Commit graph

105 commits

Author SHA1 Message Date
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
634d87490e Exclude service commands in Github Action CI 2020-11-06 11:35:10 +01:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
9e7eae712d Reformat yaml files to avoid wrong indentation, trailing spaces and long lines 2020-09-23 14:49:42 +02:00
Dmitriy Rabotyagov
065812b345 Use ansible_distribution_major_version in variables
In order to collect variables, it's worth using
ansible_distribution_major_version as ansible_distribution_version
changes behaviour between ansible releases, ie [1]

This causes CentOS jobs fail with 2.8.13, as
ansible_distribution_version there is '7.8' [2]

[1] https://github.com/ansible/ansible/issues/57463
[2] https://zuul.opendev.org/t/openstack/build/e5ae88e08ac546ccb0e7ab99f8f0a051/log/zuul-info/host-info.centos-7.yaml#141
2020-09-21 18:11:28 +03:00
Matt Willsher
8815689d72
Merge branch 'master' into master 2020-09-18 21:53:45 +01:00
Matt Willsher
4a2dc9a381
Merge branch 'master' into master 2020-09-18 21:42:16 +01:00
Matt Willsher
2ebe1c6917
Update install.yml 2020-09-18 21:37:55 +01:00
Matt Willsher
31ee885d57
Merge branch 'master' into master 2020-09-18 21:28:57 +01:00
Matt Willsher
78c56e2129 Add pre-commit, fix issues 2020-09-18 20:49:22 +01:00
ahmadali shafiee
a3bac673f0 use end_host for ansible >= 2.8 2020-03-29 13:51:27 +00:00
Matt Willsher
2d0bf44cdc
Revert "End_host for unsupported hosts" 2020-03-29 14:19:41 +01:00
Spreadcat
5b04f74614
End_host for unsupported hosts
This change will allow the play to continue without error if unsupported hosts are in the lists of targed host.
The play will continue with the supported hosts end the play for the ones which are not supported.
2020-02-14 12:04:57 +01:00
Alexander Christoph Bihlmaier
cca93d5c6d variable ansible_distribution_major_version is not present on OpenBSD
and throws an error because it can't resolve it
2019-10-18 18:06:04 +02:00
Alexander Christoph Bihlmaier
63095094fc extending yaml file lookup with "ansible_distribution_version" 2019-10-03 15:07:16 +02:00
thalunil
9fedd23cf0 * OpenBSD 6.5 no longer provides ansible fact "ansible_distribution_major_version" therefore it it set to "ansible_distribution_version".
* ansible fact ansible_distribution_lts_version only makes sense on Ubuntu so set it only on Ubuntu -> otherwise "ansible_distribution_version"
2019-09-30 19:57:15 +02:00
Nikolaos Kakouros
b81977c659 Merge branch 'master' into syntax 2019-06-04 11:48:02 +02:00
yurihs
efc868edc2 Ignore ansible-lint E303, usage of systemctl command is unavoidable 2019-05-23 14:50:24 -03:00
yurihs
53218db597 Use bool filter instead of bare variables or comparison to literal True (ansible-lint E601, ansible/ansible#51030) 2019-05-23 14:50:24 -03:00
yurihs
43d65fb63a Add names to all tasks (ansible-lint E502) 2019-05-23 14:31:30 -03:00
BenGig
7a84821b8f
Backup of sshd_config dependent on variable
Propagates setting sshd_backup to template installation task
2019-03-22 11:51:39 +01:00
Robert A Vincent II
4a0f7d935a Specify search path for os vars; support odd-numbered Ubuntu releases. 2019-02-25 16:10:34 -05:00
Janne Blomqvist
d438f096a7 Make role work with chroot connections on EL 7.
For chroot connection (e.g. when building images instead of working on
live hosts) one cannot restart services etc.

Also due to Ansible bug 21026 one must run systemctl instead of using
the service module, limiting support to EL 7 for the time being.
2018-09-11 16:10:58 +03:00
Nikolaos Kakouros
da2c91d93a Adds forgotten conditional 2018-09-08 10:46:57 +02:00
Nikolaos Kakouros
10f94a1f05 Updates syntax to Ansible 2.7 era 2018-09-08 10:13:51 +02:00
Nikolaos Kakouros
a6a21a9565 Adds on/off toggle 2018-09-08 09:14:39 +02:00
Nikolaos Kakouros
5774f7f44f Adds ability to install a systemd service 2018-08-25 23:39:06 +02:00
Dan Čermák
a257ae7317 Fix for ansible_virtualization_type not defined in Ansible > 2.5
ansible_virtualization_type is undefined in Ansible > 2.5 when no virtualization
is used. A jinja2 filter has been added that provides a default value (None) so
that the check does not fail
2018-04-24 11:32:55 +02:00
Matt Willsher
f2ba8183b8 Merge branch 'master' into no-tags 2017-10-19 20:44:00 +01:00
Nikolaos Kakouros
8142c8b768 Removes tags 2017-09-06 16:17:18 +02:00
jamatute
0ec2446cae
* change ansible_pkg_mgr for package 2017-08-16 11:28:15 +02:00
Matt Willsher
43ed7c19a2 Fix Ansible 2.3 warnings 2017-05-04 14:31:26 +01:00
Matt Willsher
b2ce732450 Don't manage /var/run 2017-05-04 14:27:37 +01:00
Hoai Le
f225804f64 Fix sshd service state 2017-03-16 15:06:16 +02:00
Sergey Korolev
6d0d043bab Don't fail without package manager
Atomic Host uses unsupported package manager `rpm-ostree`. So, `ansible_pkg_mgr` is `unknown` and this task will fail. `sshd` is already in base system images. Apart from this, sshd configuration is standard for Fedora/CentOS.

I'm not sure it's the right solution. May be it's better to create new boolean variable like `sshd_manage_install` and use it here in `when`.
2016-12-22 16:48:27 +03:00
Harald Koch
f68fb55dad fix deprecation warning for sshd_packages (fixes issue #38) 2016-03-08 12:00:56 -05:00
Aleksandr Kostyrev
445261a297 Do not manage /var/run/sshd on CentOS7 fixes #27 2015-08-12 18:41:46 +03:00
Matt Willsher
812a1e1267 Fix issues raised in #22 2015-06-28 10:18:45 +01:00
jitakirin
d0b2b029a1 Verify SSHd config early
This uses the validate option to check the config file early, which
avoids putting bad settings in place at all, and also enables a
fail-fast behaviour (errors out when processing the template module).
2015-06-26 11:38:09 +01:00
jitakirin
951df8c65b Ensure run directory exists
This is usually also done in service scripts during startup but those
aren't always used in containers.  Doesn't hurt ensuring it here.
2015-06-25 15:13:10 +01:00
jitakirin
bcd864fea4 Add sshd_manage_service option
Allows disabling management of SSHd service completely, which is handy
when used in a container (where ansible is usually used during build
phase).
2015-06-25 14:54:24 +01:00
Matt Willsher
f2648cc295 Add defaults.yml back in to stop failure on var import 2015-01-15 10:26:40 +00:00
Matt Willsher
a9c307a3d6 Register fact when this role has run 2015-01-14 19:44:17 +00:00
Matt Willsher
849257c2f4 Add test for supported OS 2015-01-13 17:41:56 +00:00
Matt Willsher
7ef39b761f Naming tidy up 2015-01-13 13:26:52 +00:00
Matt Willsher
583fda4981 Change to var file search path 2015-01-04 15:49:35 +00:00
Matt Willsher
3232f924a5 Add tags 2014-12-25 20:02:44 +00:00
Matt Willsher
3689ad7020 More distro supported, better docs 2014-12-22 20:19:44 +00:00
Matt Willsher
906d8d574d Remove debug 2014-12-22 18:50:23 +00:00
Matt Willsher
2194672579 Add EL6 defaults 2014-12-22 10:05:09 +00:00
Matt Willsher
26a0f5e350 Seperate defaults dict 2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805 Improve option rendering, allow per OS defaults 2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7 Allow overrides, force sftp for Ansible 2014-12-21 20:29:13 +00:00
Matt Willsher
220a5cdb54 Initial commit 2014-12-18 22:12:51 +00:00