Alexander Christoph Bihlmaier
428d390668
UsePrivilegeSeparation is deprecated since 2017/OpenSSH 7.5 - https://www.openssh.com/txt/release-7.5
2021-02-17 13:58:25 +01:00
Michael Pardatscher
b2a48a4e4a
Add Subsystem to _ssd_defaults
...
The Subsystem entry was missing for FreeBSD OS, noticed this while provisioning a TrueNAS box. After the first provision ansible was unable to upload any files due to that missing setting. Tested this change by adjusting the role locally and rerunning it with a clean sshd_config on the remote side, worked fine.
2021-02-17 13:48:07 +01:00
Jakub Jelen
032054b478
README: Document missing exported variable
2021-02-17 13:47:30 +01:00
Jakub Jelen
9fba3f5794
README: Fix typo
2021-02-16 20:05:57 +01:00
Jakub Jelen
3cde4cf4ef
README: Reference examples directory
2021-02-16 20:05:57 +01:00
Jakub Jelen
c6f1b3b9ea
examples: Provide simple example playbook
2021-02-16 20:05:57 +01:00
Matt Willsher
30ac352a24
Merge pull request #155 from richm/ansible28-jinja27
2021-02-16 16:53:17 +00:00
Rich Megginson
bb612fb6c5
use state: absent instead of state: missing
2021-01-28 15:56:14 -07:00
Matt Willsher
e1de59b3c5
Merge pull request #147 from Jakuje/tests
...
Improve test coverage with new test cases and new distros, fixing minor issues on the way
2020-12-11 18:21:54 +00:00
Jakub Jelen
d46e5eb226
tests: Use valid option in Match blocks in RHEL6
2020-12-11 13:25:19 +01:00
Jakub Jelen
fd144194e6
tests: Do not use ed25519 keys as they are not available in RHEL6
2020-12-11 13:25:19 +01:00
Jakub Jelen
70a9daf916
Use only RSA hostkeys in RHEL6
2020-12-11 13:25:19 +01:00
Jakub Jelen
4b0935c9a1
RHEL6: Fix defaults
2020-12-11 13:25:19 +01:00
Jakub Jelen
f1aa17930a
tests: Do not use gcm ciphers as they are not available in RHEL6
2020-12-11 13:25:19 +01:00
Jakub Jelen
e92a98a97f
tests: Improve testing of the sysconfig with more real example
2020-12-11 13:25:19 +01:00
Jakub Jelen
45bf0180fe
tests: Verify backup files are created and can be disabled
2020-12-11 13:25:19 +01:00
Jakub Jelen
497db39466
tests: Move setup tasks to separate file
2020-12-11 13:25:19 +01:00
Jakub Jelen
9b234acbd7
Remove non-default values from Debian 9 vars file
2020-12-11 13:25:19 +01:00
Jakub Jelen
c9015f37c3
variables: Use more specific vars file first
2020-12-11 13:25:19 +01:00
Jakub Jelen
ed4e968f66
Debian: Remove default values and drop what does not match system defaults
2020-12-11 13:25:19 +01:00
Jakub Jelen
86495969dc
tests: Skip hostkey test in Debian and RHEL6 as it is missing
2020-12-11 13:25:19 +01:00
Jakub Jelen
425400d521
Do not attempt to create and verify sysconfig on unrelated systems
2020-12-11 13:25:19 +01:00
Jakub Jelen
48dc56b2d2
Recognize podman container runtime and ignore services there
2020-12-11 13:25:19 +01:00
Jakub Jelen
a15ad61af5
Add Ubuntu and Debian test using Github Actions
2020-12-11 13:25:19 +01:00
Jakub Jelen
6b36488299
Check runtime directory for running CI in Debian and Ubuntu
2020-12-11 13:25:19 +01:00
Jakub Jelen
51be56b57a
README: Clarify semantics of match blocks
2020-12-11 13:25:19 +01:00
Jakub Jelen
acb56267a1
tests: Verify variable precedence is correctly applied
2020-12-11 13:25:19 +01:00
Jakub Jelen
156373262c
tests: Test match can accept dict directly
2020-12-11 13:25:19 +01:00
Jakub Jelen
f12b322aae
Accept single hostkey as a string too
2020-12-11 13:25:19 +01:00
Jakub Jelen
bb979290db
tests: Verify the sshd_enable variable works
2020-12-11 13:25:19 +01:00
Jakub Jelen
9032ea2b1e
tests: Verify the defaults of this role do not change os defaults
2020-12-11 13:24:59 +01:00
Jakub Jelen
9ccbe04b7f
tests: Implement backup & restore of important files for separate tests
2020-12-11 13:24:40 +01:00
Jakub Jelen
e04dd2a1dc
Update RHEL8 defaults to match reality
2020-11-20 23:10:00 +01:00
Matt Willsher
fb0932c993
Merge pull request #146 from Jakuje/github-actions
...
Run tests with Github Actions and fix things on the way
2020-11-16 11:52:56 +00:00
Jakub Jelen
242058a10b
tests: For Fedora containers, make sure the sshd host keys exist
2020-11-16 11:32:28 +01:00
Jakub Jelen
ff04f6ff89
tests: Replace cat with slurp
2020-11-16 11:20:56 +01:00
Jakub Jelen
a1ee1c0f77
Hide changes to temporary files
2020-11-16 11:20:56 +01:00
Jakub Jelen
567708dff6
tests: Make sure the user/group nobody is present in the test
2020-11-16 11:20:56 +01:00
Jakub Jelen
80a72b206e
ci: Run the new tests also in the travis
2020-11-16 11:20:56 +01:00
Jakub Jelen
e4de9a6afd
tests: Use complete connection specification for RHEL7 compatibility
2020-11-16 11:20:56 +01:00
Jakub Jelen
e000df3dd2
ci: Run tests using github actions on different OS
...
The Debian and Ubuntu fails sshd in test mode, because
it is missing the privilege separation directory
/run/sshd in container.
2020-11-16 11:20:56 +01:00
Jakub Jelen
823cd2d055
Fix typos
2020-11-16 11:20:56 +01:00
Jakub Jelen
e2d6a8ba0f
tests: Fix for Fedora using different default configuration file
2020-11-16 11:20:56 +01:00
Jakub Jelen
f3f041b580
tests: Verify we can write main config after included one
2020-11-16 11:20:55 +01:00
Jakub Jelen
35945647e1
tests: Use the main configuration file for setting sftp subsystem
2020-11-16 11:16:57 +01:00
Jakub Jelen
33dcb0d9d4
tests: Verify we can generate hostkeys and prevent its creation if needed
2020-11-16 11:16:44 +01:00
Jakub Jelen
94553a887e
Create temporary hostkeys for test if there are none
...
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24
Implement hostkey checks
...
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
b3b026e353
README: Cleanup documentation and add missing configuration options
2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714
Document missing configuraiton variables & sort
...
as recommended by best practices:
> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.
https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00