From 1f0d814a9bde2859b097e8062d6a051f792116ea Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:27:58 +0100 Subject: [PATCH 01/31] fix: Add missing PrintMotd to Ubuntu 22.04 --- vars/Ubuntu_22.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/Ubuntu_22.yml b/vars/Ubuntu_22.yml index 75b48b07..1c3ec876 100644 --- a/vars/Ubuntu_22.yml +++ b/vars/Ubuntu_22.yml @@ -14,6 +14,7 @@ __sshd_defaults: Include: /etc/ssh/sshd_config.d/*.conf KbdInteractiveAuthentication: false UsePAM: true + PrintMotd: false AcceptEnv: LANG LC_* Subsystem: "sftp /usr/lib/openssh/sftp-server" From 175f00435c0d2fa451dcc81e9c8f45ffa49718d4 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:28:36 +0100 Subject: [PATCH 02/31] feat: Add support for Ubuntu Nobel/24.04 LTS --- README.md | 2 +- meta/main.yml | 1 + vars/Ubuntu_24.yml | 29 +++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 vars/Ubuntu_24.yml diff --git a/README.md b/README.md index c486bc42..06400ba7 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ via simple password. If you need this functionality, be sure to set Tested on: -* Ubuntu precise, trusty, xenial, bionic, focal, jammy +* Ubuntu precise, trusty, xenial, bionic, focal, jammy, nobel * [![Run tests on Ubuntu latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml) * Debian wheezy, jessie, stretch, buster, bullseye, bookworm * [![Run tests on Debian](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml) diff --git a/meta/main.yml b/meta/main.yml index c8075a07..f5184979 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -24,6 +24,7 @@ galaxy_info: - bionic - focal - jammy + - nobel - name: FreeBSD version: - "10.1" diff --git a/vars/Ubuntu_24.yml b/vars/Ubuntu_24.yml new file mode 100644 index 00000000..90ce4479 --- /dev/null +++ b/vars/Ubuntu_24.yml @@ -0,0 +1,29 @@ +--- +__sshd_os_supported: true + +__sshd_service: ssh +__sshd_packages: + - openssh-server + - openssh-sftp-server +# Ubuntu 22.04 shipped with drop-in directory support so we touch +# just included file with highest priority by default +__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf +__sshd_config_mode: "0644" +# the defaults here represent the defaults shipped in the main sshd_config +__sshd_defaults: + Include: /etc/ssh/sshd_config.d/*.conf + KbdInteractiveAuthentication: false + UsePAM: true + PrintMotd: false + AcceptEnv: LANG LC_* + Subsystem: "sftp /usr/lib/openssh/sftp-server" + +__sshd_runtime_directory: sshd + +__sshd_drop_in_dir_mode: '0755' +__sshd_main_config_file: /etc/ssh/sshd_config + +__sshd_environment_file: /etc/default/ssh +__sshd_environment_variable: $SSHD_OPTS +__sshd_service_after: auditd.service +__sshd_service_alias: sshd From fc87009c795cc44f12c4a79bba65e7d226e86997 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:30:03 +0100 Subject: [PATCH 03/31] docs: Correct spelling --- CODE_OF_CONDUCT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 961b20f0..6fb1c8a6 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -6,7 +6,7 @@ In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal +level of experience, education, socioeconomic status, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards From e612e63006ab7a3df3b50de70a6444c76b0ed1ca Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:37:19 +0100 Subject: [PATCH 04/31] fix(tests): use patched action working around pip changes in Ubuntu 24.04 --- .github/workflows/ansible-ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-ubuntu.yml b/.github/workflows/ansible-ubuntu.yml index 87030945..c8a18279 100644 --- a/.github/workflows/ansible-ubuntu.yml +++ b/.github/workflows/ansible-ubuntu.yml @@ -11,7 +11,7 @@ jobs: uses: actions/checkout@v4 - name: ansible check with ubuntu:latest - uses: roles-ansible/check-ansible-ubuntu-latest-action@master + uses: mattwillsher/check-ansible-ubuntu-latest-action@master with: group: local hosts: localhost From 3880aa49e408791ae39a1ab79ab07b7c6b477b14 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:42:28 +0100 Subject: [PATCH 05/31] fix(tests): Exclude Tatu from output during test --- tests/tests_all_options.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml index d085c098..f2be4e6e 100644 --- a/tests/tests_all_options.yml +++ b/tests/tests_all_options.yml @@ -93,7 +93,7 @@ | grep -o '^\( \| \)[A-Z][A-Za-z0-9]*\(.\| \)' \ | grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \ | awk '{ print $1 }' \ - | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\)$" + | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\)$" args: executable: /bin/bash register: sshd_options From 91b57fc91e1434945e89d57a48b896590b1ef738 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:44:34 +0100 Subject: [PATCH 06/31] fix: Capitalise handler to conform with linting --- handlers/main.yml | 6 +++--- tasks/install.yml | 2 +- tasks/install_config.yml | 4 ++-- tasks/install_namespace.yml | 2 +- tasks/install_service.yml | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 183b4e25..1af2b975 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,7 +10,7 @@ - ansible_connection != 'chroot' - ansible_facts['os_family'] != 'AIX' - ansible_facts['os_family'] != 'OpenWrt' - listen: reload_sshd + listen: Reload_sshd # sshd on AIX cannot be 'reloaded', it must be Stopped+Started. # It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it. @@ -25,7 +25,7 @@ stopsrc -s sshd until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done startsrc -s sshd - listen: reload_sshd + listen: Reload_sshd changed_when: false when: - sshd_allow_reload|bool @@ -39,4 +39,4 @@ when: - sshd_allow_reload|bool - ansible_facts['os_family'] == 'OpenWrt' - listen: reload_sshd + listen: Reload_sshd diff --git a/tasks/install.yml b/tasks/install.yml index 211cbf36..9e6c409c 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -22,7 +22,7 @@ when: - sshd_sysconfig | bool - __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy - notify: reload_sshd + notify: Reload_sshd - name: Check FIPS mode ansible.builtin.include_tasks: check_fips.yml diff --git a/tasks/install_config.yml b/tasks/install_config.yml index 85ac40f5..1c4efb12 100644 --- a/tasks/install_config.yml +++ b/tasks/install_config.yml @@ -24,7 +24,7 @@ {{ sshd_binary }} -t -f %s {% endif %} backup: "{{ sshd_backup }}" - notify: reload_sshd + notify: Reload_sshd - name: Make sure the include path is present in the main sshd_config ansible.builtin.lineinfile: @@ -43,7 +43,7 @@ {{ sshd_binary }} -t -f %s {% endif %} backup: "{{ sshd_backup }}" - notify: reload_sshd + notify: Reload_sshd when: - sshd_main_config_file is not none - sshd_config_file | dirname == sshd_main_config_file ~ '.d' diff --git a/tasks/install_namespace.yml b/tasks/install_namespace.yml index 525cf6ee..1e7e1b64 100644 --- a/tasks/install_namespace.yml +++ b/tasks/install_namespace.yml @@ -21,4 +21,4 @@ {{ sshd_binary }} -t -f %s {% endif %} backup: "{{ sshd_backup }}" - notify: reload_sshd + notify: Reload_sshd diff --git a/tasks/install_service.yml b/tasks/install_service.yml index aee2514f..b843449f 100644 --- a/tasks/install_service.yml +++ b/tasks/install_service.yml @@ -12,7 +12,7 @@ owner: root group: root mode: "0644" - notify: reload_sshd + notify: Reload_sshd - name: Install instanced service unit file ansible.builtin.template: @@ -21,7 +21,7 @@ owner: root group: root mode: "0644" - notify: reload_sshd + notify: Reload_sshd when: - __sshd_socket_accept | bool @@ -32,7 +32,7 @@ owner: root group: root mode: "0644" - notify: reload_sshd + notify: Reload_sshd - name: Service enabled and running ansible.builtin.service: From 8b22e0876b5db4dddc45c36dcb82db0f9c98be8e Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 08:48:12 +0100 Subject: [PATCH 07/31] fix: correct spelling of 'noble' --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index f5184979..1d5bf7dc 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -24,7 +24,7 @@ galaxy_info: - bionic - focal - jammy - - nobel + - noble - name: FreeBSD version: - "10.1" From 710fd6450d770b24aad5637252f06a29a0a81cc0 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Sun, 2 Jun 2024 09:13:55 +0100 Subject: [PATCH 08/31] fix(tests): Exclude text Aaron from sshd_config options --- tests/tests_all_options.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml index f2be4e6e..dad72cbc 100644 --- a/tests/tests_all_options.yml +++ b/tests/tests_all_options.yml @@ -93,7 +93,7 @@ | grep -o '^\( \| \)[A-Z][A-Za-z0-9]*\(.\| \)' \ | grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \ | awk '{ print $1 }' \ - | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\)$" + | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\|Aaron\)$" args: executable: /bin/bash register: sshd_options From aedaac01c927a270e2cf2543f5ff6a41b026e8c8 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Mon, 3 Jun 2024 14:49:58 +0100 Subject: [PATCH 09/31] fix(tests): Exclude Each from manpage parsing --- tests/tests_all_options.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml index dad72cbc..bb59d4df 100644 --- a/tests/tests_all_options.yml +++ b/tests/tests_all_options.yml @@ -93,7 +93,7 @@ | grep -o '^\( \| \)[A-Z][A-Za-z0-9]*\(.\| \)' \ | grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \ | awk '{ print $1 }' \ - | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\|Aaron\)$" + | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\|Aaron\|Each\)$" args: executable: /bin/bash register: sshd_options From 31fb99fa9805ad769042a7d3ba175e412613c324 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 4 Jun 2024 21:16:05 +0100 Subject: [PATCH 10/31] fix(ci): Remove obsolete CentOS versions --- .github/workflows/ansible-centos-check.yml | 43 ---------------------- 1 file changed, 43 deletions(-) diff --git a/.github/workflows/ansible-centos-check.yml b/.github/workflows/ansible-centos-check.yml index 9b3fd2bb..326b12e3 100644 --- a/.github/workflows/ansible-centos-check.yml +++ b/.github/workflows/ansible-centos-check.yml @@ -3,35 +3,6 @@ name: Run Ansible Check on CentOS on: [push, pull_request] jobs: - centos-6: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - # Workaround missing support for end_host in old ansible - - run: "sed -i -e 's/meta: end_host/assert:\\n that: __sshd_os_supported|bool/' tasks/install.yml" - - run: >- - printf '%s\n%s\n%s\n%s' - '- name: Convert variables to facts for testing with old Ansible version (pre 2.7)' - ' ansible.builtin.set_fact:' - ' __sshd_skip_virt_env: "{{ __sshd_skip_virt_env }}"' - ' __sshd_config_file: "{{ __sshd_config_file }}"' - >> tasks/variables.yml - - run: >- - sed -i -e '/public: true/d' - tests/tasks/restore.yml - tests/tests_duplicate_role.yml - tests/tests_os_defaults.yml - tests/tests_firewall_selinux.yml - - run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml" - - - name: ansible check with centos 6 - uses: roles-ansible/check-ansible-centos-centos6-action@master - with: - group: local - hosts: localhost - targets: "tests/tests_*.yml" - centos-7: runs-on: ubuntu-latest steps: @@ -47,20 +18,6 @@ jobs: hosts: localhost targets: "tests/tests_*.yml" - centos-8: - runs-on: ubuntu-latest - steps: - - name: checkout PR - uses: actions/checkout@v4 - - - name: ansible check with centos 8 - uses: roles-ansible/check-ansible-centos-centos8-action@master - with: - group: local - hosts: localhost - targets: "tests/tests_*.yml" - requirements: tests/requirements.yml - centos-9: runs-on: ubuntu-latest steps: From 548cf001fd0bf8e9c28f0ad7ff1a1a830d90558b Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Wed, 5 Jun 2024 08:59:57 +0100 Subject: [PATCH 11/31] chore: update pre-commit config --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 57bd0712..7f20b5d7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,14 +1,14 @@ --- repos: - repo: https://github.com/adrienverge/yamllint.git - rev: v1.27.1 + rev: 81e9f98ffd059efe8aa9c1b1a42e5cce61b640c6 # frozen: v1.35.1 hooks: - id: yamllint files: \.(yaml|yml)$ types: [file, yaml] entry: yamllint --strict - repo: https://github.com/ansible/ansible-lint.git - rev: v6.5.2 + rev: 2d9f1ed1e6d08e1f6a18e50f789ab1580220c7db # frozen: v24.6.0 hooks: - id: ansible-lint files: \.(yaml|yml)$ From 22b562b9c5e09655ed2ae5a4cbae80ec8a7ab97e Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Wed, 5 Jun 2024 09:01:06 +0100 Subject: [PATCH 12/31] fix: update meta --- meta/main.yml | 8 ++++---- meta/runtime.yaml | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 meta/runtime.yaml diff --git a/meta/main.yml b/meta/main.yml index 1d5bf7dc..15c16dfb 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,15 +18,15 @@ galaxy_info: - bookworm - name: Ubuntu versions: - - precise - - trusty - - xenial - bionic - focal - jammy - noble + - precise + - trusty + - xenial - name: FreeBSD - version: + versions: - "10.1" - name: EL versions: diff --git a/meta/runtime.yaml b/meta/runtime.yaml new file mode 100644 index 00000000..1e85b01d --- /dev/null +++ b/meta/runtime.yaml @@ -0,0 +1,2 @@ +--- +requires_ansible: ">=2.15.0" From dd68e95f9a932b554de69695c26a7c64619e1625 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 05:12:41 +0100 Subject: [PATCH 13/31] fix(tests): re-instate centos and ubuntu actions --- .github/workflows/ansible-centos-check.yml | 43 ++++++++++++++++++++++ .github/workflows/ansible-ubuntu.yml | 2 +- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ansible-centos-check.yml b/.github/workflows/ansible-centos-check.yml index 326b12e3..9b3fd2bb 100644 --- a/.github/workflows/ansible-centos-check.yml +++ b/.github/workflows/ansible-centos-check.yml @@ -3,6 +3,35 @@ name: Run Ansible Check on CentOS on: [push, pull_request] jobs: + centos-6: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + # Workaround missing support for end_host in old ansible + - run: "sed -i -e 's/meta: end_host/assert:\\n that: __sshd_os_supported|bool/' tasks/install.yml" + - run: >- + printf '%s\n%s\n%s\n%s' + '- name: Convert variables to facts for testing with old Ansible version (pre 2.7)' + ' ansible.builtin.set_fact:' + ' __sshd_skip_virt_env: "{{ __sshd_skip_virt_env }}"' + ' __sshd_config_file: "{{ __sshd_config_file }}"' + >> tasks/variables.yml + - run: >- + sed -i -e '/public: true/d' + tests/tasks/restore.yml + tests/tests_duplicate_role.yml + tests/tests_os_defaults.yml + tests/tests_firewall_selinux.yml + - run: "sed -i -e 's/ansible.builtin.//g' -e 's/ansible.posix.//g' */*.yml */*/*.yml" + + - name: ansible check with centos 6 + uses: roles-ansible/check-ansible-centos-centos6-action@master + with: + group: local + hosts: localhost + targets: "tests/tests_*.yml" + centos-7: runs-on: ubuntu-latest steps: @@ -18,6 +47,20 @@ jobs: hosts: localhost targets: "tests/tests_*.yml" + centos-8: + runs-on: ubuntu-latest + steps: + - name: checkout PR + uses: actions/checkout@v4 + + - name: ansible check with centos 8 + uses: roles-ansible/check-ansible-centos-centos8-action@master + with: + group: local + hosts: localhost + targets: "tests/tests_*.yml" + requirements: tests/requirements.yml + centos-9: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/ansible-ubuntu.yml b/.github/workflows/ansible-ubuntu.yml index c8a18279..87030945 100644 --- a/.github/workflows/ansible-ubuntu.yml +++ b/.github/workflows/ansible-ubuntu.yml @@ -11,7 +11,7 @@ jobs: uses: actions/checkout@v4 - name: ansible check with ubuntu:latest - uses: mattwillsher/check-ansible-ubuntu-latest-action@master + uses: roles-ansible/check-ansible-ubuntu-latest-action@master with: group: local hosts: localhost From d0cbdb6234b664c8b91a7bb64735573fe064bf6d Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 05:39:16 +0100 Subject: [PATCH 14/31] fix(tests): Update to remove warnings --- .yamllint.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.yamllint.yml b/.yamllint.yml index cfb56d38..39f1b71f 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -4,6 +4,12 @@ ignore: | /.tox/ /.github/ /tests/roles/ -# skip checking line length rules: + comments-indentation: false + document-start: disable line-length: disable + braces: + max-spaces-inside: 1 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true From dbf59af10ae999f425bcb42a542f1d624cf2a345 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 05:45:20 +0100 Subject: [PATCH 15/31] fix(tests): correct name of runtime.yml --- meta/{runtime.yaml => runtime.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename meta/{runtime.yaml => runtime.yml} (100%) diff --git a/meta/runtime.yaml b/meta/runtime.yml similarity index 100% rename from meta/runtime.yaml rename to meta/runtime.yml From e68be487d9ee599c8b5171034c0675014004aca6 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 05:56:00 +0100 Subject: [PATCH 16/31] fix: Accomodate Ubuntu 24.04 changes --- templates/sshd.socket.j2 | 6 ++++++ tests/tests_systemd_services.yml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2 index 9e0c2fb3..3e649ef7 100644 --- a/templates/sshd.socket.j2 +++ b/templates/sshd.socket.j2 @@ -14,6 +14,12 @@ Accept=yes {% else %} Accept=no {% endif %} +{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %} +FreeBind=yes +{% endif %} [Install] WantedBy=sockets.target +{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %} +RequiredBy=ssh.service +{% endif %} diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 7eec5d96..782267bb 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -94,6 +94,7 @@ # * I do not think the ConditionPathExists is much useful so skipping on Ubuntu # * Before= does not make any sense in combination with Conflicts= # * I do not think the Description needs to match verbatim either + # * Accept varies in the default file between Ubuntu versions and is explicit anyway - name: Construct the options list from old socket file ansible.builtin.set_fact: __sshd_socket_list: "{{ __sshd_socket_list + [item] }}" @@ -102,6 +103,7 @@ - not item.startswith("ConditionPathExists=") - not item.startswith("Before=") - not item.startswith("Description=") + - not item.startswith("Accept=") loop: "{{ socket_old.splitlines() }}" From 97ff91377bdc57efedbc8055b9e870a674414822 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 06:01:06 +0100 Subject: [PATCH 17/31] fix(tests): skip requires ansible check --- .ansible-lint | 1 + 1 file changed, 1 insertion(+) diff --git a/.ansible-lint b/.ansible-lint index cee4980f..d5975b89 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -5,6 +5,7 @@ exclude_paths: - .markdownlint.yaml skip_list: - var-naming[no-role-prefix] + - meta-runtime[unsupported-version] mock_roles: - willshersystems.sshd.ansible-sshd mock_modules: From da558f178fb4d0dcaa639761541b7f6b72848889 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 7 Jun 2024 07:24:07 +0100 Subject: [PATCH 18/31] fix(tests): Ubuntu 24.04 ssh service has no at in the name --- tests/tests_systemd_services.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 782267bb..4e8ec90e 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -12,6 +12,7 @@ - /etc/systemd/system/ssh@.service - /etc/systemd/system/ssh.socket __sshd_test_service_name: sshd + __sshd_test_service_name_at: '@' __sshd_service_list: [] __sshd_service_inst_list: [] __sshd_socket_list: [] @@ -22,6 +23,12 @@ when: - ansible_facts['os_family'] == "Debian" + - name: No at in the service on Ubuntu 24.04 + ansible.builtin.set_fact: + __sshd_test_service_name_at: '' + when: + - ansible_facts['distribution']=='Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=') + - name: Backup configuration files ansible.builtin.include_tasks: tasks/backup.yml @@ -123,7 +130,7 @@ block: - name: Read the distribution instantiated service file ansible.builtin.slurp: - src: "/lib/systemd/system/{{ __sshd_test_service_name }}@.service" + src: "/lib/systemd/system/{{ __sshd_test_service_name }}{{ __sshd_test_service_name_at }}.service" register: service_inst_old - name: Read the created instantiated service file From c677481ec43acf400ea0cf5e732e13728b0c3c19 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 11 Jun 2024 02:18:49 +0100 Subject: [PATCH 19/31] fix(tests): skip sshd unit file tests for now --- tests/tests_systemd_services.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 4e8ec90e..94ee6ba5 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -127,6 +127,7 @@ - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # FIX: Skip for Ubuntu Noble due to significant changes block: - name: Read the distribution instantiated service file ansible.builtin.slurp: From c1b4c955e793a56af5a57c6f53293035e041a527 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 11 Jun 2024 02:45:25 +0100 Subject: [PATCH 20/31] fix(tests): remove at check, not needed --- tests/tests_systemd_services.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 94ee6ba5..bcf81aa4 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -12,7 +12,6 @@ - /etc/systemd/system/ssh@.service - /etc/systemd/system/ssh.socket __sshd_test_service_name: sshd - __sshd_test_service_name_at: '@' __sshd_service_list: [] __sshd_service_inst_list: [] __sshd_socket_list: [] @@ -23,12 +22,6 @@ when: - ansible_facts['os_family'] == "Debian" - - name: No at in the service on Ubuntu 24.04 - ansible.builtin.set_fact: - __sshd_test_service_name_at: '' - when: - - ansible_facts['distribution']=='Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=') - - name: Backup configuration files ansible.builtin.include_tasks: tasks/backup.yml @@ -127,11 +120,11 @@ - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # FIX: Skip for Ubuntu Noble due to significant changes + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.server in the package block: - name: Read the distribution instantiated service file ansible.builtin.slurp: - src: "/lib/systemd/system/{{ __sshd_test_service_name }}{{ __sshd_test_service_name_at }}.service" + src: "/lib/systemd/system/{{ __sshd_test_service_name }}.service" register: service_inst_old - name: Read the created instantiated service file From 86acd06cc6ba7df5c66e967842d3c4c5b3ba2dfc Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 11 Jun 2024 02:55:27 +0100 Subject: [PATCH 21/31] fix(tests): replace missing @ --- tests/tests_systemd_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index bcf81aa4..07537358 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -124,7 +124,7 @@ block: - name: Read the distribution instantiated service file ansible.builtin.slurp: - src: "/lib/systemd/system/{{ __sshd_test_service_name }}.service" + src: "/lib/systemd/system/{{ __sshd_test_service_name }}@.service" register: service_inst_old - name: Read the created instantiated service file From c22b54f8dff44c8fcf74e25341056f5c8d86ef7d Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 11 Jun 2024 17:46:44 +0100 Subject: [PATCH 22/31] fix(doc): typo Co-authored-by: Jakub Jelen --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 06400ba7..8b4d9a9b 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ via simple password. If you need this functionality, be sure to set Tested on: -* Ubuntu precise, trusty, xenial, bionic, focal, jammy, nobel +* Ubuntu precise, trusty, xenial, bionic, focal, jammy, noble * [![Run tests on Ubuntu latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml) * Debian wheezy, jessie, stretch, buster, bullseye, bookworm * [![Run tests on Debian](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml) From 34892faa23c65ba535c543001e5c75d6edfb0cad Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 11 Jun 2024 17:47:19 +0100 Subject: [PATCH 23/31] fix(doc): typo Co-authored-by: Jakub Jelen --- tests/tests_systemd_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 07537358..9bc17f48 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -120,7 +120,7 @@ - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.server in the package + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.socket in the package block: - name: Read the distribution instantiated service file ansible.builtin.slurp: From 003a20aa30f9c4e8802e050005b7ae3cd4e331d3 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Thu, 13 Jun 2024 05:15:10 +0100 Subject: [PATCH 24/31] fix: order Ubuntu releases by name --- meta/main.yml | 6 +++--- templates/sshd.socket.j2 | 6 +++--- tests/tests_systemd_services.yml | 4 +--- vars/Ubuntu_24.yml | 3 +++ vars/main.yml | 6 ++++++ 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 15c16dfb..c8e199c2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,13 +18,13 @@ galaxy_info: - bookworm - name: Ubuntu versions: + - precise + - trusty + - xenial - bionic - focal - jammy - noble - - precise - - trusty - - xenial - name: FreeBSD versions: - "10.1" diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2 index 3e649ef7..c7a71aa6 100644 --- a/templates/sshd.socket.j2 +++ b/templates/sshd.socket.j2 @@ -14,12 +14,12 @@ Accept=yes {% else %} Accept=no {% endif %} -{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %} -FreeBind=yes +{% if __sshd_socket_freebind %} +FreeBind={{ __sshd_socket_freebind }} {% endif %} [Install] WantedBy=sockets.target -{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %} +{% if __ssh_socket_required_by %} RequiredBy=ssh.service {% endif %} diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index 9bc17f48..f3073dce 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -94,7 +94,6 @@ # * I do not think the ConditionPathExists is much useful so skipping on Ubuntu # * Before= does not make any sense in combination with Conflicts= # * I do not think the Description needs to match verbatim either - # * Accept varies in the default file between Ubuntu versions and is explicit anyway - name: Construct the options list from old socket file ansible.builtin.set_fact: __sshd_socket_list: "{{ __sshd_socket_list + [item] }}" @@ -103,7 +102,6 @@ - not item.startswith("ConditionPathExists=") - not item.startswith("Before=") - not item.startswith("Description=") - - not item.startswith("Accept=") loop: "{{ socket_old.splitlines() }}" @@ -120,7 +118,7 @@ - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.socket in the package + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.service in the package block: - name: Read the distribution instantiated service file ansible.builtin.slurp: diff --git a/vars/Ubuntu_24.yml b/vars/Ubuntu_24.yml index 90ce4479..d83b2cb6 100644 --- a/vars/Ubuntu_24.yml +++ b/vars/Ubuntu_24.yml @@ -27,3 +27,6 @@ __sshd_environment_file: /etc/default/ssh __sshd_environment_variable: $SSHD_OPTS __sshd_service_after: auditd.service __sshd_service_alias: sshd + +__sshd_socket_freebind: "yes" +__sshd_socket_required_by: ssh.service diff --git a/vars/main.yml b/vars/main.yml index 792e84f8..d0485463 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -87,3 +87,9 @@ __sshd_service_restart_timeout: ~ # The systemd socket file does not accept the connection __sshd_socket_accept: true + +# Boolean to control if the systemd socket can be bound to non-local IP addresses +__sshd_socket_freebind: ~ + +# Space separated list of service names that this socket is required by +__sshd_socket_required_by: ~ From 8f483a4e6eebc24f1b396529985e36fd8d21d303 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Thu, 13 Jun 2024 09:18:03 +0100 Subject: [PATCH 25/31] fix: ssh socket template --- templates/sshd.socket.j2 | 4 ++-- vars/Ubuntu_24.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2 index c7a71aa6..11854340 100644 --- a/templates/sshd.socket.j2 +++ b/templates/sshd.socket.j2 @@ -14,12 +14,12 @@ Accept=yes {% else %} Accept=no {% endif %} -{% if __sshd_socket_freebind %} +{% if __sshd_socket_freebind is not none %} FreeBind={{ __sshd_socket_freebind }} {% endif %} [Install] WantedBy=sockets.target -{% if __ssh_socket_required_by %} +{% if __ssh_socket_required_by is not none %} RequiredBy=ssh.service {% endif %} diff --git a/vars/Ubuntu_24.yml b/vars/Ubuntu_24.yml index d83b2cb6..94617afc 100644 --- a/vars/Ubuntu_24.yml +++ b/vars/Ubuntu_24.yml @@ -28,5 +28,5 @@ __sshd_environment_variable: $SSHD_OPTS __sshd_service_after: auditd.service __sshd_service_alias: sshd -__sshd_socket_freebind: "yes" +__sshd_socket_freebind: 'yes' __sshd_socket_required_by: ssh.service From 98187654647ec9f3d0c5e42824e481aa54996339 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Thu, 13 Jun 2024 09:42:37 +0100 Subject: [PATCH 26/31] fix: socket template --- templates/sshd.socket.j2 | 4 ++-- vars/Ubuntu_24.yml | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2 index 11854340..7d57f235 100644 --- a/templates/sshd.socket.j2 +++ b/templates/sshd.socket.j2 @@ -15,11 +15,11 @@ Accept=yes Accept=no {% endif %} {% if __sshd_socket_freebind is not none %} -FreeBind={{ __sshd_socket_freebind }} +FreeBind={{ 'yes' if __sshd_socket_freebind else 'no' }} {% endif %} [Install] WantedBy=sockets.target {% if __ssh_socket_required_by is not none %} -RequiredBy=ssh.service +RequiredBy={{ __ssh_socket_required_by }} {% endif %} diff --git a/vars/Ubuntu_24.yml b/vars/Ubuntu_24.yml index 94617afc..77d4079e 100644 --- a/vars/Ubuntu_24.yml +++ b/vars/Ubuntu_24.yml @@ -28,5 +28,6 @@ __sshd_environment_variable: $SSHD_OPTS __sshd_service_after: auditd.service __sshd_service_alias: sshd -__sshd_socket_freebind: 'yes' +__sshd_socket_accept: false +__sshd_socket_freebind: true __sshd_socket_required_by: ssh.service From 7fcc9c4991099f2083133113feea113109e65ee1 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Thu, 13 Jun 2024 16:52:22 +0100 Subject: [PATCH 27/31] fix: typo --- templates/sshd.socket.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2 index 7d57f235..bd2341f5 100644 --- a/templates/sshd.socket.j2 +++ b/templates/sshd.socket.j2 @@ -20,6 +20,6 @@ FreeBind={{ 'yes' if __sshd_socket_freebind else 'no' }} [Install] WantedBy=sockets.target -{% if __ssh_socket_required_by is not none %} -RequiredBy={{ __ssh_socket_required_by }} +{% if __sshd_socket_required_by is not none %} +RequiredBy={{ __sshd_socket_required_by }} {% endif %} From 178ba8d31b3283d867275e56070d82690d8beaec Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 21 Jun 2024 07:12:27 +0100 Subject: [PATCH 28/31] fix: Ignore @ tests for Ubuntu 24.04 --- tests/tests_second_service.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/tests_second_service.yml b/tests/tests_second_service.yml index bd5ad1d7..3f7f41b4 100644 --- a/tests/tests_second_service.yml +++ b/tests/tests_second_service.yml @@ -94,6 +94,7 @@ - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.service in the package block: - name: Read the created instantiated service file ansible.builtin.slurp: From 3af14913cb4484d1e4deb333f975e1a67b28845a Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 21 Jun 2024 08:01:22 +0100 Subject: [PATCH 29/31] fix: base @ tests on socket accept as the code does --- tests/tests_second_service.yml | 4 ++-- tests/tests_second_service_drop_in.yml | 3 ++- tests/tests_systemd_services.yml | 3 +-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/tests_second_service.yml b/tests/tests_second_service.yml index 3f7f41b4..921bc2ab 100644 --- a/tests/tests_second_service.yml +++ b/tests/tests_second_service.yml @@ -93,13 +93,13 @@ when: - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.service in the package block: - name: Read the created instantiated service file ansible.builtin.slurp: src: "/etc/systemd/system/sshd2@.service" register: service_inst + when: + - __sshd_socket_accept | bool - name: Check content of the created service file ansible.builtin.assert: diff --git a/tests/tests_second_service_drop_in.yml b/tests/tests_second_service_drop_in.yml index a315815c..22e4a71b 100644 --- a/tests/tests_second_service_drop_in.yml +++ b/tests/tests_second_service_drop_in.yml @@ -105,12 +105,13 @@ tags: tests::verify when: - ansible_facts['service_mgr'] == 'systemd' - - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 block: - name: Read the created instantiated service file ansible.builtin.slurp: src: "/etc/systemd/system/sshd2@.service" register: service_inst + when: + - __sshd_socket_accept | bool - name: Check content of the created service file ansible.builtin.assert: diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index f3073dce..e1679a70 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -117,8 +117,7 @@ when: - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.service in the package + - __sshd_socket_accept | bool block: - name: Read the distribution instantiated service file ansible.builtin.slurp: From f5ac537f5cc83bac57aa59ce3260825707728593 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 21 Jun 2024 08:22:11 +0100 Subject: [PATCH 30/31] fix: variables not present in tests, id os from facts --- tests/tests_second_service.yml | 3 ++- tests/tests_second_service_drop_in.yml | 3 ++- tests/tests_systemd_services.yml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/tests_second_service.yml b/tests/tests_second_service.yml index 921bc2ab..0dcc0fb5 100644 --- a/tests/tests_second_service.yml +++ b/tests/tests_second_service.yml @@ -99,7 +99,8 @@ src: "/etc/systemd/system/sshd2@.service" register: service_inst when: - - __sshd_socket_accept | bool + - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) - name: Check content of the created service file ansible.builtin.assert: diff --git a/tests/tests_second_service_drop_in.yml b/tests/tests_second_service_drop_in.yml index 22e4a71b..c8d95964 100644 --- a/tests/tests_second_service_drop_in.yml +++ b/tests/tests_second_service_drop_in.yml @@ -111,7 +111,8 @@ src: "/etc/systemd/system/sshd2@.service" register: service_inst when: - - __sshd_socket_accept | bool + - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) - name: Check content of the created service file ansible.builtin.assert: diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index e1679a70..e37c45c5 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -117,7 +117,8 @@ when: - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - - __sshd_socket_accept | bool + - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) block: - name: Read the distribution instantiated service file ansible.builtin.slurp: From 3be1fbb250601b47dff8f76204e9c79e41351d34 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 21 Jun 2024 08:36:57 +0100 Subject: [PATCH 31/31] fix: move os test to whole block --- tests/tests_second_service.yml | 5 ++--- tests/tests_second_service_drop_in.yml | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/tests_second_service.yml b/tests/tests_second_service.yml index 0dcc0fb5..eb3cb5ee 100644 --- a/tests/tests_second_service.yml +++ b/tests/tests_second_service.yml @@ -93,14 +93,13 @@ when: - ansible_facts['service_mgr'] == 'systemd' or (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') + - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) block: - name: Read the created instantiated service file ansible.builtin.slurp: src: "/etc/systemd/system/sshd2@.service" register: service_inst - when: - - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) - name: Check content of the created service file ansible.builtin.assert: diff --git a/tests/tests_second_service_drop_in.yml b/tests/tests_second_service_drop_in.yml index c8d95964..b3956db7 100644 --- a/tests/tests_second_service_drop_in.yml +++ b/tests/tests_second_service_drop_in.yml @@ -105,14 +105,13 @@ tags: tests::verify when: - ansible_facts['service_mgr'] == 'systemd' + - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 + - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) block: - name: Read the created instantiated service file ansible.builtin.slurp: src: "/etc/systemd/system/sshd2@.service" register: service_inst - when: - - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 - - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) - name: Check content of the created service file ansible.builtin.assert: