Feature: Allow running and testing the role with ostree managed nodes.
Reason: We have users who want to use the role to manage ostree
systems.
Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
Use facts via ansible_facts only.
Made using:
git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
"s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
Previously no hostkeys were checked if they were not present
in the generated configuration file. When the drop-in directory is
used, usually, there are no hostkeys in that file and no sanity
check for hostkeys was executed.
This amends the "auto" value for the hostkeys check to allow checking
for default hostkeys that are read by OpenSSH by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Cleaning up yamllint errors.
- Use .yamllint.yml and .yamllint_defaults.yml instead of
.yamllint.yaml.
- Fix the invalid indentations.
Cleaning up ansible-lint errors.
- Add "name" to every task.
- Use command rather than shell
- Add "changed_when: false".
- Use '|' instead of '>' for the shell module.
- Fix '/bin/sh: line 3: CRYPTO_POLICY: unbound variable'.
- Add "set -eu" and "set -o pipefail" if pipefail is available.
Note: "pipefail" is not available in "sh" and "dash".
- Add "- '306' # Shells that use pipes should set the pipefail option"
to .ansible-lint since ansible-lint does not recognize it if it's set
in "if set -o | grep pipefail".
RHELPLAN-73804
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix#111
This change will allow the play to continue without error if unsupported hosts are in the lists of targed host.
The play will continue with the supported hosts end the play for the ones which are not supported.
