rebase sshd role to latest upstream
Rebase: 1937938 Related: rhbz#1961404
This commit is contained in:
parent
e1a7df37f2
commit
b6f42de785
@ -155,7 +155,7 @@ BuildRequires: ansible >= 2.9.10
|
||||
%global forgeorg15 https://github.com/willshersystems/
|
||||
%global repo15 ansible-sshd
|
||||
%global rolename15 sshd
|
||||
%defcommit 15 e1de59b3c54e9d48a010eeca73755df339c7e628
|
||||
%defcommit 15 428d390668077f0baf5e88c5834ee810ae11113c
|
||||
|
||||
%defcommit 16 21adc637511db86b5ba279a70a7301ef3a170669
|
||||
%global rolename16 ssh
|
||||
@ -204,9 +204,6 @@ Patch54: network-ansible-test.diff
|
||||
|
||||
Patch61: storage-ansible-test.diff
|
||||
|
||||
Patch151: sshd-example.diff
|
||||
Patch152: sshd-work-on-ansible28-jinja27.diff
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
# These are needed for md2html.sh to build the documentation
|
||||
@ -279,8 +276,6 @@ cd %{rolename6}
|
||||
%patch61 -p1
|
||||
cd ..
|
||||
cd %{rolename15}
|
||||
%patch151 -p1
|
||||
%patch152 -p1
|
||||
sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" tests/*.yml examples/*.yml
|
||||
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml examples/*.yml README.md
|
||||
cd ..
|
||||
|
@ -1,43 +0,0 @@
|
||||
diff --git a/README.md b/README.md
|
||||
index 676ad72..dc06d85 100644
|
||||
--- a/README.md
|
||||
+++ b/README.md
|
||||
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
|
||||
the service is able to start on the first attempt. To disable this check, set
|
||||
this to empty list.
|
||||
|
||||
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
|
||||
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
|
||||
|
||||
Use these variables to set the ownership and permissions for the host keys from
|
||||
the above list.
|
||||
@@ -273,6 +273,8 @@ for example:
|
||||
X11Forwarding: yes
|
||||
```
|
||||
|
||||
+More example playbooks can be found in [`examples/`](examples/) directory.
|
||||
+
|
||||
Template Generation
|
||||
-------------------
|
||||
|
||||
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
|
||||
new file mode 100644
|
||||
index 0000000..156e629
|
||||
--- /dev/null
|
||||
+++ b/examples/example-root-login.yml
|
||||
@@ -0,0 +1,15 @@
|
||||
+---
|
||||
+- hosts: all
|
||||
+ tasks:
|
||||
+ - name: Configure sshd to prevent root and password login except from particular subnet
|
||||
+ include_role:
|
||||
+ name: ansible-sshd
|
||||
+ vars:
|
||||
+ sshd:
|
||||
+ # root login and password login is enabled only from a particular subnet
|
||||
+ PermitRootLogin: no
|
||||
+ PasswordAuthentication: no
|
||||
+ Match:
|
||||
+ - Condition: "Address 192.0.2.0/24"
|
||||
+ PermitRootLogin: yes
|
||||
+ PasswordAuthentication: yes
|
@ -1,25 +0,0 @@
|
||||
From bb612fb6c5f76a40fce368acb43d2847e699213d Mon Sep 17 00:00:00 2001
|
||||
From: Rich Megginson <rmeggins@redhat.com>
|
||||
Date: Thu, 28 Jan 2021 15:56:14 -0700
|
||||
Subject: [PATCH] use state: absent instead of state: missing
|
||||
|
||||
---
|
||||
tests/tests_hostkeys_missing.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/tests_hostkeys_missing.yml b/tests/tests_hostkeys_missing.yml
|
||||
index 9dfe77b..5790684 100644
|
||||
--- a/tests/tests_hostkeys_missing.yml
|
||||
+++ b/tests/tests_hostkeys_missing.yml
|
||||
@@ -40,7 +40,7 @@
|
||||
- name: Make sure the key was not created
|
||||
file:
|
||||
path: /tmp/missing_ssh_host_rsa_key
|
||||
- state: missing
|
||||
+ state: absent
|
||||
register: key
|
||||
failed_when: key.changed
|
||||
tags: tests::verify
|
||||
--
|
||||
2.29.2
|
||||
|
Loading…
Reference in New Issue
Block a user