Commit graph

366 commits

Author SHA1 Message Date
Alexander Christoph Bihlmaier
428d390668 UsePrivilegeSeparation is deprecated since 2017/OpenSSH 7.5 - https://www.openssh.com/txt/release-7.5 2021-02-17 13:58:25 +01:00
Michael Pardatscher
b2a48a4e4a Add Subsystem to _ssd_defaults
The Subsystem entry was missing for FreeBSD OS, noticed this while provisioning a TrueNAS box. After the first provision ansible was unable to upload any files due to that missing setting. Tested this change by adjusting the role locally and rerunning it with a clean sshd_config on the remote side, worked fine.
2021-02-17 13:48:07 +01:00
Jakub Jelen
032054b478 README: Document missing exported variable 2021-02-17 13:47:30 +01:00
Jakub Jelen
9fba3f5794 README: Fix typo 2021-02-16 20:05:57 +01:00
Jakub Jelen
3cde4cf4ef README: Reference examples directory 2021-02-16 20:05:57 +01:00
Jakub Jelen
c6f1b3b9ea examples: Provide simple example playbook 2021-02-16 20:05:57 +01:00
Matt Willsher
30ac352a24
Merge pull request #155 from richm/ansible28-jinja27 2021-02-16 16:53:17 +00:00
Rich Megginson
bb612fb6c5 use state: absent instead of state: missing 2021-01-28 15:56:14 -07:00
Matt Willsher
e1de59b3c5
Merge pull request #147 from Jakuje/tests
Improve test coverage with new test cases and new distros, fixing minor issues on the way
2020-12-11 18:21:54 +00:00
Jakub Jelen
d46e5eb226 tests: Use valid option in Match blocks in RHEL6 2020-12-11 13:25:19 +01:00
Jakub Jelen
fd144194e6 tests: Do not use ed25519 keys as they are not available in RHEL6 2020-12-11 13:25:19 +01:00
Jakub Jelen
70a9daf916 Use only RSA hostkeys in RHEL6 2020-12-11 13:25:19 +01:00
Jakub Jelen
4b0935c9a1 RHEL6: Fix defaults 2020-12-11 13:25:19 +01:00
Jakub Jelen
f1aa17930a tests: Do not use gcm ciphers as they are not available in RHEL6 2020-12-11 13:25:19 +01:00
Jakub Jelen
e92a98a97f tests: Improve testing of the sysconfig with more real example 2020-12-11 13:25:19 +01:00
Jakub Jelen
45bf0180fe tests: Verify backup files are created and can be disabled 2020-12-11 13:25:19 +01:00
Jakub Jelen
497db39466 tests: Move setup tasks to separate file 2020-12-11 13:25:19 +01:00
Jakub Jelen
9b234acbd7 Remove non-default values from Debian 9 vars file 2020-12-11 13:25:19 +01:00
Jakub Jelen
c9015f37c3 variables: Use more specific vars file first 2020-12-11 13:25:19 +01:00
Jakub Jelen
ed4e968f66 Debian: Remove default values and drop what does not match system defaults 2020-12-11 13:25:19 +01:00
Jakub Jelen
86495969dc tests: Skip hostkey test in Debian and RHEL6 as it is missing 2020-12-11 13:25:19 +01:00
Jakub Jelen
425400d521 Do not attempt to create and verify sysconfig on unrelated systems 2020-12-11 13:25:19 +01:00
Jakub Jelen
48dc56b2d2 Recognize podman container runtime and ignore services there 2020-12-11 13:25:19 +01:00
Jakub Jelen
a15ad61af5 Add Ubuntu and Debian test using Github Actions 2020-12-11 13:25:19 +01:00
Jakub Jelen
6b36488299 Check runtime directory for running CI in Debian and Ubuntu 2020-12-11 13:25:19 +01:00
Jakub Jelen
51be56b57a README: Clarify semantics of match blocks 2020-12-11 13:25:19 +01:00
Jakub Jelen
acb56267a1 tests: Verify variable precedence is correctly applied 2020-12-11 13:25:19 +01:00
Jakub Jelen
156373262c tests: Test match can accept dict directly 2020-12-11 13:25:19 +01:00
Jakub Jelen
f12b322aae Accept single hostkey as a string too 2020-12-11 13:25:19 +01:00
Jakub Jelen
bb979290db tests: Verify the sshd_enable variable works 2020-12-11 13:25:19 +01:00
Jakub Jelen
9032ea2b1e tests: Verify the defaults of this role do not change os defaults 2020-12-11 13:24:59 +01:00
Jakub Jelen
9ccbe04b7f tests: Implement backup & restore of important files for separate tests 2020-12-11 13:24:40 +01:00
Jakub Jelen
e04dd2a1dc Update RHEL8 defaults to match reality 2020-11-20 23:10:00 +01:00
Matt Willsher
fb0932c993
Merge pull request #146 from Jakuje/github-actions
Run tests with Github Actions and fix things on the way
2020-11-16 11:52:56 +00:00
Jakub Jelen
242058a10b tests: For Fedora containers, make sure the sshd host keys exist 2020-11-16 11:32:28 +01:00
Jakub Jelen
ff04f6ff89 tests: Replace cat with slurp 2020-11-16 11:20:56 +01:00
Jakub Jelen
a1ee1c0f77 Hide changes to temporary files 2020-11-16 11:20:56 +01:00
Jakub Jelen
567708dff6 tests: Make sure the user/group nobody is present in the test 2020-11-16 11:20:56 +01:00
Jakub Jelen
80a72b206e ci: Run the new tests also in the travis 2020-11-16 11:20:56 +01:00
Jakub Jelen
e4de9a6afd tests: Use complete connection specification for RHEL7 compatibility 2020-11-16 11:20:56 +01:00
Jakub Jelen
e000df3dd2 ci: Run tests using github actions on different OS
The Debian and Ubuntu fails sshd in test mode, because
it is missing the privilege separation directory
/run/sshd in container.
2020-11-16 11:20:56 +01:00
Jakub Jelen
823cd2d055 Fix typos 2020-11-16 11:20:56 +01:00
Jakub Jelen
e2d6a8ba0f tests: Fix for Fedora using different default configuration file 2020-11-16 11:20:56 +01:00
Jakub Jelen
f3f041b580 tests: Verify we can write main config after included one 2020-11-16 11:20:55 +01:00
Jakub Jelen
35945647e1 tests: Use the main configuration file for setting sftp subsystem 2020-11-16 11:16:57 +01:00
Jakub Jelen
33dcb0d9d4 tests: Verify we can generate hostkeys and prevent its creation if needed 2020-11-16 11:16:44 +01:00
Jakub Jelen
94553a887e Create temporary hostkeys for test if there are none
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
b3b026e353 README: Cleanup documentation and add missing configuration options 2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714 Document missing configuraiton variables & sort
as recommended by best practices:

> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.

https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00