--- - hosts: all vars: __sshd_test_backup_files: - /etc/ssh/sshd_config - /etc/ssh/sshd_config.d/00-ansible_system_role.conf tasks: - name: "Backup configuration files" ansible.builtin.include_tasks: tasks/backup.yml - name: Configure sshd with uncommon options, making sure it keeps running block: - name: Configure ssh with unsupported options ansible.builtin.include_role: name: ansible-sshd vars: sshd: # Unsupported in new versions, but ignored ? Protocol: 1 UsePrivilegeSeparation: no UseLogin: yes # Debian only DebianBanner: /etc/motd # Used in FreeBSD ? VersionAddendum: FreeBSD-20180909 # HPN only HPNDisabled: yes HPNBufferSize: 2MB TcpRcvBufPoll: yes NoneEnabled: yes # some builds might be without kerberos/GSSAPI KerberosAuthentication: yes GSSAPIStoreCredentialsOnRekey: yes # SSHv1 options KeyRegenerationInterval: 1h ServerKeyBits: 1024 # This one is pretty new, but works on OpenBSD only RDomain: 2 register: role_result - name: unreachable task ansible.builtin.fail: msg: UNREACH rescue: - name: Check that we failed in the role ansible.builtin.assert: that: - ansible_failed_result.msg != 'UNREACH' - not role_result.changed msg: "Role has not failed when it should have" when: - not (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6') - name: Make sure service is still running ansible.builtin.service: name: sshd state: started register: result failed_when: result.changed tags: tests::verify when: - not (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6') - name: "Restore configuration files" ansible.builtin.include_tasks: tasks/restore.yml