Commit graph

76 commits

Author SHA1 Message Date
Matt Willsher
da3e33ec46
fix: rename var sshd -> sshd_config and debug output (#299) 2024-10-24 17:59:04 +01:00
Jakub Jelen
4478b2bbe0 Add new configuration options from OpenSSH 9.8
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-08-19 11:46:42 +02:00
Rich Megginson
b5b3933072 fix: add support for EL10
According to the Ansible team, support for listing platforms in
role `meta/main.yml` files is being removed.
Instead, they recommend using `galaxy_tags`

https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst
"Remove the galaxy_info field platforms from the role templates"
https://github.com/ansible/ansible/issues/82453

For each version listed under `platforms.EL` - add a tag like `elN`.

Q: Why not use a delimiter between the platform and the version e.g. `el-10`?

This is not allowed by ansible-lint:

```
meta-no-tags: Tags must contain lowercase letters and digits only., invalid: 'el-10'
meta/main.yml:1
```

So we cannot use uppercase letters either.

Q: Why not use our own meta/main.yml field?

No other fields are allowed by ansible-lint:

```
syntax-check[specific]: 'myfield' is not a valid attribute for a RoleMetadata
```

Q: Why not use some other field?

There are no other applicable or suitable fields.

Q: What happens when we want to support versions like `N.M`?

Use the word "dot" instead of "." e.g. `el10dot3`.
Similarly - use "dash" instead of "-".

We do not need tags such as `fedoraall`.
The `fedora` tag implies that the role works on all supported versions of fedora.
Otherwise, use tags such as `fedora40` if the role only supports specific versions.

In addition - for roles that have different variable files for EL9, create
the corresponding EL10 files, and update the variables for EL10.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-07-02 10:36:19 -06:00
Matt Willsher
d4eae954c1
feat: Ubuntu noble (#290)
* feat: Add support for Ubuntu Nobel/24.04 LTS
* fix: Add missing PrintMotd to Ubuntu 22.04
* fix(tests): Various linting fixes

---------
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-06-21 09:12:02 +01:00
Jakub Jelen
e83cb52ded fix: Document and streamline the sshd_main_config_file
The option was introduced in 6bb0d7b456
without documentation and intended use. The recent change
f6ae2094fe propagated this option to the
generated service files, which is resulting in unexpected results, when
a user decided to set only `sshd_config_file` for the second sshd
service causing the service file points to the system-wide
configuration file.

This is an attempt to fix this by introducing some heuristics to guess
if the user wants to set up second drop-in directory (ending with .d)
or create a standalone configuration file.

Fixes: #280
2024-04-05 09:29:10 +02:00
Rich Megginson
a25523ddce ci: Use supported ansible-lint action; run ansible-lint against the collection
The old ansible-community ansible-lint is deprecated.  There is a
new ansible-lint github action.

The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.

This also requires tox-lsr 3.2.1

Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See https://github.com/linux-system-roles/tox-lsr/pull/125

Fix ansible-lint and ansible-test issues reported by the
latest 2.16 versions.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2024-01-08 10:56:53 -07:00
Rich Megginson
4543f0c679 feat: support for ostree systems
Feature: Allow running and testing the role with ostree managed nodes.

Reason: We have users who want to use the role to manage ostree
systems.

Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2023-11-28 09:40:18 -07:00
Dominik Rimpf
70c913ed0e
feat: support for debian 12 2023-06-18 23:10:14 +02:00
Jakub Jelen
039aa32606 feat: Add missing configuration options available in Match block
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
484da0584b feat: Add new options from OpenSSH 9.3
This version is now available in Alpine.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
a3065d070c Make sure the list options are correctly indented
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/

This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-04-14 19:01:19 +02:00
Noriko Hosoi
3bc81d9f97 Fingerprint ansible-sshd managed config files
- Add repo and role name to the generated config files.
  # willshersystems:ansible-sshd

Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
2023-03-29 10:30:06 -07:00
Jakub Jelen
bcd15cab9d Add the alpine also to the README and galaxy metadata 2023-01-16 15:10:28 +01:00
Jakub Jelen
04f056867c Add support for managing selinux and firewall on RHEL 2023-01-13 10:42:40 +01:00
Jakub Jelen
e6d075b8f3 meta: Provide explicit namespace to avoid ansible lint errors
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-12-13 14:13:18 +01:00
Jakub Jelen
1c4197e341 Add configuration options from EL7 2022-09-27 22:32:57 +02:00
Jakub Jelen
ddb286111f Add missing configuration options from EL8 2022-09-27 22:32:57 +02:00
Jakub Jelen
1ae6284951 Add final version of RequiredRSASize
Keep the old version for backward compatibility

Upstream commit:
https://github.com/openssh/openssh-portable/commit/1875042c
2022-09-27 22:22:58 +02:00
Jakub Jelen
e8e583b20a Update source template to match generated files 2022-09-27 22:22:58 +02:00
Nikolaos Kakouros
6bb0d7b456 tMakes drop-in functionality configurable by the user 2022-08-26 20:23:51 +00:00
Rich Megginson
1bc8395ea8 Add parameter RSAMinSize to Match blocks
This is a follow-on to https://github.com/willshersystems/ansible-sshd/pull/194
The previous PR added RSAMinSize as an option for the "body" of the
config file, but not for Match blocks.
2022-07-28 15:43:35 -06:00
Rich Megginson
6c0ff316af add parameter RSAMinSize
Add support for the new RSAMinSize parameter.
2022-07-21 15:35:57 -06:00
Rich Megginson
4ca9e8f142 the role still supports 2.9 2022-06-14 07:40:52 -06:00
Matt Willsher
90338a3f0a Fix various linting issues 2022-06-03 11:22:17 +01:00
Jakub Jelen
74026ba2f8 Add support for Ubuntu 22 with drop-in directory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
9c202bd60e Verify the Include is in main configuration file
... if drop-in file is modified

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
7f69d1e69a Filter out Ed25519 keys from default in FIPS mode
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
Sergei Petrosian
44a7d8fb20 Use {{ ansible_managed | comment }} to fix multi-line ansible_managed
BZ#2006230, BZ#2006231, BZ#2006233
2021-09-21 12:44:12 +02:00
Matt Willsher
b1fe667432
Merge pull request #164 from spetrosi/drop-ansible-2.8
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
2021-08-18 04:40:59 +01:00
Dominik Rimpf
6b1b328de3 ADD: doc bullseye support & github workflow on bullseye 2021-08-17 15:26:43 +02:00
Sergei Petrosian
5039e29910 Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
Bug 1989197 - drop support for Ansible 2.8

https://bugzilla.redhat.com/show_bug.cgi?id=1989197
2021-08-06 10:01:31 +02:00
Jakub Jelen
c4db22f16d Add configuration options from OpenSSH 8.6 2021-06-12 08:31:10 +02:00
Jakub Jelen
3e9d408015 Remove boolean comparison and regenerate templates 2021-06-01 16:09:23 +02:00
Jakub Jelen
380ebd21d9 Support for appending a snippet to configuration file 2021-06-01 16:09:23 +02:00
Jakub Jelen
fd22532d93 Update source template files used to generate final template 2021-06-01 16:09:23 +02:00
Noriko Hosoi
32f9d0dda5 Update meta data and README
Add 9 to EL and replace the versions of Fedora with all in
meta/main.yml. Update README.md based on the changes.
2021-05-05 19:41:31 +02:00
Jakub Jelen
66a4ccbcee meta: Update list of supported releases 2020-09-23 14:49:42 +02:00
Jakub Jelen
9e7eae712d Reformat yaml files to avoid wrong indentation, trailing spaces and long lines 2020-09-23 14:49:42 +02:00
Matt Willsher
ed989f571c Update CI to Ubuntu focal, add Ubuntu focal support to module 2020-09-18 20:48:56 +01:00
Jakub Jelen
b9fb457d2b Add missing configuration options from current OpenSSH 8.3p1 (Fedora 32)
Fixes #125
2020-09-14 18:30:20 +02:00
Jakub Jelen
babfb5542c Remove duplicate GatewayPorts 2020-09-14 18:30:20 +02:00
Martin Verges
59314077b9 add debian 10 (buster) support 2019-10-23 15:52:21 +02:00
David Little
553344e9b6 Update galaxy meta 2019-07-10 13:31:25 -05:00
yurihs
775264a8b8 Make tags lowercase (ansible-lint E702) 2019-05-23 14:32:21 -03:00
Robert A Vincent II
4a0f7d935a Specify search path for os vars; support odd-numbered Ubuntu releases. 2019-02-25 16:10:34 -05:00
Nikolaos Kakouros
f5c13ee90f Merge branch 'master' into systemd 2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f Adds ability to install a systemd service 2018-08-25 23:39:06 +02:00
Bob Vincent
c52053b53e Add missing options_match entries. 2018-08-17 11:54:45 -04:00
Bob Vincent
9378cbd7cf Add missing options_body entries. 2018-08-17 11:54:45 -04:00
Bob Vincent
8a2dbf0f41 Fix error in 30_bottom.j2 2018-08-13 12:00:11 -04:00