rebase sshd role to latest upstream

Rebase: 1937938

Related: rhbz#1961404
This commit is contained in:
Rich Megginson 2021-04-01 23:55:33 +02:00 committed by Noriko Hosoi
parent e1a7df37f2
commit b6f42de785
3 changed files with 1 additions and 74 deletions

View File

@ -155,7 +155,7 @@ BuildRequires: ansible >= 2.9.10
%global forgeorg15 https://github.com/willshersystems/
%global repo15 ansible-sshd
%global rolename15 sshd
%defcommit 15 e1de59b3c54e9d48a010eeca73755df339c7e628
%defcommit 15 428d390668077f0baf5e88c5834ee810ae11113c
%defcommit 16 21adc637511db86b5ba279a70a7301ef3a170669
%global rolename16 ssh
@ -204,9 +204,6 @@ Patch54: network-ansible-test.diff
Patch61: storage-ansible-test.diff
Patch151: sshd-example.diff
Patch152: sshd-work-on-ansible28-jinja27.diff
BuildArch: noarch
# These are needed for md2html.sh to build the documentation
@ -279,8 +276,6 @@ cd %{rolename6}
%patch61 -p1
cd ..
cd %{rolename15}
%patch151 -p1
%patch152 -p1
sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" tests/*.yml examples/*.yml
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml examples/*.yml README.md
cd ..

View File

@ -1,43 +0,0 @@
diff --git a/README.md b/README.md
index 676ad72..dc06d85 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
the service is able to start on the first attempt. To disable this check, set
this to empty list.
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
Use these variables to set the ownership and permissions for the host keys from
the above list.
@@ -273,6 +273,8 @@ for example:
X11Forwarding: yes
```
+More example playbooks can be found in [`examples/`](examples/) directory.
+
Template Generation
-------------------
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
new file mode 100644
index 0000000..156e629
--- /dev/null
+++ b/examples/example-root-login.yml
@@ -0,0 +1,15 @@
+---
+- hosts: all
+ tasks:
+ - name: Configure sshd to prevent root and password login except from particular subnet
+ include_role:
+ name: ansible-sshd
+ vars:
+ sshd:
+ # root login and password login is enabled only from a particular subnet
+ PermitRootLogin: no
+ PasswordAuthentication: no
+ Match:
+ - Condition: "Address 192.0.2.0/24"
+ PermitRootLogin: yes
+ PasswordAuthentication: yes

View File

@ -1,25 +0,0 @@
From bb612fb6c5f76a40fce368acb43d2847e699213d Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Thu, 28 Jan 2021 15:56:14 -0700
Subject: [PATCH] use state: absent instead of state: missing
---
tests/tests_hostkeys_missing.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/tests_hostkeys_missing.yml b/tests/tests_hostkeys_missing.yml
index 9dfe77b..5790684 100644
--- a/tests/tests_hostkeys_missing.yml
+++ b/tests/tests_hostkeys_missing.yml
@@ -40,7 +40,7 @@
- name: Make sure the key was not created
file:
path: /tmp/missing_ssh_host_rsa_key
- state: missing
+ state: absent
register: key
failed_when: key.changed
tags: tests::verify
--
2.29.2