From 14371cc7f2559be0d116f5673daa81448202410b Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Fri, 23 Nov 2018 13:38:55 +0100 Subject: [PATCH] Fix Ansible warnings And add support for Ubuntu 18.04 --- .travis.yml | 4 +++- Vagrantfile | 14 +++++++++++--- defaults/main.yml | 6 +++--- meta/main.yml | 2 ++ tasks/main.yml | 13 ++++++------- 5 files changed, 25 insertions(+), 14 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0ffcf53..84f2afd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,8 +7,10 @@ python: "2.7" env: - ANSIBLE_VERSION=latest + - ANSIBLE_VERSION=2.7.2 - ANSIBLE_VERSION=2.7.1 - ANSIBLE_VERSION=2.7.0 + - ANSIBLE_VERSION=2.6.8 - ANSIBLE_VERSION=2.6.7 - ANSIBLE_VERSION=2.6.6 - ANSIBLE_VERSION=2.6.5 @@ -59,7 +61,7 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) - - if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml || true; fi + - if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi notifications: email: false diff --git a/Vagrantfile b/Vagrantfile index 0697955..64d2358 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -3,6 +3,7 @@ role = File.basename(File.expand_path(File.dirname(__FILE__))) + boxes = [ { :name => "ubuntu-1204", @@ -25,24 +26,31 @@ boxes = [ :cpu => "50", :ram => "256" }, + { + :name => "ubuntu-1804", + :box => "bento/ubuntu-18.04", + :ip => '10.0.0.14', + :cpu => "50", + :ram => "256" + }, { :name => "debian-7", :box => "bento/debian-7", - :ip => '10.0.0.14', + :ip => '10.0.0.15', :cpu => "50", :ram => "256" }, { :name => "debian-8", :box => "bento/debian-8", - :ip => '10.0.0.15', + :ip => '10.0.0.16', :cpu => "50", :ram => "256" }, { :name => "debian-9", :box => "bento/debian-9", - :ip => '10.0.0.16', + :ip => '10.0.0.17', :cpu => "50", :ram => "256" }, diff --git a/defaults/main.yml b/defaults/main.yml index 545d740..ab5b750 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,14 +11,14 @@ ssh_server_host_keys: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_ecdsa_key - - "{{ '/etc/ssh/ssh_host_ed25519_key' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8.0', '>=')) else '' }}" -ssh_server_server_key_bits: "{{ 1024 if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8.0', '>=')) else 768 }}" + - "{{ '/etc/ssh/ssh_host_ed25519_key' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version is version('8.0', '>=')) else '' }}" +ssh_server_server_key_bits: "{{ 1024 if (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version is version('8.0', '>=')) else 768 }}" ssh_server_use_privilege_separation: true ssh_server_key_regeneration_interval: 3600 ssh_server_syslog_facility: AUTH ssh_server_log_level: INFO ssh_server_login_grace_time: 120 -ssh_server_permit_root_login: "{{ 'without-password' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8.0', '>=')) else 'yes' }}" +ssh_server_permit_root_login: "{{ 'without-password' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version is version('8.0', '>=')) else 'yes' }}" ssh_server_strict_modes: true ssh_server_rsa_authentication: true ssh_server_pubkey_authentication: true diff --git a/meta/main.yml b/meta/main.yml index 106c0c5..d231834 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,6 +1,7 @@ # meta file for ssh-server --- galaxy_info: + role_name: ssh-server author: Mischa ter Smitten company: Oefenweb.nl B.V. description: Set up an OpenSSH server in Debian-like systems @@ -12,6 +13,7 @@ galaxy_info: - precise - trusty - xenial + - bionic - name: Debian versions: - wheezy diff --git a/tasks/main.yml b/tasks/main.yml index 4cbeb34..11bb80a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,11 +2,10 @@ --- - name: install dependencies apt: - name: "{{ item }}" + name: "{{ ssh_server_dependencies }}" state: "{{ apt_install_state | default('latest') }}" update_cache: true cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}" - with_items: "{{ ssh_server_dependencies }}" tags: - configuration - ssh-server @@ -14,20 +13,20 @@ - name: install apt: - name: "{{ item }}" + name: "{{ ssh_server_install }}" state: "{{ apt_install_state | default('latest') }}" - with_items: "{{ ssh_server_install }}" tags: - configuration - ssh-server - ssh-server-install - name: check host keys - command: ssh-keygen -A + command: > + ssh-keygen -A args: creates: "{{ item }}" - register: check_host_keys - changed_when: "'generating new host keys' in check_host_keys.stdout" + register: _check_host_keys + changed_when: "'generating new host keys' in _check_host_keys.stdout" with_items: "{{ ssh_server_host_keys }}" when: item != '' tags: