fedora change pulling the systemd upstream
service file:
https://src.fedoraproject.org/rpms/openssh/pull-request/101
This removes the check for the config file in the generated service
file as we no longer add it when it is the default distribution path
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---------
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Previously, the "first_found" lookup would always find the
role_path/vars/main.yml file before any playbook_dir/vars/... file, so
it was impossible to set variables from the second directory.
This change:
+ Removes main.yml from the lookup file names so that the automatically
loaded role_path/vars/main.yml file can never stop another file from
being loaded
+ Replaces the inline lookup('first_found') call with a with_found_first
block so that the task won't fail if there is no additional vars file.
* feat: add support for debian 13 (aka trixie)
* test: added trixie test and removed buster test (EOL)
trixie test runs against debian:latest until release exists
* test: use forked debian trixie action
* test: fix tests for debian 13
* debian trixie has a slightly different man page than bookworm so we need to
exclude the word "Note" from the automatically generated list
* systemd-service file for debian 13
* fix: include external config files first so they can override all options
* test: replaced cipher option with usedns for tests_deprecated_sshd_variable
* Add new configuration option from in CentOS 10
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* ci: Remove Debian buster as its repositories are no longer available
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* tests: Print generated configuration to simplify debugging issues
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---------
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Ansible 2.19 introduces some big changes
https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_core_2.19.html
A big change is that a boolean expression in a `when` or similar construct
must be converted to a boolean - we cannot rely on the implicit evaluation in
a boolean context. For example, if `var` is some iterable, like a `dict`, `list`,
or `string`, you used to be able to evaluate an empty value in a boolean context:
```yaml
when: var # do this only if var is not empty
```
You now have to explicitly test for empty using `length`:
```yaml
when: var | length > 0 # do this only if var is not empty
```
Similarly for `int` values - you cannot rely on `0` being evaluated as false
and non-zero true - you must explicitly compare the values with `==` or `!=`
In macros in templates, the implicit return value is now `none` - we have to
ensure that the macro returns an empty string in these cases - to do this,
use `{{- '' -}}`
The `ansible_managed` variable cannot be overwritten - use a temp variable.
This also fixes some ansible-lint issues with the new ansible-lint
* Task names in the same file must be unique
* Stricter checking for spacing
* Stricter enforcement of the "no quotes in when/that expressions"
These are the biggest changes. See the porting guide for others.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* Add new options from OpenSSH 10.0
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* tests: Install awk on new Fedora
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---------
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
The Fedora service file now contains this directive to avoid systemd
complaining about unused variable in case the EnvironmentFile is empty
or does not exists. Defining empty variable should not hurt other
distros.
Given that originally the internal variable contained also the dollar
sign, this needed to be reworked, also to support multiple environment
variables in EL8.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This PR supersedes https://github.com/willshersystems/ansible-sshd/pull/306
because there is some extra work that must be done to use v25
We need to provide a requirements file. Even though sshd does not have
a tests collection-requirements.yml file, we use the same code we
use in linux-system-roles that handles/merges the meta and tests
requirements files.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
This did not work since 43ed7c1, for over 7 years so instead
of restoring this behavior, updating documentation to match
current beharior sounds more reasonable.
Fixes: #236
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
The documentation says there is only one global scope for handlers:
> There is only one global scope for handlers (handler names and listen topics)
> regardless of where the handlers are defined. This also includes handlers
> defined in roles.
So following the naming convention as we do in all the other variables
sounds like a good idea.
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_handlers.html
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* Add new options from OpenSSH 9.9p1
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* ci: Add CentOS10
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* tests: Use LogLevel option for testing to avoid OpenSSH 9.9 bug
The OpenSSH 9.9p1 has a bug in parsing/printing the Compression option
so lets use different option for testing.
https://bugzilla.mindrot.org/show_bug.cgi?id=3759
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---------
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Setting TMPDIR globally causes problems on some platforms.
Instead, set it at the `block` level and put the role
invocation inside the block.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
