-
Notifications
You must be signed in to change notification settings - Fork 1
/
sshd_setup.yml
51 lines (43 loc) · 1.5 KB
/
sshd_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
- hosts: all
become: yes
handlers:
- name: Restart SSHD
service:
name: sshd
state: restarted
tasks:
- name: Comment out all existing options that match
replace:
dest: "{{ sshd_config_path }}"
regexp: "^(?!#)({{ item.key }}.*)"
replace: '#\1'
with_dict: "{{ sshd_config_dict }}"
# "Changed when more than one line commented out" because .msg is usually
# "N replacements made", where .msg.split().0 == N
changed_when:
( comment_replace_result.msg.split().0 | default(0) | int ) > 1
register: comment_replace_result
# This undoes what the last task does, but just for the last line found.
# If previously configured, the result from this task should be equivalent
# To the following task, thereby re-gaining idempotency.
- name: Uncomment last matching line for next task's correct idempotency
lineinfile:
dest: "{{ sshd_config_path }}"
backup: no
state: present
regexp: "^#({{ item.key }}.*)"
line: '\1'
backrefs: yes
with_dict: "{{ sshd_config_dict }}"
changed_when: false
- name: Ensure sshd_config options are uncommented and set
lineinfile:
dest: "{{ sshd_config_path }}"
backup: no
state: present
regexp: "^#?{{ item.key }}.*"
line: "{{ item.key }} {{ item.value }}"
with_dict: "{{ sshd_config_dict }}"
notify: Restart SSHD
- name: Check for SSH connectivity
ping: