--- - name: Test uncommon options hosts: all vars: __sshd_test_backup_files: - /etc/ssh/sshd_config - /etc/ssh/sshd_config.d/00-ansible_system_role.conf tasks: - name: "Backup configuration files" ansible.builtin.include_tasks: tasks/backup.yml - name: Configure sshd with uncommon options, making sure it keeps running when: - not (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6') block: - name: Configure ssh with unsupported options ansible.builtin.include_role: name: ansible-sshd vars: sshd_config: # Unsupported in new versions, but ignored ? Protocol: 1 UsePrivilegeSeparation: false UseLogin: true # Debian only DebianBanner: /etc/motd # Used in FreeBSD ? VersionAddendum: FreeBSD-20180909 # HPN only HPNDisabled: true HPNBufferSize: 2MB TcpRcvBufPoll: true NoneEnabled: true # some builds might be without kerberos/GSSAPI KerberosAuthentication: true GSSAPIStoreCredentialsOnRekey: true # SSHv1 options KeyRegenerationInterval: 1h ServerKeyBits: 1024 # This one is pretty new, but works on OpenBSD only RDomain: 2 register: role_result - name: Unreachable task ansible.builtin.fail: msg: UNREACH rescue: - name: Check that we failed in the role ansible.builtin.assert: that: - ansible_failed_result.msg != 'UNREACH' - not role_result.changed msg: "Role has not failed when it should have" - name: Make sure service is still running ansible.builtin.service: name: sshd state: started register: result failed_when: result.changed tags: tests::verify when: - not (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6') - name: "Restore configuration files" ansible.builtin.include_tasks: tasks/restore.yml