Specifics:
* Debian 12 has no longer the instantiated service using inet, see the
following commit:
0dc73888bb
* I am not matching the Description tag verbosely as I do not find it
crucial for functionality.
* We generate additional -f switch to the sshd CLI pointing go the main
sshd config we manage
* The Before=sshd.service in the socket is not generated as I find it
unnecessary when we conflict the service.
* Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
set for all Ubuntu/Debian as it should not hurt.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
The old ansible-community ansible-lint is deprecated. There is a
new ansible-lint github action.
The latest Ansible repo gating tests run ansible-lint against
the collection format instead of against individual roles.
We have to convert the role to collection format before running
ansible-test.
This also requires tox-lsr 3.2.1
Role developers can run this locally using
`tox -e collection,ansible-lint-collection`
See https://github.com/linux-system-roles/tox-lsr/pull/125
Fix ansible-lint and ansible-test issues reported by the
latest 2.16 versions.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Feature: Allow running and testing the role with ostree managed nodes.
Reason: We have users who want to use the role to manage ostree
systems.
Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
I noticed some test failures in tests that check ownership/permissions
of config files. The tests were recently changed to reuse the same
VM, so I suspect config files were not being backed up/restored with
the correct file attributes. Use `cp -a` to preserve all file
attributes.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
Use facts via ansible_facts only.
Made using:
git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
"s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
Add the following files: tests/tasks/check_header.yml and
tests/templates/get_ansible_managed.j2.
Use check_header.yml to check generated files for the ansible_managed
and fingerprint headers.
check_header.yml takes these parameters. `fingerprint` is required,
and one of `__file` or `__file_content`:
* `__file` - the full path of the file to check e.g. `/etc/realmd.conf`
* `__file_content` - the output of `slurp` of the file
* `__fingerprint` - required - the fingerprint string `system_role:$ROLENAME` e.g.
`__fingerprint: "system_role:postfix"`
* `__comment_type` - optional, default `plain` - the type of comments used
e.g. `__comment_type: c` for C/C++-style comments. `plain` uses `#`.
See https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#adding-comments-to-files
for the different types of comment styles supported.
Example:
```
- name: Check generated files for ansible_managed, fingerprint
include_tasks: tasks/check_header.yml
vars:
__file: /etc/myfile.conf
__fingerprint: "system_role:my_role"
```
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/
This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Use `true/false` instead of `yes/no`
Ensure use of FQCN for builtin modules
Use correct spacing in Jinja expressions
All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter
Use `ansible.posix.mount` instead of `ansible.builtin.mount`
Use `set -o pipefail` with `shell` module where supported by the platform shell
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
When testing with cloud-init, it modifies the sshd_configuration and can
replace some tabs with whitespaces. This happens frequently around the
subsystem keyword. There are no functional changes, but the matching
did not work as expected.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>