* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
Use facts via ansible_facts only.
Made using:
git ls-files -z|grep -z yml|xargs -0r sed --follow-symlinks -Ei \
"s/ansible_(virtualization_type|os_family|distribution\w*)/ansible_facts['\1']/g"
Use `true/false` instead of `yes/no`
Ensure use of FQCN for builtin modules
Use correct spacing in Jinja expressions
All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter
Use `ansible.posix.mount` instead of `ansible.builtin.mount`
Use `set -o pipefail` with `shell` module where supported by the platform shell
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Previously no hostkeys were checked if they were not present
in the generated configuration file. When the drop-in directory is
used, usually, there are no hostkeys in that file and no sanity
check for hostkeys was executed.
This amends the "auto" value for the hostkeys check to allow checking
for default hostkeys that are read by OpenSSH by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Cleaning up yamllint errors.
- Use .yamllint.yml and .yamllint_defaults.yml instead of
.yamllint.yaml.
- Fix the invalid indentations.
Cleaning up ansible-lint errors.
- Add "name" to every task.
- Use command rather than shell
- Add "changed_when: false".
- Use '|' instead of '>' for the shell module.
- Fix '/bin/sh: line 3: CRYPTO_POLICY: unbound variable'.
- Add "set -eu" and "set -o pipefail" if pipefail is available.
Note: "pipefail" is not available in "sh" and "dash".
- Add "- '306' # Shells that use pipes should set the pipefail option"
to .ansible-lint since ansible-lint does not recognize it if it's set
in "if set -o | grep pipefail".
RHELPLAN-73804
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix#111
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series
ttps://github.com/oasis-roles/meta_standards#ansible-best-practices