Jakub Jelen
860e533713
Introduce default hostkeys to check when using drop-in directory
...
Previously no hostkeys were checked if they were not present
in the generated configuration file. When the drop-in directory is
used, usually, there are no hostkeys in that file and no sanity
check for hostkeys was executed.
This amends the "auto" value for the hostkeys check to allow checking
for default hostkeys that are read by OpenSSH by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
9502c325ea
tests: Add negative test for FIPS mode
...
This fixes also a typo that was overlooked previously
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
daa81ee84c
Unbreak FIPS detection and hostkey filtering
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
09f2c6a999
Add another virtualization platform exception
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
57357b0be7
tests: Slurp the correct file when writing main config
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
17bc0cbb1b
tests: Fix OS detection to match also CentOS 9
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
9345faa5a1
Set explicit path to the main configuration file to work well with the drop-in directory
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
295f1930d4
Update templates to apply FIPS hostkeys filter
...
This fixes up the commit 7f69d1e6
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
4b6332aaae
CI: Unbreak the ansible-lint action
2022-04-19 17:20:27 +02:00
Jakub Jelen
afcefb6442
CI: Squash Debian targets into single file and remove the :latest
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
2d7009c59a
CI: Squash CentOS actions into signle file
...
* add CentOS 9
* use better tasks names
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Matt Willsher
59a3cb190f
Merge pull request #175 from Jakuje/runtime-directory
2022-01-21 09:31:09 +00:00
Jakub Jelen
fc998f21c2
Fix runtime directory check
2021-11-30 16:29:06 +01:00
Jakub Jelen
214df35c0b
Do not try to execute requirements as a playbooks in CI
2021-11-16 15:05:22 +01:00
Jakub Jelen
67fee24ecb
Address review comments (to be squashed)
2021-11-16 15:05:22 +01:00
Jakub Jelen
ee63bacdcd
tests: Verify the default hostkeys can be excluded in FIPS mode
...
ignore failures to bind fips_enabled into /proc/sys/crypto as it looks
like this does not work in the Github Actions containers.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
Jakub Jelen
7f69d1e69a
Filter out Ed25519 keys from default in FIPS mode
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
ColdPain
71eab116bd
README: fix meta/make_option_lists link
2021-11-09 14:03:41 +01:00
Matt Willsher
57c54e5268
Merge pull request #171 from spetrosi/fix-ansible-managed
2021-09-23 07:36:07 +01:00
Sergei Petrosian
44a7d8fb20
Use {{ ansible_managed | comment }} to fix multi-line ansible_managed
...
BZ#2006230, BZ#2006231, BZ#2006233
2021-09-21 12:44:12 +02:00
Matt Willsher
b1fe667432
Merge pull request #164 from spetrosi/drop-ansible-2.8
...
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
2021-08-18 04:40:59 +01:00
Matt Willsher
8349916e52
Merge pull request #169 from Jakuje/rip-travis
...
Remove travis configuration and update readme with new badges
2021-08-18 04:32:53 +01:00
Jakub Jelen
d8b9ae4793
README: Replace travis icons with Github Actions
2021-08-17 15:51:53 +02:00
Jakub Jelen
1be967aac8
Remove unused travis configuration
2021-08-17 15:51:51 +02:00
Dominik Rimpf
961f10b710
FIX: indentation including tests
2021-08-17 15:50:36 +02:00
Dominik Rimpf
c6b89726ea
FIX: syntax
2021-08-17 15:26:43 +02:00
L3D
00df9a1855
the bullseye check is using the "main" branch
...
The https://github.com/marketplace/actions/check-ansible-debian-bullseye is available at the "main" branch.
2021-08-17 15:26:43 +02:00
Dominik Rimpf
6b1b328de3
ADD: doc bullseye support & github workflow on bullseye
2021-08-17 15:26:43 +02:00
Dominik Rimpf
ca83655c2a
ADD: bullseye support
2021-08-17 15:26:43 +02:00
Matt Willsher
1c5c48835e
Merge pull request #165 from Jakuje/centos6
2021-08-10 21:39:29 +01:00
Jakub Jelen
d9e1934a83
Add CentOS 6 to CI
2021-08-09 10:09:34 +02:00
Jakub Jelen
2e3b3c0581
tests: Skip the negative test in RHEL6
...
The ansible_failed_result is not available in old Ansible on RHEL6
2021-08-09 10:08:56 +02:00
Jakub Jelen
9326a46dd8
tests: Skip the OS defaults test on CentOS 6 too
...
The CentOS6/RHEL6 images have modified sshd_config from what is shipped
in rpm package
2021-08-09 10:08:22 +02:00
Jakub Jelen
f6d26d8781
tests: Skip service status check on RHEL6
...
the init system there can not just "check" the status
2021-08-09 10:07:52 +02:00
Jakub Jelen
d16170bf31
tests: Skip the negative test in RHEL6 entirely
2021-08-09 10:07:37 +02:00
Jakub Jelen
a2646b7551
tests: Fix condition to match also CentOS
2021-08-09 10:07:28 +02:00
Jakub Jelen
f1ab555084
tests: The AcceptEnv is not accepted in Match block on RHEL6
2021-08-09 10:07:28 +02:00
Jakub Jelen
91784d1874
Workaround namespace feature also for RHEL6
...
The OpenSSH 5.3 in RHEL6 is so old it does not support "Match all" so we
need some creative workaround for this old stuff.
2021-08-09 10:07:09 +02:00
Sergei Petrosian
5039e29910
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
...
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197
2021-08-06 10:01:31 +02:00
Jakub Jelen
ee2096d680
Add support for RHEL 9 and adjust tests for it
2021-08-03 17:35:24 +02:00
Jakub Jelen
c4db22f16d
Add configuration options from OpenSSH 8.6
2021-06-12 08:31:10 +02:00
Jakub Jelen
d1446017e9
tests: Create temporary hostkey with proper backup
2021-06-11 21:49:31 +02:00
Jakub Jelen
b97a7b0bde
Do not assume the hostkey for the main config exists
2021-06-11 21:49:31 +02:00
Jakub Jelen
8a85e7309b
Rename sshd_namespace_append to sshd_config_namespace
2021-06-11 21:49:31 +02:00
Jakub Jelen
00ad695691
Move defaults to vars/main.yml
2021-06-10 19:53:00 +02:00
Jakub Jelen
eaa6f92a29
Move the adjusted configuration options to the public API
2021-06-10 19:53:00 +02:00
Jakub Jelen
2a1426453b
Increase test coverage for sshd_config_{owner,group,mode} variables with both invocations
2021-06-10 19:53:00 +02:00
Jakub Jelen
e8b751335e
Use proper variable precedence for configuratil file variables
2021-06-10 19:53:00 +02:00
Jakub Jelen
17022bb46d
Test role invocation through old 'roles'
2021-06-10 19:53:00 +02:00
Jakub Jelen
345eeed0c0
Fix variable precedence for sshd_hostkey_* variables
...
This worked fine with the new include_role: invocation, but not with
the old roles: invocation.
2021-06-10 19:53:00 +02:00