add a "reload sshd" handler

This commit is contained in:
Jérémy Lecour 2017-01-04 10:21:27 +01:00 committed by Jérémy Lecour
parent 3cb905714f
commit 0ff5467bce
3 changed files with 18 additions and 10 deletions

View File

@ -0,0 +1,5 @@
---
- name: reload sshd
service:
name: sshd
state: reloaded

View File

@ -66,24 +66,22 @@
failed_when: False
register: grep_allowusers_ssh
- name: Add AllowUsers' sshd directive for '{{ user.name }}'
- name: Add AllowUsers sshd directive for '{{ user.name }}'
lineinfile:
dest: /etc/ssh/sshd_config
line: "\nAllowUsers {{ user.name }}"
insertafter: '^UsePAM'
validate: '/usr/sbin/sshd -T -f %s'
notify:
- reload sshd
notify: reload sshd
when: grep_allowusers_ssh.rc != 0
- name: Modify AllowUsers' sshd directive for '{{ user.name }}'
- name: Modify AllowUsers sshd directive for '{{ user.name }}'
replace:
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!{{ user.name }}).)*)$'
replace: '\1 {{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
notify:
- reload sshd
notify: reload sshd
when: grep_allowusers_ssh.rc == 0
- name: verify Match User directive
@ -97,8 +95,7 @@
dest: /etc/ssh/sshd_config
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
validate: '/usr/sbin/sshd -T -f %s'
notify:
- reload sshd
notify: reload sshd
when: grep_matchuser_ssh.rc != 0
- name: Modify Match User's sshd directive for '{{ user.name }}'
@ -107,8 +104,7 @@
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
replace: '\1,{{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
notify:
- reload sshd
notify: reload sshd
when: grep_matchuser_ssh.rc == 0
- name: Verify Evolinux sudoers file presence
@ -132,3 +128,5 @@
replace: '\1,{{ user.name }}'
validate: '/usr/sbin/visudo -cf %s'
when: not copy_sudoers_evolinux.changed
- meta: flush_handlers

View File

@ -53,3 +53,8 @@
command: newaliases
changed_when: False
- name: reload sshd
service:
name: sshd
state: reloaded