ssh-server: RHEL support

5f0771d6 · Thomas Schneider · 91418f47 · 5f0771d6 · 5f0771d6
Commit 5f0771d6 authored 2 years ago by Thomas Schneider
--- a/ssh-server/handlers/main.yml
+++ b/ssh-server/handlers/main.yml
 ---

- name: restart sshd
+- name: restart ssh
  service:
-    name: ssh
+    name: sshd
    state: restarted
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -2,7 +2,7 @@
 # file: roles/common/tasks/sshd.yml

 - name: ensure sshd is installed
-  apt:
+  package:
    name: openssh-server
    state: present
  tags:
@@ -17,7 +17,9 @@
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) < 11
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) < 11
  notify:
    - restart sshd
  tags:
@@ -32,7 +34,9 @@
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) > 10
  notify:
    - restart sshd
  tags:
@@ -47,7 +51,7 @@
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
  with_items:
    - authentication.conf
    - banner.conf
@@ -55,7 +59,7 @@
    - forwarding.conf
    - groups.conf
  notify:
-    - restart sshd
+    - restart ssh
  tags:
    - ssh

@@ -67,7 +71,9 @@
    group: root
    mode: '0644'
    backup: true
-  when: ansible_distribution_major_version|int(default=99) < 11
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) < 11
  tags:
    - ssh

@@ -79,7 +85,9 @@
    group: root
    mode: '0644'
    backup: true
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) > 10
  tags:
    - ssh

@@ -91,7 +99,7 @@
    group: root
    mode: '0644'
    backup: true
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
  with_items:
    - gssapi.conf
    - sshfp.conf
@@ -105,8 +113,9 @@
    owner: root
    group: root
    mode: '0644'
+  when: is_debian
  notify:
-    - restart sshd
+    - restart ssh
  tags:
    - ssh

@@ -114,7 +123,9 @@
  command: pam-auth-update --enable mkhomedir --force
  environment:
    DEBIAN_FRONTEND: noninteractive
-  when: ssh_mkhomedir
+  when:
+    - ssh_mkhomedir
+    - is_debian
  tags:
    - ssh
    - pam
@@ -123,14 +134,16 @@
  command: pam-auth-update --remove mkhomedir --force
  environment:
    DEBIAN_FRONTEND: noninteractive
-  when: not ssh_mkhomedir
+  when:
+    - not ssh_mkhomedir
+    - is_debian
  tags:
    - ssh
    - pam

 - name: ensure sshd is running and enabled
  service:
-    name: ssh
+    name: ssh{{ "d" if is_rhel }}
    state: started
    enabled: true
  tags:
@@ -192,7 +205,7 @@
    - root

 - name: ensure we fail2ban bad people
-  apt:
+  package:
    name: fail2ban
    state: present
  tags:
@@ -202,6 +215,7 @@
  apt:
    name: molly-guard
    state: present
+  when: is_debian
  tags:
    - molly
    - shell
@@ -214,6 +228,7 @@
    owner: root
    group: root
    mode: '0644'
+  when: is_debian
  tags:
    - molly
    - shell