SSH is not automatically reloaded when included via include_role due to Ansible limitations

[micolous]

When using this module via include_role on an Ubuntu 20.04.6 target, SSH is not automatically reloaded on config change.

This is because of an Ansible limitation: ansible/ansible#26537 ansible/proposals#136

My task definition (below) is itself included via include_tasks, because I'm using another pre-canned playbook for the system:

- name: Move sshd to port 222
  include_role:
    name: willshersystems.sshd
  vars:
    sshd_Port: 222
    sshd_manage_service: true
    sshd_allow_reload: true

When running the playbook, I can see it's updated the config successfully (in /etc/ssh/sshd_config.d/00-ansible_system_role.conf), but ss -tnl still shows sshd listening on [::]:22.

The Ansible debugging output seems to indicate that it's tried to validate the new config, and then start sshd if it wasn't already running (which is a no-op), but config changes don't seem to trigger Reload_sshd at all.

I've worked around this in my task definition by adding another step to manually reload sshd:

- name: Reload SSH config
  ansible.builtin.service:
    name: "ssh"
    state: reloaded

Expected behaviour

• The docs mention this limitation for include_role
• This module has some other way to trigger a service reload which doesn't depend on notifications

Versions

• Ansible: 2.17.5
• willshersystems.sshd: 0.25.0