From 3900e5c4d0ee72f9a401d2822f284d37a8c4a29d Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Wed, 13 Mar 2019 01:48:49 -0500 Subject: [PATCH] Add openssh role --- roles/openssh/defaults/main.yaml | 9 +++++++++ roles/openssh/handlers/main.yaml | 6 ++++++ roles/openssh/tasks/main.yaml | 24 ++++++++++++++++++++++++ roles/openssh/templates/sshd_config.j2 | 16 ++++++++++++++++ roles/openssh/vars/Debian.yaml | 1 + roles/openssh/vars/RedHat.yaml | 1 + roles/openssh/vars/Ubuntu.yaml | 9 +++++++++ 7 files changed, 66 insertions(+) create mode 100644 roles/openssh/defaults/main.yaml create mode 100644 roles/openssh/handlers/main.yaml create mode 100644 roles/openssh/tasks/main.yaml create mode 100644 roles/openssh/templates/sshd_config.j2 create mode 100644 roles/openssh/vars/Debian.yaml create mode 100644 roles/openssh/vars/RedHat.yaml create mode 100644 roles/openssh/vars/Ubuntu.yaml diff --git a/roles/openssh/defaults/main.yaml b/roles/openssh/defaults/main.yaml new file mode 100644 index 0000000..7742002 --- /dev/null +++ b/roles/openssh/defaults/main.yaml @@ -0,0 +1,9 @@ +--- +openssh_package_name: 'openssh-server' +openssh_package_state: 'present' + +openssh_service_name: 'sshd' +openssh_service_state: 'started' +openssh_service_enabled: true + +openssh_sshd_config: {} diff --git a/roles/openssh/handlers/main.yaml b/roles/openssh/handlers/main.yaml new file mode 100644 index 0000000..bec2050 --- /dev/null +++ b/roles/openssh/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: reload openssh + service: + name: "{{ openssh_service_name }}" + state: reloaded + when: openssh_service_enabled diff --git a/roles/openssh/tasks/main.yaml b/roles/openssh/tasks/main.yaml new file mode 100644 index 0000000..cf3241e --- /dev/null +++ b/roles/openssh/tasks/main.yaml @@ -0,0 +1,24 @@ +--- +- name: gather OS specific variables + include_vars: "{{ item }} " + with_first_found: + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" +- name: install openssh + package: + name: "{{ openssh_package_name }}" + state: "{{ openssh_package_state }}" + +- name: configure openssh + template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + validate: sshd -t -f %s + notify: + - reload openssh + +- name: start openssh + service: + name: "{{ openssh_service_name }}" + state: "{{ openssh_service_state }}" + enabled: "{{ openssh_service_enabled }}" diff --git a/roles/openssh/templates/sshd_config.j2 b/roles/openssh/templates/sshd_config.j2 new file mode 100644 index 0000000..e3ad68b --- /dev/null +++ b/roles/openssh/templates/sshd_config.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +{% set sshd_config = openssh_default_sshd_config | combine(openssh_sshd_config) %} +{% for k, v in sshd_config | dictsort %} +{% if v is sameas true %} +{{ k }} {{ v }} +{% elif v is sameas false %} +{{ k }} {{ v }} +{% elif v is string or v is number %} +{{ k }} {{ v }} +{% else %} +{% for vi in v %} +{{ k }} {{ vi }} +{% endfor %} +{% endif %} +{% endfor %} diff --git a/roles/openssh/vars/Debian.yaml b/roles/openssh/vars/Debian.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/openssh/vars/Debian.yaml @@ -0,0 +1 @@ +--- diff --git a/roles/openssh/vars/RedHat.yaml b/roles/openssh/vars/RedHat.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/openssh/vars/RedHat.yaml @@ -0,0 +1 @@ +--- diff --git a/roles/openssh/vars/Ubuntu.yaml b/roles/openssh/vars/Ubuntu.yaml new file mode 100644 index 0000000..a5b2f9f --- /dev/null +++ b/roles/openssh/vars/Ubuntu.yaml @@ -0,0 +1,9 @@ +--- +openssh_default_sshd_config: + PasswordAuthentication: 'no' + ChallengeResponseAuthentication: 'no' + UsePAM: 'yes' + X11Forwarding: 'yes' + PrintMotd: 'no' + AcceptEnv: LANG LC_* + Subsystem: 'sftp /usr/lib/openssh/sftp-server'