Commit graph

444 commits

Author SHA1 Message Date
Jakub Jelen
48dc56b2d2 Recognize podman container runtime and ignore services there 2020-12-11 13:25:19 +01:00
Jakub Jelen
a15ad61af5 Add Ubuntu and Debian test using Github Actions 2020-12-11 13:25:19 +01:00
Jakub Jelen
6b36488299 Check runtime directory for running CI in Debian and Ubuntu 2020-12-11 13:25:19 +01:00
Jakub Jelen
51be56b57a README: Clarify semantics of match blocks 2020-12-11 13:25:19 +01:00
Jakub Jelen
acb56267a1 tests: Verify variable precedence is correctly applied 2020-12-11 13:25:19 +01:00
Jakub Jelen
156373262c tests: Test match can accept dict directly 2020-12-11 13:25:19 +01:00
Jakub Jelen
f12b322aae Accept single hostkey as a string too 2020-12-11 13:25:19 +01:00
Jakub Jelen
bb979290db tests: Verify the sshd_enable variable works 2020-12-11 13:25:19 +01:00
Jakub Jelen
9032ea2b1e tests: Verify the defaults of this role do not change os defaults 2020-12-11 13:24:59 +01:00
Jakub Jelen
9ccbe04b7f tests: Implement backup & restore of important files for separate tests 2020-12-11 13:24:40 +01:00
Jakub Jelen
e04dd2a1dc Update RHEL8 defaults to match reality 2020-11-20 23:10:00 +01:00
Matt Willsher
fb0932c993
Merge pull request #146 from Jakuje/github-actions
Run tests with Github Actions and fix things on the way
2020-11-16 11:52:56 +00:00
Jakub Jelen
242058a10b tests: For Fedora containers, make sure the sshd host keys exist 2020-11-16 11:32:28 +01:00
Jakub Jelen
ff04f6ff89 tests: Replace cat with slurp 2020-11-16 11:20:56 +01:00
Jakub Jelen
a1ee1c0f77 Hide changes to temporary files 2020-11-16 11:20:56 +01:00
Jakub Jelen
567708dff6 tests: Make sure the user/group nobody is present in the test 2020-11-16 11:20:56 +01:00
Jakub Jelen
80a72b206e ci: Run the new tests also in the travis 2020-11-16 11:20:56 +01:00
Jakub Jelen
e4de9a6afd tests: Use complete connection specification for RHEL7 compatibility 2020-11-16 11:20:56 +01:00
Jakub Jelen
e000df3dd2 ci: Run tests using github actions on different OS
The Debian and Ubuntu fails sshd in test mode, because
it is missing the privilege separation directory
/run/sshd in container.
2020-11-16 11:20:56 +01:00
Jakub Jelen
823cd2d055 Fix typos 2020-11-16 11:20:56 +01:00
Jakub Jelen
e2d6a8ba0f tests: Fix for Fedora using different default configuration file 2020-11-16 11:20:56 +01:00
Jakub Jelen
f3f041b580 tests: Verify we can write main config after included one 2020-11-16 11:20:55 +01:00
Jakub Jelen
35945647e1 tests: Use the main configuration file for setting sftp subsystem 2020-11-16 11:16:57 +01:00
Jakub Jelen
33dcb0d9d4 tests: Verify we can generate hostkeys and prevent its creation if needed 2020-11-16 11:16:44 +01:00
Jakub Jelen
94553a887e Create temporary hostkeys for test if there are none
and if we are not writing the main configuration file
2020-11-16 11:10:16 +01:00
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
b3b026e353 README: Cleanup documentation and add missing configuration options 2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714 Document missing configuraiton variables & sort
as recommended by best practices:

> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.

https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00
Jakub Jelen
22ed476ab4 README: Bring the sshd_config_file to the public API 2020-11-16 11:10:16 +01:00
Jakub Jelen
69e6ede5fb README: Do not confuse vim syntax highlighter 2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
634d87490e Exclude service commands in Github Action CI 2020-11-06 11:35:10 +01:00
Jakub Jelen
ad913968ac Add a symlink to make tests working in CI without modification to ansible.cfg 2020-11-06 11:35:10 +01:00
Jakub Jelen
4b944a6c98 tests: Check for the sysconfig configuration only on relevant OS 2020-11-06 10:57:23 +01:00
Jakub Jelen
f1eef49960 gentoo: Remove bogus default values 2020-11-06 10:30:29 +01:00
Matt Willsher
6ad8a3e706
Merge pull request #144 from Jakuje/tests
Rename tests to follow best practices and make gallaxy linters happy
2020-10-28 17:52:15 +00:00
Jakub Jelen
a80105069c Run yamllint with galaxy configuration to avoid quality penalty 2020-10-21 22:08:39 +02:00
Jakub Jelen
8414fd5994 tests: Remove trailing newlines to satisfy galaxy linters 2020-10-21 18:32:49 +02:00
Jakub Jelen
7da7f8199f Rename test to tests 2020-10-21 18:32:49 +02:00
Jakub Jelen
0ba1b77f92 tests: Remove duplicate become (already specified on ansible-playbook commandline) 2020-10-21 18:32:49 +02:00
Jakub Jelen
1fbe49934e tests: Remove duplicate newlines 2020-10-21 18:32:39 +02:00
Matt Willsher
83606e2f13
Merge pull request #142 from Jakuje/crypto-policies
Support /etc/sysconfig/sshd to override crypto policies and handle more advanced use cases
2020-10-15 10:06:44 +01:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies 2020-10-15 10:02:03 +01:00
Matt Willsher
b1f4d9c9bb
Merge pull request #143 from Jakuje/match
Implement more natural match blocks and test them
2020-10-15 09:52:44 +01:00
Jakub Jelen
6ed5341f32 Test match blocks generators 2020-10-08 18:45:01 +02:00
Jakub Jelen
e31592899c Allow listing match blocks in more nature manner 2020-10-08 18:11:00 +02:00
Jakub Jelen
1f9b67d830 test sysconfig template 2020-10-06 21:21:18 +02:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Matt Willsher
b6e9e863d7
Merge pull request #139 from Jakuje/patch-1
README: Fix missing code block termination
2020-10-03 15:35:33 +01:00
Jakub Jelen
a10ddff535
README: Fix missing code block termination 2020-09-24 10:55:54 +02:00