Jakub Jelen
04f056867c
Add support for managing selinux and firewall on RHEL
2023-01-13 10:42:40 +01:00
Jakub Jelen
6f4d3d8fdb
tasks: Improve the order of keys and add missing name
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-12-13 14:13:18 +01:00
Jakub Jelen
c201ba2060
Support __sshd_supports_validate
2022-09-27 22:32:57 +02:00
Matt Willsher
abe2b26a89
Linting fixes
2022-09-07 09:33:33 +01:00
Nikolaos Kakouros
6bb0d7b456
tMakes drop-in functionality configurable by the user
2022-08-26 20:23:51 +00:00
Nikolaos Kakouros
221a801260
Adds workaround for CentOS6
2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
c8d7c25be3
Defaults __sshd_testing when not testing
2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
d2b274a0a1
Fixes tests
2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
db39a733aa
Moves internal non-overridable variables out of defaults
2022-08-23 15:18:41 +02:00
Jakub Jelen
77d3163243
Workaround for https://github.com/ansible/ansible-lint/issues/2209
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-08-18 09:08:53 +02:00
Jakub Jelen
08285659ed
Fix ansible-lint warnings
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-08-18 09:08:53 +02:00
Matt Willsher
b9c5db54b6
Revert incorrect module name
2022-06-03 11:30:13 +01:00
Matt Willsher
90338a3f0a
Fix various linting issues
2022-06-03 11:22:17 +01:00
Jakub Jelen
b1421c7d2d
Refactor tasks to separate files based on the context
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
9c202bd60e
Verify the Include is in main configuration file
...
... if drop-in file is modified
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
e24ff31d2a
Ensure the ansible facts are available
2022-04-19 17:20:27 +02:00
Jakub Jelen
bd64ca7441
More portable way for sharing variables between role and tests
2022-04-19 17:20:27 +02:00
Jakub Jelen
c515ffdf94
Move the common variables to separate file
2022-04-19 17:20:27 +02:00
Jakub Jelen
09b4214a51
Clarify the magic number
2022-04-19 17:20:27 +02:00
Jakub Jelen
c1d1cdfeac
Reuse the list of skipped virtualization environments
2022-04-19 17:20:27 +02:00
Jakub Jelen
860e533713
Introduce default hostkeys to check when using drop-in directory
...
Previously no hostkeys were checked if they were not present
in the generated configuration file. When the drop-in directory is
used, usually, there are no hostkeys in that file and no sanity
check for hostkeys was executed.
This amends the "auto" value for the hostkeys check to allow checking
for default hostkeys that are read by OpenSSH by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
daa81ee84c
Unbreak FIPS detection and hostkey filtering
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
09f2c6a999
Add another virtualization platform exception
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
fc998f21c2
Fix runtime directory check
2021-11-30 16:29:06 +01:00
Jakub Jelen
67fee24ecb
Address review comments (to be squashed)
2021-11-16 15:05:22 +01:00
Jakub Jelen
7f69d1e69a
Filter out Ed25519 keys from default in FIPS mode
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
Dominik Rimpf
961f10b710
FIX: indentation including tests
2021-08-17 15:50:36 +02:00
Jakub Jelen
91784d1874
Workaround namespace feature also for RHEL6
...
The OpenSSH 5.3 in RHEL6 is so old it does not support "Match all" so we
need some creative workaround for this old stuff.
2021-08-09 10:07:09 +02:00
Jakub Jelen
b97a7b0bde
Do not assume the hostkey for the main config exists
2021-06-11 21:49:31 +02:00
Jakub Jelen
8a85e7309b
Rename sshd_namespace_append to sshd_config_namespace
2021-06-11 21:49:31 +02:00
Jakub Jelen
ad399343c9
Skip defaults when appending configuration
2021-06-01 16:09:23 +02:00
Jakub Jelen
8e180cfb48
Add new identification for Github Actions virtualization platform
2021-06-01 16:09:23 +02:00
Jakub Jelen
380ebd21d9
Support for appending a snippet to configuration file
2021-06-01 16:09:23 +02:00
Noriko Hosoi
6887864d2c
Fix issues found by linters - enable all tests on all repos - remove suppressions
...
Cleaning up yamllint errors.
- Use .yamllint.yml and .yamllint_defaults.yml instead of
.yamllint.yaml.
- Fix the invalid indentations.
Cleaning up ansible-lint errors.
- Add "name" to every task.
- Use command rather than shell
- Add "changed_when: false".
- Use '|' instead of '>' for the shell module.
- Fix '/bin/sh: line 3: CRYPTO_POLICY: unbound variable'.
- Add "set -eu" and "set -o pipefail" if pipefail is available.
Note: "pipefail" is not available in "sh" and "dash".
- Add "- '306' # Shells that use pipes should set the pipefail option"
to .ansible-lint since ansible-lint does not recognize it if it's set
in "if set -o | grep pipefail".
RHELPLAN-73804
2021-04-09 10:27:42 -07:00
Jakub Jelen
c9015f37c3
variables: Use more specific vars file first
2020-12-11 13:25:19 +01:00
Jakub Jelen
425400d521
Do not attempt to create and verify sysconfig on unrelated systems
2020-12-11 13:25:19 +01:00
Jakub Jelen
48dc56b2d2
Recognize podman container runtime and ignore services there
2020-12-11 13:25:19 +01:00
Jakub Jelen
6b36488299
Check runtime directory for running CI in Debian and Ubuntu
2020-12-11 13:25:19 +01:00
Jakub Jelen
f12b322aae
Accept single hostkey as a string too
2020-12-11 13:25:19 +01:00
Jakub Jelen
a1ee1c0f77
Hide changes to temporary files
2020-11-16 11:20:56 +01:00
Jakub Jelen
94553a887e
Create temporary hostkeys for test if there are none
...
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24
Implement hostkey checks
...
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051
Remove set_facts tasks not to polute global namespace
...
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series
ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
634d87490e
Exclude service commands in Github Action CI
2020-11-06 11:35:10 +01:00
Jakub Jelen
71b3f87308
Add support for sysconfig on Fedora/RHEL
...
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).
Fixes : #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
9e7eae712d
Reformat yaml files to avoid wrong indentation, trailing spaces and long lines
2020-09-23 14:49:42 +02:00
Dmitriy Rabotyagov
065812b345
Use ansible_distribution_major_version in variables
...
In order to collect variables, it's worth using
ansible_distribution_major_version as ansible_distribution_version
changes behaviour between ansible releases, ie [1]
This causes CentOS jobs fail with 2.8.13, as
ansible_distribution_version there is '7.8' [2]
[1] https://github.com/ansible/ansible/issues/57463
[2] https://zuul.opendev.org/t/openstack/build/e5ae88e08ac546ccb0e7ab99f8f0a051/log/zuul-info/host-info.centos-7.yaml#141
2020-09-21 18:11:28 +03:00
Matt Willsher
8815689d72
Merge branch 'master' into master
2020-09-18 21:53:45 +01:00
Matt Willsher
4a2dc9a381
Merge branch 'master' into master
2020-09-18 21:42:16 +01:00
Matt Willsher
2ebe1c6917
Update install.yml
2020-09-18 21:37:55 +01:00