ansible-sshd/tests/tasks/setup.yml

68 lines
2.2 KiB
YAML

---
- name: Ensure apt sources are up to date on debian systems
ansible.builtin.apt:
update_cache: true
when:
- ansible_facts['distribution'] == 'Debian'
- name: Ensure unminimize package is installed
ansible.builtin.apt:
pkg:
- unminimize
when:
- ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 24
- name: Determine if system is ostree and set flag
when: not __sshd_is_ostree is defined
block:
- name: Check if system is ostree
ansible.builtin.stat:
path: /run/ostree-booted
register: __ostree_booted_stat
- name: Set flag to indicate system is ostree
ansible.builtin.set_fact:
__sshd_is_ostree: "{{ __ostree_booted_stat.stat.exists }}"
- name: Ensure test users exist on ostree systems
ansible.builtin.shell: |
if ! grep -q ^nobody /etc/passwd && grep -q ^nobody /usr/lib/passwd; then
grep ^nobody /usr/lib/passwd >> /etc/passwd
fi
if ! grep -q ^nobody /etc/group && grep -q ^nobody /usr/lib/group; then
grep ^nobody /usr/lib/group >> /etc/group
fi
when: __sshd_is_ostree | d(false)
changed_when: true
- name: Make sure openssh is installed before creating backup
ansible.builtin.package:
name: openssh-server
state: present
use: "{{ (__sshd_is_ostree | d(false)) |
ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
- name: Make sure openssh has runtime directory on debian
ansible.builtin.file:
path: /run/sshd
state: directory
owner: root
group: root
mode: "0755"
when:
- ansible_facts['os_family'] == 'Debian'
- name: Define common variables
ansible.builtin.set_fact:
main_sshd_config: /etc/ssh/sshd_config
main_sshd_config_name: sshd_config
main_sshd_config_path: /etc/ssh/
- name: Define specific variables
ansible.builtin.set_fact:
main_sshd_config: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
main_sshd_config_name: 00-ansible_system_role.conf
main_sshd_config_path: /etc/ssh/sshd_config.d/
when:
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)