add a "reload sshd" handler
This commit is contained in:
parent
3cb905714f
commit
0ff5467bce
5
admin-users/handlers/main.yml
Normal file
5
admin-users/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: reload sshd
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: reloaded
|
|
@ -66,24 +66,22 @@
|
||||||
failed_when: False
|
failed_when: False
|
||||||
register: grep_allowusers_ssh
|
register: grep_allowusers_ssh
|
||||||
|
|
||||||
- name: Add AllowUsers' sshd directive for '{{ user.name }}'
|
- name: Add AllowUsers sshd directive for '{{ user.name }}'
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nAllowUsers {{ user.name }}"
|
line: "\nAllowUsers {{ user.name }}"
|
||||||
insertafter: '^UsePAM'
|
insertafter: '^UsePAM'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -T -f %s'
|
||||||
notify:
|
notify: reload sshd
|
||||||
- reload sshd
|
|
||||||
when: grep_allowusers_ssh.rc != 0
|
when: grep_allowusers_ssh.rc != 0
|
||||||
|
|
||||||
- name: Modify AllowUsers' sshd directive for '{{ user.name }}'
|
- name: Modify AllowUsers sshd directive for '{{ user.name }}'
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(AllowUsers ((?!{{ user.name }}).)*)$'
|
regexp: '^(AllowUsers ((?!{{ user.name }}).)*)$'
|
||||||
replace: '\1 {{ user.name }}'
|
replace: '\1 {{ user.name }}'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -T -f %s'
|
||||||
notify:
|
notify: reload sshd
|
||||||
- reload sshd
|
|
||||||
when: grep_allowusers_ssh.rc == 0
|
when: grep_allowusers_ssh.rc == 0
|
||||||
|
|
||||||
- name: verify Match User directive
|
- name: verify Match User directive
|
||||||
|
@ -97,8 +95,7 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -T -f %s'
|
||||||
notify:
|
notify: reload sshd
|
||||||
- reload sshd
|
|
||||||
when: grep_matchuser_ssh.rc != 0
|
when: grep_matchuser_ssh.rc != 0
|
||||||
|
|
||||||
- name: Modify Match User's sshd directive for '{{ user.name }}'
|
- name: Modify Match User's sshd directive for '{{ user.name }}'
|
||||||
|
@ -107,8 +104,7 @@
|
||||||
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
||||||
replace: '\1,{{ user.name }}'
|
replace: '\1,{{ user.name }}'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -T -f %s'
|
||||||
notify:
|
notify: reload sshd
|
||||||
- reload sshd
|
|
||||||
when: grep_matchuser_ssh.rc == 0
|
when: grep_matchuser_ssh.rc == 0
|
||||||
|
|
||||||
- name: Verify Evolinux sudoers file presence
|
- name: Verify Evolinux sudoers file presence
|
||||||
|
@ -132,3 +128,5 @@
|
||||||
replace: '\1,{{ user.name }}'
|
replace: '\1,{{ user.name }}'
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
when: not copy_sudoers_evolinux.changed
|
when: not copy_sudoers_evolinux.changed
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
||||||
|
|
|
@ -53,3 +53,8 @@
|
||||||
command: newaliases
|
command: newaliases
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
|
|
||||||
|
- name: reload sshd
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: reloaded
|
||||||
|
|
Loading…
Reference in a new issue