From 3a1b5ec620f1f822e9c78f0d0ab84d8b1e8b7f59 Mon Sep 17 00:00:00 2001
From: Alex Willmer <alex@moreati.org.uk>
Date: Thu, 7 Nov 2024 00:16:22 +0000
Subject: [PATCH] CI: Increase sshd MaxAuthRetries to 50 on macOS runners

refs #1186
---
 .ci/localhost_ansible_tests.py                |  3 +++
 tests/image_prep/macos_localhost.yml          |  7 +++++++
 tests/image_prep/roles/sshd/defaults/main.yml |  2 ++
 tests/image_prep/roles/sshd/tasks/main.yml    | 13 +++++++++++++
 4 files changed, 25 insertions(+)
 create mode 100644 tests/image_prep/macos_localhost.yml

diff --git a/.ci/localhost_ansible_tests.py b/.ci/localhost_ansible_tests.py
index 502a9abc..e4b8329b 100755
--- a/.ci/localhost_ansible_tests.py
+++ b/.ci/localhost_ansible_tests.py
@@ -51,6 +51,9 @@ with ci_lib.Fold('machine_prep'):
         subprocess.check_call('sudo chmod 700 ~root/.ssh', shell=True)
         subprocess.check_call('sudo chmod 600 ~root/.ssh/authorized_keys', shell=True)
 
+    os.chdir(IMAGE_PREP_DIR)
+    ci_lib.run("ansible-playbook -c local -i localhost, macos_localhost.yml")
+
     if os.path.expanduser('~mitogen__user1') == '~mitogen__user1':
         os.chdir(IMAGE_PREP_DIR)
         ci_lib.run("ansible-playbook -c local -i localhost, _user_accounts.yml")
diff --git a/tests/image_prep/macos_localhost.yml b/tests/image_prep/macos_localhost.yml
new file mode 100644
index 00000000..c046a2bc
--- /dev/null
+++ b/tests/image_prep/macos_localhost.yml
@@ -0,0 +1,7 @@
+- name: Configure macOS
+  hosts: all
+  gather_facts: true
+  strategy: mitogen_free
+  become: true
+  roles:
+    - role: sshd
diff --git a/tests/image_prep/roles/sshd/defaults/main.yml b/tests/image_prep/roles/sshd/defaults/main.yml
index 4642c71f..dec0cf0c 100644
--- a/tests/image_prep/roles/sshd/defaults/main.yml
+++ b/tests/image_prep/roles/sshd/defaults/main.yml
@@ -1 +1,3 @@
 sshd_config_file: /etc/ssh/sshd_config
+
+sshd_config__max_auth_tries: 50
diff --git a/tests/image_prep/roles/sshd/tasks/main.yml b/tests/image_prep/roles/sshd/tasks/main.yml
index d160d298..837c7d15 100644
--- a/tests/image_prep/roles/sshd/tasks/main.yml
+++ b/tests/image_prep/roles/sshd/tasks/main.yml
@@ -12,7 +12,20 @@
   loop:
     - line:     Banner /etc/ssh/banner.txt
       regexp:   '^#? *Banner.*'
+    - line:     MaxAuthTries {{ sshd_config__max_auth_tries }}
+      regexp:   '^#? *MaxAuthTries.*'
     - line:     PermitRootLogin yes
       regexp:   '.*PermitRootLogin.*'
   loop_control:
     label: "{{ item.line }}"
+  register: configure_sshd_result
+
+- name: Restart sshd
+  shell: |
+    launchctl unload /System/Library/LaunchDaemons/ssh.plist
+    wait 5
+    launchctl load -w /System/Library/LaunchDaemons/ssh.plist
+  changed_when: true
+  when:
+    - ansible_facts.distribution == "MacOSX"
+    - configure_sshd_result is changed