add a "reload sshd" handler
This commit is contained in:
parent
3cb905714f
commit
0ff5467bce
3 changed files with 18 additions and 10 deletions
5
admin-users/handlers/main.yml
Normal file
5
admin-users/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: reload sshd
|
||||
service:
|
||||
name: sshd
|
||||
state: reloaded
|
|
@ -66,24 +66,22 @@
|
|||
failed_when: False
|
||||
register: grep_allowusers_ssh
|
||||
|
||||
- name: Add AllowUsers' sshd directive for '{{ user.name }}'
|
||||
- name: Add AllowUsers sshd directive for '{{ user.name }}'
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
line: "\nAllowUsers {{ user.name }}"
|
||||
insertafter: '^UsePAM'
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify:
|
||||
- reload sshd
|
||||
notify: reload sshd
|
||||
when: grep_allowusers_ssh.rc != 0
|
||||
|
||||
- name: Modify AllowUsers' sshd directive for '{{ user.name }}'
|
||||
- name: Modify AllowUsers sshd directive for '{{ user.name }}'
|
||||
replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^(AllowUsers ((?!{{ user.name }}).)*)$'
|
||||
replace: '\1 {{ user.name }}'
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify:
|
||||
- reload sshd
|
||||
notify: reload sshd
|
||||
when: grep_allowusers_ssh.rc == 0
|
||||
|
||||
- name: verify Match User directive
|
||||
|
@ -97,8 +95,7 @@
|
|||
dest: /etc/ssh/sshd_config
|
||||
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify:
|
||||
- reload sshd
|
||||
notify: reload sshd
|
||||
when: grep_matchuser_ssh.rc != 0
|
||||
|
||||
- name: Modify Match User's sshd directive for '{{ user.name }}'
|
||||
|
@ -107,8 +104,7 @@
|
|||
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
||||
replace: '\1,{{ user.name }}'
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify:
|
||||
- reload sshd
|
||||
notify: reload sshd
|
||||
when: grep_matchuser_ssh.rc == 0
|
||||
|
||||
- name: Verify Evolinux sudoers file presence
|
||||
|
@ -132,3 +128,5 @@
|
|||
replace: '\1,{{ user.name }}'
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
when: not copy_sudoers_evolinux.changed
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -53,3 +53,8 @@
|
|||
command: newaliases
|
||||
changed_when: False
|
||||
|
||||
|
||||
- name: reload sshd
|
||||
service:
|
||||
name: sshd
|
||||
state: reloaded
|
||||
|
|
Loading…
Add table
Reference in a new issue