Jakub Jelen
e000df3dd2
ci: Run tests using github actions on different OS
...
The Debian and Ubuntu fails sshd in test mode, because
it is missing the privilege separation directory
/run/sshd in container.
2020-11-16 11:20:56 +01:00
Jakub Jelen
823cd2d055
Fix typos
2020-11-16 11:20:56 +01:00
Jakub Jelen
e2d6a8ba0f
tests: Fix for Fedora using different default configuration file
2020-11-16 11:20:56 +01:00
Jakub Jelen
f3f041b580
tests: Verify we can write main config after included one
2020-11-16 11:20:55 +01:00
Jakub Jelen
35945647e1
tests: Use the main configuration file for setting sftp subsystem
2020-11-16 11:16:57 +01:00
Jakub Jelen
33dcb0d9d4
tests: Verify we can generate hostkeys and prevent its creation if needed
2020-11-16 11:16:44 +01:00
Jakub Jelen
94553a887e
Create temporary hostkeys for test if there are none
...
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24
Implement hostkey checks
...
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
b3b026e353
README: Cleanup documentation and add missing configuration options
2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714
Document missing configuraiton variables & sort
...
as recommended by best practices:
> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.
https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00
Jakub Jelen
22ed476ab4
README: Bring the sshd_config_file to the public API
2020-11-16 11:10:16 +01:00
Jakub Jelen
69e6ede5fb
README: Do not confuse vim syntax highlighter
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051
Remove set_facts tasks not to polute global namespace
...
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series
ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
634d87490e
Exclude service commands in Github Action CI
2020-11-06 11:35:10 +01:00
Jakub Jelen
ad913968ac
Add a symlink to make tests working in CI without modification to ansible.cfg
2020-11-06 11:35:10 +01:00
Jakub Jelen
4b944a6c98
tests: Check for the sysconfig configuration only on relevant OS
2020-11-06 10:57:23 +01:00
Jakub Jelen
f1eef49960
gentoo: Remove bogus default values
2020-11-06 10:30:29 +01:00
Matt Willsher
6ad8a3e706
Merge pull request #144 from Jakuje/tests
...
Rename tests to follow best practices and make gallaxy linters happy
2020-10-28 17:52:15 +00:00
Jakub Jelen
a80105069c
Run yamllint with galaxy configuration to avoid quality penalty
2020-10-21 22:08:39 +02:00
Jakub Jelen
8414fd5994
tests: Remove trailing newlines to satisfy galaxy linters
2020-10-21 18:32:49 +02:00
Jakub Jelen
7da7f8199f
Rename test to tests
2020-10-21 18:32:49 +02:00
Jakub Jelen
0ba1b77f92
tests: Remove duplicate become (already specified on ansible-playbook commandline)
2020-10-21 18:32:49 +02:00
Jakub Jelen
1fbe49934e
tests: Remove duplicate newlines
2020-10-21 18:32:39 +02:00
Matt Willsher
83606e2f13
Merge pull request #142 from Jakuje/crypto-policies
...
Support /etc/sysconfig/sshd to override crypto policies and handle more advanced use cases
2020-10-15 10:06:44 +01:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies
2020-10-15 10:02:03 +01:00
Matt Willsher
b1f4d9c9bb
Merge pull request #143 from Jakuje/match
...
Implement more natural match blocks and test them
2020-10-15 09:52:44 +01:00
Jakub Jelen
6ed5341f32
Test match blocks generators
2020-10-08 18:45:01 +02:00
Jakub Jelen
e31592899c
Allow listing match blocks in more nature manner
2020-10-08 18:11:00 +02:00
Jakub Jelen
1f9b67d830
test sysconfig template
2020-10-06 21:21:18 +02:00
Jakub Jelen
71b3f87308
Add support for sysconfig on Fedora/RHEL
...
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).
Fixes : #141
2020-10-06 21:11:39 +02:00
Matt Willsher
b6e9e863d7
Merge pull request #139 from Jakuje/patch-1
...
README: Fix missing code block termination
2020-10-03 15:35:33 +01:00
Jakub Jelen
a10ddff535
README: Fix missing code block termination
2020-09-24 10:55:54 +02:00
Matt Willsher
06ab644d58
Merge pull request #137 from willshersystems/fix-linting
...
Remove extra blank line
2020-09-24 07:51:10 +01:00
Matt Willsher
5841136488
Remove extra blank line
2020-09-23 21:42:00 +01:00
Matt Willsher
7a02394845
Merge pull request #136 from willshersystems/disable-broken-ansible-lint-actions
...
Disable broken ansible-lint-actions
2020-09-23 21:35:26 +01:00
Matt Willsher
bd6efc7fd3
Merge branch 'master' into disable-broken-ansible-lint-actions
2020-09-23 21:29:44 +01:00
Matt Willsher
b598348356
Merge pull request #135 from Jakuje/cleanup
...
Cleanup lint issues, update documentation, fix typos
2020-09-23 21:28:53 +01:00
Matt Willsher
9c2b81ff4d
Disable broken ansible-lint-actions
...
Ansible lint actions are currently broken for overrides of the Ansible version. Disable until fixed.
2020-09-23 21:28:29 +01:00
Matt Willsher
12e8b0aebc
Merge branch 'master' into cleanup
2020-09-23 21:25:10 +01:00
Matt Willsher
5317dd72cb
Merge pull request #134 from Jakuje/tests
...
Implement more sanity tests
2020-09-23 21:23:32 +01:00
Jakub Jelen
208a9cf348
README: Fix typos and trailing whitespace
2020-09-23 14:49:42 +02:00
Jakub Jelen
203a1a5eab
README: Update the list of supported OSes
2020-09-23 14:49:42 +02:00
Jakub Jelen
f0de8fb16e
Backup old configuration by default as recommended by OASIS
...
https://github.com/oasis-roles/meta_standards#generating-files-from-templates
2020-09-23 14:49:42 +02:00
Jakub Jelen
66a4ccbcee
meta: Update list of supported releases
2020-09-23 14:49:42 +02:00
Jakub Jelen
707e2e64a3
Update defaults for Fedora supporting Include keyword
2020-09-23 14:49:42 +02:00
Jakub Jelen
e6798c5d1e
Fix default configuration for RHEL7
2020-09-23 14:49:42 +02:00
Jakub Jelen
9e7eae712d
Reformat yaml files to avoid wrong indentation, trailing spaces and long lines
2020-09-23 14:49:42 +02:00
Jakub Jelen
2c574fdcba
avoid the use of True and False for boolean values
...
These are not in yml specification and come from python. Behavior
can differ in particular YAML implementation.
2020-09-23 14:43:40 +02:00
Jakub Jelen
e5ad657038
Test alternative configuration file creation
2020-09-23 14:35:09 +02:00
Jakub Jelen
faef930c9a
.travis.yml: Use more appropriate language tag
2020-09-23 14:35:09 +02:00