This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix#111
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series
ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
This change will allow the play to continue without error if unsupported hosts are in the lists of targed host.
The play will continue with the supported hosts end the play for the ones which are not supported.
For chroot connection (e.g. when building images instead of working on
live hosts) one cannot restart services etc.
Also due to Ansible bug 21026 one must run systemctl instead of using
the service module, limiting support to EL 7 for the time being.
ansible_virtualization_type is undefined in Ansible > 2.5 when no virtualization
is used. A jinja2 filter has been added that provides a default value (None) so
that the check does not fail
Atomic Host uses unsupported package manager `rpm-ostree`. So, `ansible_pkg_mgr` is `unknown` and this task will fail. `sshd` is already in base system images. Apart from this, sshd configuration is standard for Fedora/CentOS.
I'm not sure it's the right solution. May be it's better to create new boolean variable like `sshd_manage_install` and use it here in `when`.
This uses the validate option to check the config file early, which
avoids putting bad settings in place at all, and also enables a
fail-fast behaviour (errors out when processing the template module).
