Skip to content

Commit 8cfcb66

Browse files
moreatimoreati
committed
CI: Refactor sshd configuration into a role
Prep for applying it to macOS 13 GitHub runners. refs #1186
1 parent 9e0dad2 commit 8cfcb66

File tree

4 files changed

+28
-18
lines changed

4 files changed

+28
-18
lines changed

tests/image_prep/_container_setup.yml

Lines changed: 9 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -23,10 +23,16 @@
2323
gather_facts: true
2424
vars:
2525
distro: "{{ansible_distribution}}"
26-
tasks:
27-
- when: ansible_virtualization_type != "docker"
28-
meta: end_play
2926

27+
pre_tasks:
28+
- meta: end_play
29+
when:
30+
- ansible_facts.virtualization_type != "docker"
31+
32+
roles:
33+
- role: sshd
34+
35+
tasks:
3036
- name: Ensure requisite apt packages are installed
3137
apt:
3238
name: "{{ common_packages + packages }}"
@@ -134,10 +140,6 @@
134140
content: |
135141
i-am-mitogen-test-docker-image
136142
137-
- copy:
138-
dest: /etc/ssh/banner.txt
139-
src: ../data/docker/ssh_login_banner.txt
140-
141143
- name: Ensure /etc/sudoers.d exists
142144
file:
143145
state: directory
@@ -169,17 +171,6 @@
169171
line: "%wheel ALL=(ALL) ALL"
170172
when: ansible_os_family == 'RedHat'
171173

172-
- name: Enable SSH banner
173-
lineinfile:
174-
path: /etc/ssh/sshd_config
175-
line: Banner /etc/ssh/banner.txt
176-
177-
- name: Allow remote SSH root login
178-
lineinfile:
179-
path: /etc/ssh/sshd_config
180-
line: PermitRootLogin yes
181-
regexp: '.*PermitRootLogin.*'
182-
183174
- name: Allow remote SSH root login
184175
lineinfile:
185176
path: /etc/pam.d/sshd

tests/image_prep/roles/sshd/defaults/main.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
sshd_config_file: /etc/ssh/sshd_config

tests/data/docker/ssh_login_banner.txt renamed to tests/image_prep/roles/sshd/files/banner.txt

File renamed without changes.

tests/image_prep/roles/sshd/tasks/main.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
- name: Create login banner
2+
copy:
3+
src: banner.txt
4+
dest: /etc/ssh/banner.txt
5+
mode: u=rw,go=r
6+
7+
- name: Configure sshd_config
8+
lineinfile:
9+
path: "{{ sshd_config_file }}"
10+
line: "{{ item.line }}"
11+
regexp: "{{ item.regexp }}"
12+
loop:
13+
- line: Banner /etc/ssh/banner.txt
14+
regexp: '^#? *Banner.*'
15+
- line: PermitRootLogin yes
16+
regexp: '.*PermitRootLogin.*'
17+
loop_control:
18+
label: "{{ item.line }}"

0 commit comments

Comments
 (0)