Simplify evolinux-users ssh tasks
It makes no sense to make a check before you include the task and do lt again after. Just use the pre-registered variables. This removes two tasks per user loop and one overall task.
This commit is contained in:
parent
b7844dd804
commit
9049a97792
|
@ -41,13 +41,27 @@
|
|||
verbosity: 1
|
||||
|
||||
- include: ssh_allowgroups.yml
|
||||
vars:
|
||||
- allow_groups_present: "{{ grep_allowgroups_ssh.rc == 0 }}"
|
||||
when:
|
||||
- ssh_allowgroups
|
||||
- not ssh_allowusers
|
||||
|
||||
- name: "verify Match User directive"
|
||||
command: "grep -E '^Match User' /etc/ssh/sshd_config"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: grep_matchuser_ssh
|
||||
when:
|
||||
- ssh_allowusers
|
||||
- not ssh_allowgroups
|
||||
|
||||
- include: ssh_allowusers.yml
|
||||
vars:
|
||||
user: "{{ item.value }}"
|
||||
- allow_users_present: "{{ grep_allowusers_ssh.rc == 0 }}"
|
||||
- match_users_present: "{{ grep_matchuser_ssh.rc == 0 }}"
|
||||
with_dict: "{{ evolinux_users }}"
|
||||
when:
|
||||
- ssh_allowusers
|
||||
|
|
|
@ -1,14 +1,5 @@
|
|||
---
|
||||
|
||||
# this check must be repeated for each user
|
||||
# even if it's been done before
|
||||
- name: verify AllowGroups directive
|
||||
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: grep_allowgroups_ssh
|
||||
|
||||
- name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
|
@ -16,7 +7,7 @@
|
|||
insertafter: 'Subsystem'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_allowgroups_ssh.rc != 0
|
||||
when: not allow_groups_present
|
||||
|
||||
- name: "Append '{{ evolinux_ssh_group }}' to AllowGroups sshd directive"
|
||||
replace:
|
||||
|
@ -25,4 +16,4 @@
|
|||
replace: '\1 {{ evolinux_ssh_group }}'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_allowgroups_ssh.rc == 0
|
||||
when: allow_groups_present
|
||||
|
|
|
@ -1,14 +1,5 @@
|
|||
---
|
||||
|
||||
# this check must be repeated for each user
|
||||
# even if it's been done before
|
||||
- name: verify AllowUsers directive
|
||||
command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: grep_allowusers_ssh
|
||||
|
||||
- name: "Add AllowUsers sshd directive with '{{ user.name }}'"
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
|
@ -16,7 +7,7 @@
|
|||
insertafter: 'Subsystem'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_allowusers_ssh.rc != 0
|
||||
when: not allow_users_present
|
||||
|
||||
- name: "Append '{{ user.name }}' to AllowUsers sshd directive"
|
||||
replace:
|
||||
|
@ -25,14 +16,7 @@
|
|||
replace: '\1 {{ user.name }}'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_allowusers_ssh.rc == 0
|
||||
|
||||
- name: "verify Match User directive"
|
||||
command: "grep -E '^Match User' /etc/ssh/sshd_config"
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
check_mode: no
|
||||
register: grep_matchuser_ssh
|
||||
when: allow_users_present
|
||||
|
||||
- name: "Add Match User sshd directive with '{{ user.name }}'"
|
||||
lineinfile:
|
||||
|
@ -41,7 +25,7 @@
|
|||
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_matchuser_ssh.rc != 0
|
||||
when: not allow_users_present
|
||||
|
||||
- name: "Append '{{ user.name }}' to Match User's sshd directive"
|
||||
replace:
|
||||
|
@ -50,4 +34,4 @@
|
|||
replace: '\1,{{ user.name }}'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: reload sshd
|
||||
when: grep_matchuser_ssh.rc == 0
|
||||
when: match_users_present
|
||||
|
|
Loading…
Reference in a new issue