From 8cfcb66cda44d8740383eeaa7641a58b3e3e9e04 Mon Sep 17 00:00:00 2001 From: Alex Willmer Date: Wed, 6 Nov 2024 23:56:55 +0000 Subject: [PATCH] CI: Refactor sshd configuration into a role Prep for applying it to macOS 13 GitHub runners. refs #1186 --- tests/image_prep/_container_setup.yml | 27 +++++++------------ tests/image_prep/roles/sshd/defaults/main.yml | 1 + .../roles/sshd/files/banner.txt} | 0 tests/image_prep/roles/sshd/tasks/main.yml | 18 +++++++++++++ 4 files changed, 28 insertions(+), 18 deletions(-) create mode 100644 tests/image_prep/roles/sshd/defaults/main.yml rename tests/{data/docker/ssh_login_banner.txt => image_prep/roles/sshd/files/banner.txt} (100%) create mode 100644 tests/image_prep/roles/sshd/tasks/main.yml diff --git a/tests/image_prep/_container_setup.yml b/tests/image_prep/_container_setup.yml index d41d1326..2972adda 100644 --- a/tests/image_prep/_container_setup.yml +++ b/tests/image_prep/_container_setup.yml @@ -23,10 +23,16 @@ gather_facts: true vars: distro: "{{ansible_distribution}}" - tasks: - - when: ansible_virtualization_type != "docker" - meta: end_play + pre_tasks: + - meta: end_play + when: + - ansible_facts.virtualization_type != "docker" + + roles: + - role: sshd + + tasks: - name: Ensure requisite apt packages are installed apt: name: "{{ common_packages + packages }}" @@ -134,10 +140,6 @@ content: | i-am-mitogen-test-docker-image - - copy: - dest: /etc/ssh/banner.txt - src: ../data/docker/ssh_login_banner.txt - - name: Ensure /etc/sudoers.d exists file: state: directory @@ -169,17 +171,6 @@ line: "%wheel ALL=(ALL) ALL" when: ansible_os_family == 'RedHat' - - name: Enable SSH banner - lineinfile: - path: /etc/ssh/sshd_config - line: Banner /etc/ssh/banner.txt - - - name: Allow remote SSH root login - lineinfile: - path: /etc/ssh/sshd_config - line: PermitRootLogin yes - regexp: '.*PermitRootLogin.*' - - name: Allow remote SSH root login lineinfile: path: /etc/pam.d/sshd diff --git a/tests/image_prep/roles/sshd/defaults/main.yml b/tests/image_prep/roles/sshd/defaults/main.yml new file mode 100644 index 00000000..4642c71f --- /dev/null +++ b/tests/image_prep/roles/sshd/defaults/main.yml @@ -0,0 +1 @@ +sshd_config_file: /etc/ssh/sshd_config diff --git a/tests/data/docker/ssh_login_banner.txt b/tests/image_prep/roles/sshd/files/banner.txt similarity index 100% rename from tests/data/docker/ssh_login_banner.txt rename to tests/image_prep/roles/sshd/files/banner.txt diff --git a/tests/image_prep/roles/sshd/tasks/main.yml b/tests/image_prep/roles/sshd/tasks/main.yml new file mode 100644 index 00000000..d160d298 --- /dev/null +++ b/tests/image_prep/roles/sshd/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Create login banner + copy: + src: banner.txt + dest: /etc/ssh/banner.txt + mode: u=rw,go=r + +- name: Configure sshd_config + lineinfile: + path: "{{ sshd_config_file }}" + line: "{{ item.line }}" + regexp: "{{ item.regexp }}" + loop: + - line: Banner /etc/ssh/banner.txt + regexp: '^#? *Banner.*' + - line: PermitRootLogin yes + regexp: '.*PermitRootLogin.*' + loop_control: + label: "{{ item.line }}"