Simplify evolinux-users ssh tasks

It makes no sense to make a check before you include the task and do lt again after. Just use the pre-registered variables. This removes two tasks per user loop and one overall task.
2019-08-06 17:53:21 -04:00 · 2019-08-06 17:53:21 -04:00 · 9049a97792
parent b7844dd804
commit 9049a97792
3 changed files with 20 additions and 31 deletions
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@ -41,13 +41,27 @@
    verbosity: 1

 - include: ssh_allowgroups.yml
+  vars:
+    - allow_groups_present: "{{ grep_allowgroups_ssh.rc == 0 }}"
  when:
    - ssh_allowgroups
    - not ssh_allowusers

+- name: "verify Match User directive"
+  command: "grep -E '^Match User' /etc/ssh/sshd_config"
+  changed_when: False
+  failed_when: False
+  check_mode: no
+  register: grep_matchuser_ssh
+  when:
+    - ssh_allowusers
+    - not ssh_allowgroups
+
 - include: ssh_allowusers.yml
  vars:
    user: "{{ item.value }}"
+    - allow_users_present: "{{ grep_allowusers_ssh.rc == 0 }}"
+    - match_users_present: "{{ grep_matchuser_ssh.rc == 0 }}"
  with_dict: "{{ evolinux_users }}"
  when:
    - ssh_allowusers
--- a/evolinux-users/tasks/ssh_allowgroups.yml
+++ b/evolinux-users/tasks/ssh_allowgroups.yml
@ -1,14 +1,5 @@
 ---

-# this check must be repeated for each user
-# even if it's been done before
- name: verify AllowGroups directive
-  command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
-  changed_when: False
-  failed_when: False
-  check_mode: no
-  register: grep_allowgroups_ssh
-
 - name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
  lineinfile:
    dest: /etc/ssh/sshd_config
@ -16,7 +7,7 @@
    insertafter: 'Subsystem'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_allowgroups_ssh.rc != 0
+  when: not allow_groups_present

 - name: "Append '{{ evolinux_ssh_group }}' to AllowGroups sshd directive"
  replace:
@ -25,4 +16,4 @@
    replace: '\1 {{ evolinux_ssh_group }}'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_allowgroups_ssh.rc == 0
+  when: allow_groups_present
--- a/evolinux-users/tasks/ssh_allowusers.yml
+++ b/evolinux-users/tasks/ssh_allowusers.yml
@ -1,14 +1,5 @@
 ---

-# this check must be repeated for each user
-# even if it's been done before
- name: verify AllowUsers directive
-  command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
-  changed_when: False
-  failed_when: False
-  check_mode: no
-  register: grep_allowusers_ssh
-
 - name: "Add AllowUsers sshd directive with '{{ user.name }}'"
  lineinfile:
    dest: /etc/ssh/sshd_config
@ -16,7 +7,7 @@
    insertafter: 'Subsystem'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_allowusers_ssh.rc != 0
+  when: not allow_users_present

 - name: "Append '{{ user.name }}' to AllowUsers sshd directive"
  replace:
@ -25,14 +16,7 @@
    replace: '\1 {{ user.name }}'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_allowusers_ssh.rc == 0
-
- name: "verify Match User directive"
-  command: "grep -E '^Match User' /etc/ssh/sshd_config"
-  changed_when: False
-  failed_when: False
-  check_mode: no
-  register: grep_matchuser_ssh
+  when: allow_users_present

 - name: "Add Match User sshd directive with '{{ user.name }}'"
  lineinfile:
@ -41,7 +25,7 @@
    insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_matchuser_ssh.rc != 0
+  when: not allow_users_present

 - name: "Append '{{ user.name }}' to Match User's sshd directive"
  replace:
@ -50,4 +34,4 @@
    replace: '\1,{{ user.name }}'
    validate: '/usr/sbin/sshd -t -f %s'
  notify: reload sshd
-  when: grep_matchuser_ssh.rc == 0
+  when: match_users_present