mirror of
https://github.com/willshersystems/ansible-sshd
synced 2025-01-11 17:50:18 +01:00
d438f096a7
For chroot connection (e.g. when building images instead of working on live hosts) one cannot restart services etc. Also due to Ansible bug 21026 one must run systemctl instead of using the service module, limiting support to EL 7 for the time being.
59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
---
|
|
|
|
- name: OS is supported
|
|
assert:
|
|
that: __sshd_os_supported == True
|
|
|
|
- name: Install ssh packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items: "{{ sshd_packages }}"
|
|
|
|
- name: Configuration
|
|
template:
|
|
src: sshd_config.j2
|
|
dest: "{{ sshd_config_file }}"
|
|
owner: "{{ sshd_config_owner }}"
|
|
group: "{{ sshd_config_group }}"
|
|
mode: "{{ sshd_config_mode }}"
|
|
validate: "{{ sshd_binary }} -t -f %s"
|
|
notify: reload_sshd
|
|
|
|
- name: Install systemd service files
|
|
block:
|
|
- template:
|
|
src: "{{ sshd_service_template_service }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}.service"
|
|
notify: reload_sshd
|
|
- template:
|
|
src: "{{ sshd_service_template_at_service }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}@.service"
|
|
notify: reload_sshd
|
|
- template:
|
|
src: "{{ sshd_service_template_socket }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}.socket"
|
|
notify: reload_sshd
|
|
when: sshd_install_service
|
|
|
|
- name: Service enabled and running
|
|
service:
|
|
name: "{{ sshd_service }}"
|
|
enabled: true
|
|
state: started
|
|
when:
|
|
- sshd_manage_service
|
|
- ansible_virtualization_type|default(None) != 'docker'
|
|
- ansible_connection != 'chroot'
|
|
|
|
# Due to ansible bug 21026, cannot use service module on RHEL 7
|
|
- name: Enable service in chroot
|
|
command: systemctl enable {{ sshd_service }}
|
|
when:
|
|
- ansible_connection == 'chroot'
|
|
- ansible_os_family == 'RedHat'
|
|
- ansible_distribution_major_version|int >= 7
|
|
|
|
- name: Register that this role has run
|
|
set_fact: sshd_has_run=true
|
|
when: sshd_has_run is not defined
|