Commit graph

432 commits

Author SHA1 Message Date
Jakub Jelen
242058a10b tests: For Fedora containers, make sure the sshd host keys exist 2020-11-16 11:32:28 +01:00
Jakub Jelen
ff04f6ff89 tests: Replace cat with slurp 2020-11-16 11:20:56 +01:00
Jakub Jelen
a1ee1c0f77 Hide changes to temporary files 2020-11-16 11:20:56 +01:00
Jakub Jelen
567708dff6 tests: Make sure the user/group nobody is present in the test 2020-11-16 11:20:56 +01:00
Jakub Jelen
80a72b206e ci: Run the new tests also in the travis 2020-11-16 11:20:56 +01:00
Jakub Jelen
e4de9a6afd tests: Use complete connection specification for RHEL7 compatibility 2020-11-16 11:20:56 +01:00
Jakub Jelen
e000df3dd2 ci: Run tests using github actions on different OS
The Debian and Ubuntu fails sshd in test mode, because
it is missing the privilege separation directory
/run/sshd in container.
2020-11-16 11:20:56 +01:00
Jakub Jelen
823cd2d055 Fix typos 2020-11-16 11:20:56 +01:00
Jakub Jelen
e2d6a8ba0f tests: Fix for Fedora using different default configuration file 2020-11-16 11:20:56 +01:00
Jakub Jelen
f3f041b580 tests: Verify we can write main config after included one 2020-11-16 11:20:55 +01:00
Jakub Jelen
35945647e1 tests: Use the main configuration file for setting sftp subsystem 2020-11-16 11:16:57 +01:00
Jakub Jelen
33dcb0d9d4 tests: Verify we can generate hostkeys and prevent its creation if needed 2020-11-16 11:16:44 +01:00
Jakub Jelen
94553a887e Create temporary hostkeys for test if there are none
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
b3b026e353 README: Cleanup documentation and add missing configuration options 2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714 Document missing configuraiton variables & sort
as recommended by best practices:

> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.

https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00
Jakub Jelen
22ed476ab4 README: Bring the sshd_config_file to the public API 2020-11-16 11:10:16 +01:00
Jakub Jelen
69e6ede5fb README: Do not confuse vim syntax highlighter 2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
634d87490e Exclude service commands in Github Action CI 2020-11-06 11:35:10 +01:00
Jakub Jelen
ad913968ac Add a symlink to make tests working in CI without modification to ansible.cfg 2020-11-06 11:35:10 +01:00
Jakub Jelen
4b944a6c98 tests: Check for the sysconfig configuration only on relevant OS 2020-11-06 10:57:23 +01:00
Jakub Jelen
f1eef49960 gentoo: Remove bogus default values 2020-11-06 10:30:29 +01:00
Matt Willsher
6ad8a3e706
Merge pull request #144 from Jakuje/tests
Rename tests to follow best practices and make gallaxy linters happy
2020-10-28 17:52:15 +00:00
Jakub Jelen
a80105069c Run yamllint with galaxy configuration to avoid quality penalty 2020-10-21 22:08:39 +02:00
Jakub Jelen
8414fd5994 tests: Remove trailing newlines to satisfy galaxy linters 2020-10-21 18:32:49 +02:00
Jakub Jelen
7da7f8199f Rename test to tests 2020-10-21 18:32:49 +02:00
Jakub Jelen
0ba1b77f92 tests: Remove duplicate become (already specified on ansible-playbook commandline) 2020-10-21 18:32:49 +02:00
Jakub Jelen
1fbe49934e tests: Remove duplicate newlines 2020-10-21 18:32:39 +02:00
Matt Willsher
83606e2f13
Merge pull request #142 from Jakuje/crypto-policies
Support /etc/sysconfig/sshd to override crypto policies and handle more advanced use cases
2020-10-15 10:06:44 +01:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies 2020-10-15 10:02:03 +01:00
Matt Willsher
b1f4d9c9bb
Merge pull request #143 from Jakuje/match
Implement more natural match blocks and test them
2020-10-15 09:52:44 +01:00
Jakub Jelen
6ed5341f32 Test match blocks generators 2020-10-08 18:45:01 +02:00
Jakub Jelen
e31592899c Allow listing match blocks in more nature manner 2020-10-08 18:11:00 +02:00
Jakub Jelen
1f9b67d830 test sysconfig template 2020-10-06 21:21:18 +02:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Matt Willsher
b6e9e863d7
Merge pull request #139 from Jakuje/patch-1
README: Fix missing code block termination
2020-10-03 15:35:33 +01:00
Jakub Jelen
a10ddff535
README: Fix missing code block termination 2020-09-24 10:55:54 +02:00
Matt Willsher
06ab644d58
Merge pull request #137 from willshersystems/fix-linting
Remove extra blank line
2020-09-24 07:51:10 +01:00
Matt Willsher
5841136488 Remove extra blank line 2020-09-23 21:42:00 +01:00
Matt Willsher
7a02394845
Merge pull request #136 from willshersystems/disable-broken-ansible-lint-actions
Disable broken ansible-lint-actions
2020-09-23 21:35:26 +01:00
Matt Willsher
bd6efc7fd3
Merge branch 'master' into disable-broken-ansible-lint-actions 2020-09-23 21:29:44 +01:00
Matt Willsher
b598348356
Merge pull request #135 from Jakuje/cleanup
Cleanup lint issues, update documentation, fix typos
2020-09-23 21:28:53 +01:00
Matt Willsher
9c2b81ff4d
Disable broken ansible-lint-actions
Ansible lint actions are currently broken for overrides of the Ansible version.  Disable until fixed.
2020-09-23 21:28:29 +01:00
Matt Willsher
12e8b0aebc
Merge branch 'master' into cleanup 2020-09-23 21:25:10 +01:00
Matt Willsher
5317dd72cb
Merge pull request #134 from Jakuje/tests
Implement more sanity tests
2020-09-23 21:23:32 +01:00
Jakub Jelen
208a9cf348 README: Fix typos and trailing whitespace 2020-09-23 14:49:42 +02:00
Jakub Jelen
203a1a5eab README: Update the list of supported OSes 2020-09-23 14:49:42 +02:00
Jakub Jelen
f0de8fb16e Backup old configuration by default as recommended by OASIS
https://github.com/oasis-roles/meta_standards#generating-files-from-templates
2020-09-23 14:49:42 +02:00
Jakub Jelen
66a4ccbcee meta: Update list of supported releases 2020-09-23 14:49:42 +02:00