From c00630972632ebd6f6dd1355fabc60e26613b79d Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Mon, 22 Jan 2024 21:14:18 +0300 Subject: [PATCH 01/24] users and group are actually lists. --- templates/sshd_config_Alpine.j2 | 4 ++-- templates/sshd_config_Archlinux.j2 | 5 ++--- templates/sshd_config_Debian.j2 | 4 ++-- templates/sshd_config_Fedora.j2 | 4 ++-- templates/sshd_config_RedHat-7.j2 | 4 ++-- templates/sshd_config_RedHat.j2 | 4 ++-- templates/sshd_config_Suse.j2 | 4 ++-- vars/main.yml | 12 ++++-------- 8 files changed, 18 insertions(+), 23 deletions(-) diff --git a/templates/sshd_config_Alpine.j2 b/templates/sshd_config_Alpine.j2 index 7da7d6f..b95a75d 100644 --- a/templates/sshd_config_Alpine.j2 +++ b/templates/sshd_config_Alpine.j2 @@ -72,9 +72,9 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ') }} {% endif %} diff --git a/templates/sshd_config_Archlinux.j2 b/templates/sshd_config_Archlinux.j2 index a6682c1..a92d747 100644 --- a/templates/sshd_config_Archlinux.j2 +++ b/templates/sshd_config_Archlinux.j2 @@ -79,11 +79,10 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} -{% endif %} +AllowGroups {{ openssh_allow_groups | join(' ') }} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/templates/sshd_config_Debian.j2 b/templates/sshd_config_Debian.j2 index f062731..f9bef30 100644 --- a/templates/sshd_config_Debian.j2 +++ b/templates/sshd_config_Debian.j2 @@ -80,11 +80,11 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ') }} {% endif %} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/templates/sshd_config_Fedora.j2 b/templates/sshd_config_Fedora.j2 index c38da52..fdac22b 100644 --- a/templates/sshd_config_Fedora.j2 +++ b/templates/sshd_config_Fedora.j2 @@ -81,11 +81,11 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ' ) }} {% endif %} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/templates/sshd_config_RedHat-7.j2 b/templates/sshd_config_RedHat-7.j2 index 9f5fd20..f07bcd5 100644 --- a/templates/sshd_config_RedHat-7.j2 +++ b/templates/sshd_config_RedHat-7.j2 @@ -82,11 +82,11 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ') }} {% endif %} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/templates/sshd_config_RedHat.j2 b/templates/sshd_config_RedHat.j2 index ca1783e..9f27963 100644 --- a/templates/sshd_config_RedHat.j2 +++ b/templates/sshd_config_RedHat.j2 @@ -148,11 +148,11 @@ Subsystem {{ openssh_subsystem }} # ForceCommand cvs server {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ') }} {% endif %} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/templates/sshd_config_Suse.j2 b/templates/sshd_config_Suse.j2 index f062731..f9bef30 100644 --- a/templates/sshd_config_Suse.j2 +++ b/templates/sshd_config_Suse.j2 @@ -80,11 +80,11 @@ AcceptEnv {{ item }} Subsystem {{ openssh_subsystem }} {% if openssh_allow_users is defined %} -AllowUsers {{ openssh_allow_users }} +AllowUsers {{ openssh_allow_users | join(' ') }} {% endif %} {% if openssh_allow_groups is defined %} -AllowGroups {{ openssh_allow_groups }} +AllowGroups {{ openssh_allow_groups | join(' ') }} {% endif %} TrustedUserCAKeys {{ openssh_trusted_user_ca_keys }} diff --git a/vars/main.yml b/vars/main.yml index d1fac21..a0eb012 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -9,13 +9,10 @@ _openssh_packages: openssh_packages: "{{ _openssh_packages[ansible_os_family] | default(_openssh_packages['default']) }}" -_openssh_key_types: - default: - - rsa - - ecdsa - - ed25519 - -openssh_key_types: "{{ _openssh_key_types[ansible_distribution ~ '-' ~ ansible_distribution_major_version] | default(_openssh_key_types['default'] ) }}" +openssh_key_types: + - rsa + - ecdsa + - ed25519 openssh_run_directory: /run/sshd @@ -26,7 +23,6 @@ _openssh_service: Debian-bullseye: ssh Ubuntu-19: ssh Ubuntu-20: ssh - Kali-kali-rolling: ssh openssh_service: "{{ _openssh_service[ansible_distribution ~ '-' ~ ansible_distribution_release] | default(_openssh_service['default'] ) }}" From 4cbf4161874b65a39f1bdfec73ef74c5720d2279 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 4 Feb 2024 16:40:02 +0300 Subject: [PATCH 02/24] Clean up role. --- .github/FUNDING.yml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 5dafe2e..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -github: buluma From 78ff3affa19739778bf0b123fed488893a308fd7 Mon Sep 17 00:00:00 2001 From: "Shadow Walker [GH bot]" Date: Sun, 4 Feb 2024 18:42:32 +0000 Subject: [PATCH 03/24] Updated CHANGELOG.md on "2024-02-04 18:42:32" --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d83ff0e..e2eb7b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ # Changelog -## [Unreleased](https://github.com/buluma/ansible-role-openssh/tree/HEAD) +## [2.1.0](https://github.com/buluma/ansible-role-openssh/tree/2.1.0) (2024-01-22) -[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/2.0.0...HEAD) +[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/2.0.0...2.1.0) **Closed issues:** From af4aa58f0cc8e379b33fb9b34a69d9cd1aef7c1b Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sat, 17 Feb 2024 14:16:05 +0300 Subject: [PATCH 04/24] Update Action containers. --- .github/workflows/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 4cd49cf..9920ec2 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -79,7 +79,7 @@ jobs: with: path: "${{ github.repository }}" - name: Running Molecule Test - uses: buluma/molecule-action@v6.0.3 + uses: buluma/molecule-action@v24.2.0 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} From a5ccba73967888f1904d46f31740db5542c983b7 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 17 Mar 2024 17:29:59 +0300 Subject: [PATCH 05/24] Update Action containers. --- .github/workflows/molecule.yml | 2 +- .github/workflows/requirements2png.yml | 2 +- .pre-commit-config.yaml | 3 ++- .yamllint | 6 +++++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 9920ec2..f2de5e0 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -44,7 +44,7 @@ jobs: test: runs-on: ubuntu-20.04 strategy: - fail-fast: false + fail-fast: no matrix: config: - image: "alpine-openrc" diff --git a/.github/workflows/requirements2png.yml b/.github/workflows/requirements2png.yml index cf3c539..b35b861 100644 --- a/.github/workflows/requirements2png.yml +++ b/.github/workflows/requirements2png.yml @@ -41,5 +41,5 @@ jobs: uses: ad-m/github-push-action@master with: directory: ${{ github.repository }} - force: true + force: yes branch: png diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6f3deda..277ab07 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,8 @@ repos: rev: v1.32.0 hooks: - id: yamllint - args: [-c=.yamllint] + args: + - -c=.yamllint - repo: https://github.com/buluma/pre-commit rev: v1.0.3 diff --git a/.yamllint b/.yamllint index a7ff098..10d5946 100644 --- a/.yamllint +++ b/.yamllint @@ -9,7 +9,11 @@ rules: max-spaces-inside: 1 level: error line-length: disable - truthy: disable + truthy: + check-keys: no + allowed-values: + - "yes" + - "no" ignore: | .tox/ From 999d6817406c93d3a2e347e11075a9f015ff2429 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Mon, 18 Mar 2024 08:25:20 +0300 Subject: [PATCH 06/24] Update Action containers. --- .github/workflows/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index f2de5e0..9920ec2 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -44,7 +44,7 @@ jobs: test: runs-on: ubuntu-20.04 strategy: - fail-fast: no + fail-fast: false matrix: config: - image: "alpine-openrc" From b4b334a76f74a9f64a9859d222a43e7a7b29e5d1 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Wed, 20 Mar 2024 10:59:05 +0300 Subject: [PATCH 07/24] Update Action containers. --- .github/workflows/depandabot_merge.yml | 2 +- .github/workflows/molecule.yml | 7 +++---- .github/workflows/release_drafter.yml | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/depandabot_merge.yml b/.github/workflows/depandabot_merge.yml index f445ef1..f394ab3 100644 --- a/.github/workflows/depandabot_merge.yml +++ b/.github/workflows/depandabot_merge.yml @@ -24,4 +24,4 @@ jobs: steps: - uses: "actions/checkout@master" - name: Dependabot Auto Merge Action - uses: buluma/dependabot-auto-merge-action@v2.1.1 + uses: buluma/dependabot-auto-merge-action@v2.1.2 diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 9920ec2..024b5e3 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -12,7 +12,7 @@ on: - main - testing - dependabot/** - - renovate/** + # - renovate/** paths-ignore: - '**/README.md' - '**/CHANGELOG.md' @@ -24,7 +24,6 @@ on: # - cron: '29 15 15 * *' - cron: '29 15 * * *' - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: permissions: write-all @@ -42,7 +41,7 @@ jobs: - name: ansible-lint uses: ansible-community/ansible-lint-action@main test: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: @@ -88,7 +87,7 @@ jobs: needs: - lint - test - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'buluma' && github.event_name == 'pull_request'}} steps: - uses: "actions/checkout@master" diff --git a/.github/workflows/release_drafter.yml b/.github/workflows/release_drafter.yml index 2909d9a..875566b 100644 --- a/.github/workflows/release_drafter.yml +++ b/.github/workflows/release_drafter.yml @@ -41,7 +41,7 @@ jobs: steps: # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@v6 # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml with: config-name: release-drafter.yml From 0c423c468aa97423e54734737879bdc9da32d916 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 24 Mar 2024 18:37:19 +0300 Subject: [PATCH 08/24] Update Action containers. --- .github/workflows/molecule.yml | 6 +++++- .github/workflows/requirements2png.yml | 2 +- .yamllint | 5 +---- README.md | 14 +++++++------- molecule/default/molecule.yml | 4 ++-- 5 files changed, 16 insertions(+), 15 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 024b5e3..a27bc64 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -72,6 +72,10 @@ jobs: tag: "focal" - image: "docker-ubuntu-systemd" tag: "bionic" + - image: "docker-ubuntu-systemd" + tag: "lunar" + - image: "docker-ubuntu-systemd" + tag: "noble" steps: - name: Checkout Role uses: actions/checkout@v4 @@ -93,7 +97,7 @@ jobs: - uses: "actions/checkout@master" - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v1 + uses: dependabot/fetch-metadata@v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Approve a PR diff --git a/.github/workflows/requirements2png.yml b/.github/workflows/requirements2png.yml index b35b861..cf3c539 100644 --- a/.github/workflows/requirements2png.yml +++ b/.github/workflows/requirements2png.yml @@ -41,5 +41,5 @@ jobs: uses: ad-m/github-push-action@master with: directory: ${{ github.repository }} - force: yes + force: true branch: png diff --git a/.yamllint b/.yamllint index 10d5946..1460f2c 100644 --- a/.yamllint +++ b/.yamllint @@ -10,10 +10,7 @@ rules: level: error line-length: disable truthy: - check-keys: no - allowed-values: - - "yes" - - "no" + check-keys: false ignore: | .tox/ diff --git a/README.md b/README.md index 8b62255..de7e250 100644 --- a/README.md +++ b/README.md @@ -186,13 +186,13 @@ This role has been tested on these [container images](https://hub.docker.com/u/b |container|tags| |---------|----| -|[Alpine](https://hub.docker.com/repository/docker/buluma/alpine/general)|all| -|[Amazon](https://hub.docker.com/repository/docker/buluma/amazonlinux/general)|Candidate| -|[EL](https://hub.docker.com/repository/docker/buluma/enterpriselinux/general)|8, 9| -|[Debian](https://hub.docker.com/repository/docker/buluma/debian/general)|all| -|[Fedora](https://hub.docker.com/repository/docker/buluma/fedora/general)|all| -|[opensuse](https://hub.docker.com/repository/docker/buluma/opensuse/general)|all| -|[Ubuntu](https://hub.docker.com/repository/docker/buluma/ubuntu/general)|all| +|[Alpine](https://hub.docker.com/r/buluma/alpine)|all| +|[Amazon](https://hub.docker.com/r/buluma/amazonlinux)|Candidate| +|[EL](https://hub.docker.com/r/buluma/enterpriselinux)|8, 9| +|[Debian](https://hub.docker.com/r/buluma/debian)|all| +|[Fedora](https://hub.docker.com/r/buluma/fedora)|all| +|[opensuse](https://hub.docker.com/r/buluma/opensuse)|all| +|[Ubuntu](https://hub.docker.com/r/buluma/ubuntu)|all| The minimum version of Ansible required is 2.12, tests have been done to: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 16d0c96..dc6ead5 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -20,8 +20,8 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw cgroupns_mode: host - privileged: yes - pre_build_image: yes + privileged: true + pre_build_image: true provisioner: name: ansible verifier: From eb910d0a45d330785bdc5b5e6f041dab4e582abf Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Tue, 26 Mar 2024 05:21:27 +0300 Subject: [PATCH 09/24] Ansible Generated Update. --- .github/ISSUE_TEMPLATE/bug_report.md | 1 - .github/ISSUE_TEMPLATE/feature_request.md | 1 - CONTRIBUTING.md | 1 - README.md | 1 - SECURITY.md | 1 - defaults/main.yml | 56 +++---- meta/preferences.yml | 2 +- molecule/default/converge.yml | 4 +- molecule/default/prepare.yml | 4 +- molecule/default/verify.yml | 8 +- tasks/assert.yml | 170 +++++++++++----------- tasks/main.yml | 4 +- 12 files changed, 124 insertions(+), 129 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index fc64712..688e38b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -27,4 +27,3 @@ Show at least the error, possible related output, if possible all the output. - Control node OS: [e.g. Debian 9] (`cat /etc/os-release`) - Control node Ansible version: [e.g. 2.9.1] (`ansible --version`) - Managed node OS: [e.g. CentOS 7] (`cat /etc/os-release`) - diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index f13966d..851193c 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -15,4 +15,3 @@ Why is this feature required? ## Additional context Add any other context about the feature request here. - diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6a55e82..9b1e95d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -72,4 +72,3 @@ In the comment-box, you can [refer to the issue number](https://help.github.com/ Now I'll get a message that you've added some code. Thank you, really. CI starts to test your changes once pull request is reviewed. You can follow the progress on GitHub. - diff --git a/README.md b/README.md index de7e250..15b0195 100644 --- a/README.md +++ b/README.md @@ -213,4 +213,3 @@ If you find issues, please register them in [GitHub](https://github.com/buluma/a ## [Author Information](#author-information) [Shadow Walker](https://buluma.github.io/) - diff --git a/SECURITY.md b/SECURITY.md index fcb887b..276d0ff 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,4 +19,3 @@ Please [open an issue](https://github.com/buluma/ansible-role-openssh/issues) de Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc. - diff --git a/defaults/main.yml b/defaults/main.yml index 4d16b04..af9615a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -22,12 +22,12 @@ openssh_syslog_facility: AUTH openssh_loglevel: INFO openssh_login_grace_time: 2m -openssh_permit_root_login: "yes" -openssh_strict_modes: "yes" +openssh_permit_root_login: "true" +openssh_strict_modes: "true" openssh_max_auth_tries: 6 openssh_max_sessions: 10 -openssh_pub_key_authentication: "yes" +openssh_pub_key_authentication: "true" openssh_authorized_key_file: ".ssh/authorized_keys" @@ -35,44 +35,44 @@ openssh_authorized_prinicpals_file: none openssh_authorized_keys_command: none openssh_authorized_keys_command_user: nobody -openssh_host_based_authentication: "no" -openssh_ignore_user_known_hosts: "no" -openssh_ignore_rhosts: "yes" +openssh_host_based_authentication: "false" +openssh_ignore_user_known_hosts: "false" +openssh_ignore_rhosts: "true" -openssh_permit_empty_passwords: "no" -openssh_password_authentication: "yes" +openssh_permit_empty_passwords: "false" +openssh_password_authentication: "true" -openssh_challenge_response_authentication: "no" +openssh_challenge_response_authentication: "false" -openssh_gssapi_authentication: "yes" -openssh_gssapi_cleanup_credentials: "no" -openssh_gssapi_strict_acceptor_check: "yes" -openssh_gssapi_key_exchange: "no" -openssh_gssaip_enable_k5_users: "no" +openssh_gssapi_authentication: "true" +openssh_gssapi_cleanup_credentials: "false" +openssh_gssapi_strict_acceptor_check: "true" +openssh_gssapi_key_exchange: "false" +openssh_gssaip_enable_k5_users: "false" -openssh_use_pam: "yes" +openssh_use_pam: "true" -openssh_allow_agent_forwarding: "yes" -openssh_allow_tcp_forwarding: "yes" -openssh_gateway_ports: "no" -openssh_x11_forwarding: "yes" +openssh_allow_agent_forwarding: "true" +openssh_allow_tcp_forwarding: "true" +openssh_gateway_ports: "false" +openssh_x11_forwarding: "true" openssh_x11_display_offset: 10 -openssh_x11_use_localhost: "yes" -openssh_permit_tty: "yes" +openssh_x11_use_localhost: "true" +openssh_permit_tty: "true" -openssh_print_motd: "no" +openssh_print_motd: "false" -openssh_print_last_log: "yes" -openssh_tcp_keep_alive: "yes" -openssh_permit_user_environment: "no" +openssh_print_last_log: "true" +openssh_tcp_keep_alive: "true" +openssh_permit_user_environment: "false" openssh_compression: delayed openssh_client_alive_interval: 30 openssh_client_alive_count_max: 3 -openssh_show_patch_level: "no" -openssh_use_dns: "no" +openssh_show_patch_level: "false" +openssh_use_dns: "false" openssh_pid_file: /var/run/sshd.pid openssh_max_startups: "10:30:100" -openssh_permit_tunnel: "no" +openssh_permit_tunnel: "false" openssh_chroot_directory: none openssh_version_addendum: none diff --git a/meta/preferences.yml b/meta/preferences.yml index e7fdebf..347560f 100644 --- a/meta/preferences.yml +++ b/meta/preferences.yml @@ -1,2 +1,2 @@ --- -tox_parallel: yes +tox_parallel: true diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 0982ba4..b16e479 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,8 +1,8 @@ --- - name: Converge hosts: all - become: yes - gather_facts: yes + become: true + gather_facts: true roles: - role: ansible-role-openssh diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 6d186fe..dc9fba4 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,8 +1,8 @@ --- - name: Prepare hosts: all - become: yes - gather_facts: no + become: true + gather_facts: false roles: - role: buluma.bootstrap diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index e1c36a1..b7d262b 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,8 +1,8 @@ --- - name: Verify hosts: all - become: yes - gather_facts: no + become: true + gather_facts: false tasks: - name: Check if connection still works @@ -12,7 +12,7 @@ ansible.builtin.lineinfile: path: /etc/ssh/sshd_config line: AllowUsers root - check_mode: yes + check_mode: true register: openssh_check_if_allowusers_is_set failed_when: - openssh_check_if_allowusers_is_set is changed @@ -21,7 +21,7 @@ ansible.builtin.lineinfile: path: /etc/ssh/sshd_config line: AllowGroups root - check_mode: yes + check_mode: true register: openssh_check_if_allowgroups_is_set failed_when: - openssh_check_if_allowgroups_is_set is changed diff --git a/tasks/assert.yml b/tasks/assert.yml index ed4e45b..ea40987 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -7,7 +7,7 @@ - openssh_port is number - openssh_port > 0 - openssh_port < 65536 - quiet: yes + quiet: true - name: assert | Test openssh_address_family ansible.builtin.assert: @@ -15,21 +15,21 @@ - openssh_address_family is defined - openssh_address_family is string - openssh_address_family in [ "any", "inet", "inet6" ] - quiet: yes + quiet: true - name: assert | Test openssh_listen_addresses ansible.builtin.assert: that: - openssh_listen_addresses is defined - openssh_listen_addresses is iterable - quiet: yes + quiet: true - name: assert | Test openssh_host_keys ansible.builtin.assert: that: - openssh_host_keys is defined - openssh_host_keys is iterable - quiet: yes + quiet: true - name: assert | Test openssh_rekey_limit ansible.builtin.assert: @@ -37,7 +37,7 @@ - openssh_rekey_limit is defined - openssh_rekey_limit is string - openssh_rekey_limit is not none - quiet: yes + quiet: true - name: assert | Test openssh_syslog_facility ansible.builtin.assert: @@ -45,7 +45,7 @@ - openssh_syslog_facility is defined - openssh_syslog_facility is string - openssh_syslog_facility in [ "DAEMON", "USER", "AUTH", "LOCAL0", "LOCAL1", "LOCAL2", "LOCAL3", "LOCAL4", "LOCAL5", "LOCAL6", "LOCAL7" ] - quiet: yes + quiet: true - name: assert | Test openssh_loglevel ansible.builtin.assert: @@ -53,7 +53,7 @@ - openssh_loglevel is defined - openssh_loglevel is string - openssh_loglevel in [ "QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3" ] - quiet: yes + quiet: true - name: assert | Test openssh_login_grace_time ansible.builtin.assert: @@ -61,23 +61,23 @@ - openssh_login_grace_time is defined - openssh_login_grace_time is string - openssh_login_grace_time is not none - quiet: yes + quiet: true - name: assert | Test openssh_permit_root_login ansible.builtin.assert: that: - openssh_permit_root_login is defined - openssh_permit_root_login is string - - openssh_permit_root_login in [ "yes", "no", "without-password", "prohibit-password", "forced-commands-only" ] - quiet: yes + - openssh_permit_root_login in [ "true", "false", "without-password", "prohibit-password", "forced-commands-only" ] + quiet: true - name: assert | Test openssh_strict_modes ansible.builtin.assert: that: - openssh_strict_modes is defined - openssh_strict_modes is string - - openssh_strict_modes in [ "yes", "no" ] - quiet: yes + - openssh_strict_modes in [ "true", "false" ] + quiet: true - name: assert | Test openssh_max_auth_tries ansible.builtin.assert: @@ -85,7 +85,7 @@ - openssh_max_auth_tries is defined - openssh_max_auth_tries is number - openssh_max_auth_tries >= 0 - quiet: yes + quiet: true - name: assert | Test openssh_max_sessions ansible.builtin.assert: @@ -93,15 +93,15 @@ - openssh_max_sessions is defined - openssh_max_sessions is number - openssh_max_sessions >= 0 - quiet: yes + quiet: true - name: assert | Test openssh_pub_key_authentication ansible.builtin.assert: that: - openssh_pub_key_authentication is defined - openssh_pub_key_authentication is string - - openssh_pub_key_authentication in [ "yes", "no" ] - quiet: yes + - openssh_pub_key_authentication in [ "true", "false" ] + quiet: true - name: assert | Test openssh_authorized_key_file ansible.builtin.assert: @@ -109,7 +109,7 @@ - openssh_authorized_key_file is defined - openssh_authorized_key_file is string - openssh_authorized_key_file is not none - quiet: yes + quiet: true - name: assert | Test openssh_authorized_prinicpals_file ansible.builtin.assert: @@ -117,7 +117,7 @@ - openssh_authorized_prinicpals_file is defined - openssh_authorized_prinicpals_file is string - openssh_authorized_prinicpals_file is not none - quiet: yes + quiet: true - name: assert | Test openssh_authorized_keys_command ansible.builtin.assert: @@ -125,7 +125,7 @@ - openssh_authorized_keys_command is defined - openssh_authorized_keys_command is string - openssh_authorized_keys_command is not none - quiet: yes + quiet: true - name: assert | Test openssh_authorized_keys_command_user ansible.builtin.assert: @@ -133,135 +133,135 @@ - openssh_authorized_keys_command_user is defined - openssh_authorized_keys_command_user is string - openssh_authorized_keys_command_user is not none - quiet: yes + quiet: true - name: assert | Test openssh_host_based_authentication ansible.builtin.assert: that: - openssh_host_based_authentication is defined - openssh_host_based_authentication is string - - openssh_host_based_authentication in [ "yes", "no" ] - quiet: yes + - openssh_host_based_authentication in [ "true", "false" ] + quiet: true - name: assert | Test openssh_ignore_user_known_hosts ansible.builtin.assert: that: - openssh_ignore_user_known_hosts is defined - openssh_ignore_user_known_hosts is string - - openssh_ignore_user_known_hosts in [ "yes", "no" ] - quiet: yes + - openssh_ignore_user_known_hosts in [ "true", "false" ] + quiet: true - name: assert | Test openssh_ignore_rhosts ansible.builtin.assert: that: - openssh_ignore_rhosts is defined - openssh_ignore_rhosts is string - - openssh_ignore_rhosts in [ "yes", "no" ] - quiet: yes + - openssh_ignore_rhosts in [ "true", "false" ] + quiet: true - name: assert | Test openssh_permit_empty_passwords ansible.builtin.assert: that: - openssh_permit_empty_passwords is defined - openssh_permit_empty_passwords is string - - openssh_permit_empty_passwords in [ "yes", "no" ] - quiet: yes + - openssh_permit_empty_passwords in [ "true", "false" ] + quiet: true - name: assert | Test openssh_password_authentication ansible.builtin.assert: that: - openssh_password_authentication is defined - openssh_password_authentication is string - - openssh_password_authentication in [ "yes", "no" ] - quiet: yes + - openssh_password_authentication in [ "true", "false" ] + quiet: true - name: assert | Test openssh_challenge_response_authentication ansible.builtin.assert: that: - openssh_challenge_response_authentication is defined - openssh_challenge_response_authentication is string - - openssh_challenge_response_authentication in [ "yes", "no" ] - quiet: yes + - openssh_challenge_response_authentication in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gssapi_authentication ansible.builtin.assert: that: - openssh_gssapi_authentication is defined - openssh_gssapi_authentication is string - - openssh_gssapi_authentication in [ "yes", "no" ] - quiet: yes + - openssh_gssapi_authentication in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gssapi_cleanup_credentials ansible.builtin.assert: that: - openssh_gssapi_cleanup_credentials is defined - openssh_gssapi_cleanup_credentials is string - - openssh_gssapi_cleanup_credentials in [ "yes", "no" ] - quiet: yes + - openssh_gssapi_cleanup_credentials in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gssapi_strict_acceptor_check ansible.builtin.assert: that: - openssh_gssapi_strict_acceptor_check is defined - openssh_gssapi_strict_acceptor_check is string - - openssh_gssapi_strict_acceptor_check in [ "yes", "no" ] - quiet: yes + - openssh_gssapi_strict_acceptor_check in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gssapi_key_exchange ansible.builtin.assert: that: - openssh_gssapi_key_exchange is defined - openssh_gssapi_key_exchange is string - - openssh_gssapi_key_exchange in [ "yes", "no" ] - quiet: yes + - openssh_gssapi_key_exchange in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gssaip_enable_k5_users ansible.builtin.assert: that: - openssh_gssaip_enable_k5_users is defined - openssh_gssaip_enable_k5_users is string - - openssh_gssaip_enable_k5_users in [ "yes", "no" ] - quiet: yes + - openssh_gssaip_enable_k5_users in [ "true", "false" ] + quiet: true - name: assert | Test openssh_use_pam ansible.builtin.assert: that: - openssh_use_pam is defined - openssh_use_pam is string - - openssh_use_pam in [ "yes", "no" ] - quiet: yes + - openssh_use_pam in [ "true", "false" ] + quiet: true - name: assert | Test openssh_allow_agent_forwarding ansible.builtin.assert: that: - openssh_allow_agent_forwarding is defined - openssh_allow_agent_forwarding is string - - openssh_allow_agent_forwarding in [ "yes", "no" ] - quiet: yes + - openssh_allow_agent_forwarding in [ "true", "false" ] + quiet: true - name: assert | Test openssh_allow_tcp_forwarding ansible.builtin.assert: that: - openssh_allow_tcp_forwarding is defined - openssh_allow_tcp_forwarding is string - - openssh_allow_tcp_forwarding in [ "yes", "no" ] - quiet: yes + - openssh_allow_tcp_forwarding in [ "true", "false" ] + quiet: true - name: assert | Test openssh_gateway_ports ansible.builtin.assert: that: - openssh_gateway_ports is defined - openssh_gateway_ports is string - - openssh_gateway_ports in [ "yes", "no" ] - quiet: yes + - openssh_gateway_ports in [ "true", "false" ] + quiet: true - name: assert | Test openssh_x11_forwarding ansible.builtin.assert: that: - openssh_x11_forwarding is defined - openssh_x11_forwarding is string - - openssh_x11_forwarding in [ "yes", "no" ] - quiet: yes + - openssh_x11_forwarding in [ "true", "false" ] + quiet: true - name: assert | Test openssh_x11_display_offset ansible.builtin.assert: @@ -269,63 +269,63 @@ - openssh_x11_display_offset is defined - openssh_x11_display_offset is number - openssh_x11_display_offset > 0 - quiet: yes + quiet: true - name: assert | Test openssh_x11_use_localhost ansible.builtin.assert: that: - openssh_x11_use_localhost is defined - openssh_x11_use_localhost is string - - openssh_x11_use_localhost in [ "yes", "no" ] - quiet: yes + - openssh_x11_use_localhost in [ "true", "false" ] + quiet: true - name: assert | Test openssh_permit_tty ansible.builtin.assert: that: - openssh_permit_tty is defined - openssh_permit_tty is string - - openssh_permit_tty in [ "yes", "no" ] - quiet: yes + - openssh_permit_tty in [ "true", "false" ] + quiet: true - name: assert | Test openssh_print_motd ansible.builtin.assert: that: - openssh_print_motd is defined - openssh_print_motd is string - - openssh_print_motd in [ "yes", "no" ] - quiet: yes + - openssh_print_motd in [ "true", "false" ] + quiet: true - name: assert | Test openssh_print_last_log ansible.builtin.assert: that: - openssh_print_last_log is defined - openssh_print_last_log is string - - openssh_print_last_log in [ "yes", "no" ] - quiet: yes + - openssh_print_last_log in [ "true", "false" ] + quiet: true - name: assert | Test openssh_tcp_keep_alive ansible.builtin.assert: that: - openssh_tcp_keep_alive is defined - openssh_tcp_keep_alive is string - - openssh_tcp_keep_alive in [ "yes", "no" ] - quiet: yes + - openssh_tcp_keep_alive in [ "true", "false" ] + quiet: true - name: assert | Test openssh_permit_user_environment ansible.builtin.assert: that: - openssh_permit_user_environment is defined - openssh_permit_user_environment is string - - openssh_permit_user_environment in [ "yes", "no" ] - quiet: yes + - openssh_permit_user_environment in [ "true", "false" ] + quiet: true - name: assert | Test openssh_compression ansible.builtin.assert: that: - openssh_compression is defined - openssh_compression is string - - openssh_compression in [ "yes", "no", "delayed" ] - quiet: yes + - openssh_compression in [ "true", "false", "delayed" ] + quiet: true - name: assert | Test openssh_client_alive_interval ansible.builtin.assert: @@ -333,7 +333,7 @@ - openssh_client_alive_interval is defined - openssh_client_alive_interval is number - openssh_client_alive_interval >= 0 - quiet: yes + quiet: true - name: assert | Test openssh_client_alive_count_max ansible.builtin.assert: @@ -341,23 +341,23 @@ - openssh_client_alive_count_max is defined - openssh_client_alive_count_max is number - openssh_client_alive_count_max >= 0 - quiet: yes + quiet: true - name: assert | Test openssh_show_patch_level ansible.builtin.assert: that: - openssh_show_patch_level is defined - openssh_show_patch_level is string - - openssh_show_patch_level in [ "yes", "no" ] - quiet: yes + - openssh_show_patch_level in [ "true", "false" ] + quiet: true - name: assert | Test openssh_use_dns ansible.builtin.assert: that: - openssh_use_dns is defined - openssh_use_dns is string - - openssh_use_dns in [ "yes", "no" ] - quiet: yes + - openssh_use_dns in [ "true", "false" ] + quiet: true - name: assert | Test openssh_pid_file ansible.builtin.assert: @@ -365,7 +365,7 @@ - openssh_pid_file is defined - openssh_pid_file is string - openssh_pid_file is not none - quiet: yes + quiet: true - name: assert | Test openssh_max_startups ansible.builtin.assert: @@ -373,15 +373,15 @@ - openssh_max_startups is defined - openssh_max_startups is string - openssh_max_startups is not none - quiet: yes + quiet: true - name: assert | Test openssh_permit_tunnel ansible.builtin.assert: that: - openssh_permit_tunnel is defined - openssh_permit_tunnel is string - - openssh_permit_tunnel in [ "yes", "no" ] - quiet: yes + - openssh_permit_tunnel in [ "true", "false" ] + quiet: true - name: assert | Test openssh_chroot_directory ansible.builtin.assert: @@ -389,7 +389,7 @@ - openssh_chroot_directory is defined - openssh_chroot_directory is string - openssh_chroot_directory is not none - quiet: yes + quiet: true - name: assert | Test openssh_version_addendum ansible.builtin.assert: @@ -397,7 +397,7 @@ - openssh_version_addendum is defined - openssh_version_addendum is string - openssh_version_addendum is not none - quiet: yes + quiet: true - name: assert | Test openssh_banner ansible.builtin.assert: @@ -405,14 +405,14 @@ - openssh_banner is defined - openssh_banner is string - openssh_banner is not none - quiet: yes + quiet: true - name: assert | Test openssh_accept_envs ansible.builtin.assert: that: - openssh_accept_envs is defined - openssh_accept_envs is iterable - quiet: yes + quiet: true - name: assert | Test openssh_subsystem ansible.builtin.assert: @@ -420,7 +420,7 @@ - openssh_subsystem is defined - openssh_subsystem is string - openssh_subsystem is not none - quiet: yes + quiet: true - name: assert | Test openssh_trusted_user_ca_keys ansible.builtin.assert: @@ -428,13 +428,13 @@ - openssh_trusted_user_ca_keys is defined - openssh_trusted_user_ca_keys is string - openssh_trusted_user_ca_keys is not none - quiet: yes + quiet: true - name: assert | Test openssh_allow_users ansible.builtin.assert: that: - openssh_allow_users is iterable - quiet: yes + quiet: true when: - openssh_allow_users is defined @@ -442,6 +442,6 @@ ansible.builtin.assert: that: - openssh_allow_groups is iterable - quiet: yes + quiet: true when: - openssh_allow_groups is defined diff --git a/tasks/main.yml b/tasks/main.yml index a204f4f..484bffe 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,7 +4,7 @@ - name: Import assert.yml ansible.builtin.import_tasks: file: assert.yml - run_once: yes + run_once: true delegate_to: localhost - name: Install openssh @@ -51,7 +51,7 @@ ansible.builtin.service: name: "{{ openssh_service }}" state: started - enabled: yes + enabled: true - name: Flush handlers ansible.builtin.meta: flush_handlers From a8e34ff8104acaa20c01f557f6c778b3ddb66ed4 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Tue, 26 Mar 2024 21:48:57 +0300 Subject: [PATCH 10/24] Ansible Generated Update. --- .github/workflows/molecule.yml | 44 +++++++++++++---------- README.md | 64 +++++++++++++++++----------------- requirements.txt | 4 +-- 3 files changed, 59 insertions(+), 53 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index a27bc64..f6acfdb 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -46,35 +46,39 @@ jobs: fail-fast: false matrix: config: - - image: "alpine-openrc" - tag: "latest" - - image: "amazonlinux" - tag: "latest" + - image: "docker-molecule-images" + tag: "alpine-openrc" + - image: "docker-molecule-images" + tag: "amazonlinux2023" - image: "enterpriselinux" tag: "8" - image: "enterpriselinux" tag: "latest" - - image: "debian-systemd" - tag: "latest" - - image: "debian-systemd" + - image: "docker-molecule-images" + tag: "buster" + - image: "docker-molecule-images" tag: "bullseye" - - image: "fedora-systemd" + - image: "docker-molecule-images" + tag: "37" + - image: "docker-molecule-images" tag: "38" - - image: "fedora-systemd" - tag: "latest" - - image: "fedora-systemd" + - image: "docker-molecule-images" + tag: "39" + - image: "docker-molecule-images" + tag: "40" + - image: "docker-molecule-images" tag: "rawhide" - - image: "docker-opensuse-systemd" - tag: "latest" - - image: "docker-ubuntu-systemd" - tag: "latest" - - image: "docker-ubuntu-systemd" + - image: "docker-molecule-images" + tag: "opensuse" + - image: "docker-molecule-images" tag: "focal" - - image: "docker-ubuntu-systemd" + - image: "docker-molecule-images" tag: "bionic" - - image: "docker-ubuntu-systemd" + - image: "docker-molecule-images" + tag: "jammy" + - image: "docker-molecule-images" tag: "lunar" - - image: "docker-ubuntu-systemd" + - image: "docker-molecule-images" tag: "noble" steps: - name: Checkout Role @@ -86,6 +90,8 @@ jobs: with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} + - name: Running Role Test + run: ansible-galaxy role import --api-key ${{ secrets.galaxy_api_key }} buluma ${{ github.event.repository.name }} dependabot: needs: diff --git a/README.md b/README.md index 15b0195..9c8c1e5 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ This example is taken from [`molecule/default/converge.yml`](https://github.com/ --- - name: Converge hosts: all - become: yes - gather_facts: yes + become: true + gather_facts: true roles: - role: buluma.openssh @@ -31,8 +31,8 @@ The machine needs to be prepared. In CI this is done using [`molecule/default/pr --- - name: Prepare hosts: all - become: yes - gather_facts: no + become: true + gather_facts: false roles: - role: buluma.bootstrap @@ -70,12 +70,12 @@ openssh_syslog_facility: AUTH openssh_loglevel: INFO openssh_login_grace_time: 2m -openssh_permit_root_login: "yes" -openssh_strict_modes: "yes" +openssh_permit_root_login: "true" +openssh_strict_modes: "true" openssh_max_auth_tries: 6 openssh_max_sessions: 10 -openssh_pub_key_authentication: "yes" +openssh_pub_key_authentication: "true" openssh_authorized_key_file: ".ssh/authorized_keys" @@ -83,44 +83,44 @@ openssh_authorized_prinicpals_file: none openssh_authorized_keys_command: none openssh_authorized_keys_command_user: nobody -openssh_host_based_authentication: "no" -openssh_ignore_user_known_hosts: "no" -openssh_ignore_rhosts: "yes" +openssh_host_based_authentication: "false" +openssh_ignore_user_known_hosts: "false" +openssh_ignore_rhosts: "true" -openssh_permit_empty_passwords: "no" -openssh_password_authentication: "yes" +openssh_permit_empty_passwords: "false" +openssh_password_authentication: "true" -openssh_challenge_response_authentication: "no" +openssh_challenge_response_authentication: "false" -openssh_gssapi_authentication: "yes" -openssh_gssapi_cleanup_credentials: "no" -openssh_gssapi_strict_acceptor_check: "yes" -openssh_gssapi_key_exchange: "no" -openssh_gssaip_enable_k5_users: "no" +openssh_gssapi_authentication: "true" +openssh_gssapi_cleanup_credentials: "false" +openssh_gssapi_strict_acceptor_check: "true" +openssh_gssapi_key_exchange: "false" +openssh_gssaip_enable_k5_users: "false" -openssh_use_pam: "yes" +openssh_use_pam: "true" -openssh_allow_agent_forwarding: "yes" -openssh_allow_tcp_forwarding: "yes" -openssh_gateway_ports: "no" -openssh_x11_forwarding: "yes" +openssh_allow_agent_forwarding: "true" +openssh_allow_tcp_forwarding: "true" +openssh_gateway_ports: "false" +openssh_x11_forwarding: "true" openssh_x11_display_offset: 10 -openssh_x11_use_localhost: "yes" -openssh_permit_tty: "yes" +openssh_x11_use_localhost: "true" +openssh_permit_tty: "true" -openssh_print_motd: "no" +openssh_print_motd: "false" -openssh_print_last_log: "yes" -openssh_tcp_keep_alive: "yes" -openssh_permit_user_environment: "no" +openssh_print_last_log: "true" +openssh_tcp_keep_alive: "true" +openssh_permit_user_environment: "false" openssh_compression: delayed openssh_client_alive_interval: 30 openssh_client_alive_count_max: 3 -openssh_show_patch_level: "no" -openssh_use_dns: "no" +openssh_show_patch_level: "false" +openssh_use_dns: "false" openssh_pid_file: /var/run/sshd.pid openssh_max_startups: "10:30:100" -openssh_permit_tunnel: "no" +openssh_permit_tunnel: "false" openssh_chroot_directory: none openssh_version_addendum: none diff --git a/requirements.txt b/requirements.txt index 666d866..ed09075 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ ansible-compat == 4.* -molecule == 6.* +molecule == 24.* molecule-plugins[docker] == 23.* -ansible-lint == 6.* +ansible-lint == 24.* paramiko == 3.* # Pinning requests version due to [bug](https://github.com/docker/docker-py/issues/3113) # requests == 2.28.1 From 41e07b79b142ef4f13d32d9aeddb7110894a3f74 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Wed, 27 Mar 2024 11:00:09 +0300 Subject: [PATCH 11/24] precommit config --- defaults/main.yml | 56 ++++++++++++++++++++++----------------------- tasks/assert.yml | 58 +++++++++++++++++++++++------------------------ 2 files changed, 57 insertions(+), 57 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index af9615a..4d16b04 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -22,12 +22,12 @@ openssh_syslog_facility: AUTH openssh_loglevel: INFO openssh_login_grace_time: 2m -openssh_permit_root_login: "true" -openssh_strict_modes: "true" +openssh_permit_root_login: "yes" +openssh_strict_modes: "yes" openssh_max_auth_tries: 6 openssh_max_sessions: 10 -openssh_pub_key_authentication: "true" +openssh_pub_key_authentication: "yes" openssh_authorized_key_file: ".ssh/authorized_keys" @@ -35,44 +35,44 @@ openssh_authorized_prinicpals_file: none openssh_authorized_keys_command: none openssh_authorized_keys_command_user: nobody -openssh_host_based_authentication: "false" -openssh_ignore_user_known_hosts: "false" -openssh_ignore_rhosts: "true" +openssh_host_based_authentication: "no" +openssh_ignore_user_known_hosts: "no" +openssh_ignore_rhosts: "yes" -openssh_permit_empty_passwords: "false" -openssh_password_authentication: "true" +openssh_permit_empty_passwords: "no" +openssh_password_authentication: "yes" -openssh_challenge_response_authentication: "false" +openssh_challenge_response_authentication: "no" -openssh_gssapi_authentication: "true" -openssh_gssapi_cleanup_credentials: "false" -openssh_gssapi_strict_acceptor_check: "true" -openssh_gssapi_key_exchange: "false" -openssh_gssaip_enable_k5_users: "false" +openssh_gssapi_authentication: "yes" +openssh_gssapi_cleanup_credentials: "no" +openssh_gssapi_strict_acceptor_check: "yes" +openssh_gssapi_key_exchange: "no" +openssh_gssaip_enable_k5_users: "no" -openssh_use_pam: "true" +openssh_use_pam: "yes" -openssh_allow_agent_forwarding: "true" -openssh_allow_tcp_forwarding: "true" -openssh_gateway_ports: "false" -openssh_x11_forwarding: "true" +openssh_allow_agent_forwarding: "yes" +openssh_allow_tcp_forwarding: "yes" +openssh_gateway_ports: "no" +openssh_x11_forwarding: "yes" openssh_x11_display_offset: 10 -openssh_x11_use_localhost: "true" -openssh_permit_tty: "true" +openssh_x11_use_localhost: "yes" +openssh_permit_tty: "yes" -openssh_print_motd: "false" +openssh_print_motd: "no" -openssh_print_last_log: "true" -openssh_tcp_keep_alive: "true" -openssh_permit_user_environment: "false" +openssh_print_last_log: "yes" +openssh_tcp_keep_alive: "yes" +openssh_permit_user_environment: "no" openssh_compression: delayed openssh_client_alive_interval: 30 openssh_client_alive_count_max: 3 -openssh_show_patch_level: "false" -openssh_use_dns: "false" +openssh_show_patch_level: "no" +openssh_use_dns: "no" openssh_pid_file: /var/run/sshd.pid openssh_max_startups: "10:30:100" -openssh_permit_tunnel: "false" +openssh_permit_tunnel: "no" openssh_chroot_directory: none openssh_version_addendum: none diff --git a/tasks/assert.yml b/tasks/assert.yml index ea40987..fab7364 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -68,7 +68,7 @@ that: - openssh_permit_root_login is defined - openssh_permit_root_login is string - - openssh_permit_root_login in [ "true", "false", "without-password", "prohibit-password", "forced-commands-only" ] + - openssh_permit_root_login in [ "yes", "no", "without-password", "prohibit-password", "forced-commands-only" ] quiet: true - name: assert | Test openssh_strict_modes @@ -76,7 +76,7 @@ that: - openssh_strict_modes is defined - openssh_strict_modes is string - - openssh_strict_modes in [ "true", "false" ] + - openssh_strict_modes in [ "yes", "no" ] quiet: true - name: assert | Test openssh_max_auth_tries @@ -100,7 +100,7 @@ that: - openssh_pub_key_authentication is defined - openssh_pub_key_authentication is string - - openssh_pub_key_authentication in [ "true", "false" ] + - openssh_pub_key_authentication in [ "yes", "no" ] quiet: true - name: assert | Test openssh_authorized_key_file @@ -140,7 +140,7 @@ that: - openssh_host_based_authentication is defined - openssh_host_based_authentication is string - - openssh_host_based_authentication in [ "true", "false" ] + - openssh_host_based_authentication in [ "yes", "no" ] quiet: true - name: assert | Test openssh_ignore_user_known_hosts @@ -148,7 +148,7 @@ that: - openssh_ignore_user_known_hosts is defined - openssh_ignore_user_known_hosts is string - - openssh_ignore_user_known_hosts in [ "true", "false" ] + - openssh_ignore_user_known_hosts in [ "yes", "no" ] quiet: true - name: assert | Test openssh_ignore_rhosts @@ -156,7 +156,7 @@ that: - openssh_ignore_rhosts is defined - openssh_ignore_rhosts is string - - openssh_ignore_rhosts in [ "true", "false" ] + - openssh_ignore_rhosts in [ "yes", "no" ] quiet: true - name: assert | Test openssh_permit_empty_passwords @@ -164,7 +164,7 @@ that: - openssh_permit_empty_passwords is defined - openssh_permit_empty_passwords is string - - openssh_permit_empty_passwords in [ "true", "false" ] + - openssh_permit_empty_passwords in [ "yes", "no" ] quiet: true - name: assert | Test openssh_password_authentication @@ -172,7 +172,7 @@ that: - openssh_password_authentication is defined - openssh_password_authentication is string - - openssh_password_authentication in [ "true", "false" ] + - openssh_password_authentication in [ "yes", "no" ] quiet: true - name: assert | Test openssh_challenge_response_authentication @@ -180,7 +180,7 @@ that: - openssh_challenge_response_authentication is defined - openssh_challenge_response_authentication is string - - openssh_challenge_response_authentication in [ "true", "false" ] + - openssh_challenge_response_authentication in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gssapi_authentication @@ -188,7 +188,7 @@ that: - openssh_gssapi_authentication is defined - openssh_gssapi_authentication is string - - openssh_gssapi_authentication in [ "true", "false" ] + - openssh_gssapi_authentication in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gssapi_cleanup_credentials @@ -196,7 +196,7 @@ that: - openssh_gssapi_cleanup_credentials is defined - openssh_gssapi_cleanup_credentials is string - - openssh_gssapi_cleanup_credentials in [ "true", "false" ] + - openssh_gssapi_cleanup_credentials in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gssapi_strict_acceptor_check @@ -204,7 +204,7 @@ that: - openssh_gssapi_strict_acceptor_check is defined - openssh_gssapi_strict_acceptor_check is string - - openssh_gssapi_strict_acceptor_check in [ "true", "false" ] + - openssh_gssapi_strict_acceptor_check in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gssapi_key_exchange @@ -212,7 +212,7 @@ that: - openssh_gssapi_key_exchange is defined - openssh_gssapi_key_exchange is string - - openssh_gssapi_key_exchange in [ "true", "false" ] + - openssh_gssapi_key_exchange in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gssaip_enable_k5_users @@ -220,7 +220,7 @@ that: - openssh_gssaip_enable_k5_users is defined - openssh_gssaip_enable_k5_users is string - - openssh_gssaip_enable_k5_users in [ "true", "false" ] + - openssh_gssaip_enable_k5_users in [ "yes", "no" ] quiet: true - name: assert | Test openssh_use_pam @@ -228,7 +228,7 @@ that: - openssh_use_pam is defined - openssh_use_pam is string - - openssh_use_pam in [ "true", "false" ] + - openssh_use_pam in [ "yes", "no" ] quiet: true - name: assert | Test openssh_allow_agent_forwarding @@ -236,7 +236,7 @@ that: - openssh_allow_agent_forwarding is defined - openssh_allow_agent_forwarding is string - - openssh_allow_agent_forwarding in [ "true", "false" ] + - openssh_allow_agent_forwarding in [ "yes", "no" ] quiet: true - name: assert | Test openssh_allow_tcp_forwarding @@ -244,7 +244,7 @@ that: - openssh_allow_tcp_forwarding is defined - openssh_allow_tcp_forwarding is string - - openssh_allow_tcp_forwarding in [ "true", "false" ] + - openssh_allow_tcp_forwarding in [ "yes", "no" ] quiet: true - name: assert | Test openssh_gateway_ports @@ -252,7 +252,7 @@ that: - openssh_gateway_ports is defined - openssh_gateway_ports is string - - openssh_gateway_ports in [ "true", "false" ] + - openssh_gateway_ports in [ "yes", "no" ] quiet: true - name: assert | Test openssh_x11_forwarding @@ -260,7 +260,7 @@ that: - openssh_x11_forwarding is defined - openssh_x11_forwarding is string - - openssh_x11_forwarding in [ "true", "false" ] + - openssh_x11_forwarding in [ "yes", "no" ] quiet: true - name: assert | Test openssh_x11_display_offset @@ -276,7 +276,7 @@ that: - openssh_x11_use_localhost is defined - openssh_x11_use_localhost is string - - openssh_x11_use_localhost in [ "true", "false" ] + - openssh_x11_use_localhost in [ "yes", "no" ] quiet: true - name: assert | Test openssh_permit_tty @@ -284,7 +284,7 @@ that: - openssh_permit_tty is defined - openssh_permit_tty is string - - openssh_permit_tty in [ "true", "false" ] + - openssh_permit_tty in [ "yes", "no" ] quiet: true - name: assert | Test openssh_print_motd @@ -292,7 +292,7 @@ that: - openssh_print_motd is defined - openssh_print_motd is string - - openssh_print_motd in [ "true", "false" ] + - openssh_print_motd in [ "yes", "no" ] quiet: true - name: assert | Test openssh_print_last_log @@ -300,7 +300,7 @@ that: - openssh_print_last_log is defined - openssh_print_last_log is string - - openssh_print_last_log in [ "true", "false" ] + - openssh_print_last_log in [ "yes", "no" ] quiet: true - name: assert | Test openssh_tcp_keep_alive @@ -308,7 +308,7 @@ that: - openssh_tcp_keep_alive is defined - openssh_tcp_keep_alive is string - - openssh_tcp_keep_alive in [ "true", "false" ] + - openssh_tcp_keep_alive in [ "yes", "no" ] quiet: true - name: assert | Test openssh_permit_user_environment @@ -316,7 +316,7 @@ that: - openssh_permit_user_environment is defined - openssh_permit_user_environment is string - - openssh_permit_user_environment in [ "true", "false" ] + - openssh_permit_user_environment in [ "yes", "no" ] quiet: true - name: assert | Test openssh_compression @@ -324,7 +324,7 @@ that: - openssh_compression is defined - openssh_compression is string - - openssh_compression in [ "true", "false", "delayed" ] + - openssh_compression in [ "yes", "no", "delayed" ] quiet: true - name: assert | Test openssh_client_alive_interval @@ -348,7 +348,7 @@ that: - openssh_show_patch_level is defined - openssh_show_patch_level is string - - openssh_show_patch_level in [ "true", "false" ] + - openssh_show_patch_level in [ "yes", "no" ] quiet: true - name: assert | Test openssh_use_dns @@ -356,7 +356,7 @@ that: - openssh_use_dns is defined - openssh_use_dns is string - - openssh_use_dns in [ "true", "false" ] + - openssh_use_dns in [ "yes", "no" ] quiet: true - name: assert | Test openssh_pid_file @@ -380,7 +380,7 @@ that: - openssh_permit_tunnel is defined - openssh_permit_tunnel is string - - openssh_permit_tunnel in [ "true", "false" ] + - openssh_permit_tunnel in [ "yes", "no" ] quiet: true - name: assert | Test openssh_chroot_directory From fddcb6648a54ebea66b84658ab6d7f3d51d7d430 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Thu, 28 Mar 2024 06:33:00 +0300 Subject: [PATCH 12/24] Use New Container --- .github/workflows/molecule.yml | 6 +--- README.md | 58 +++++++++++++++++----------------- meta/main.yml | 4 ++- 3 files changed, 33 insertions(+), 35 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index f6acfdb..f8f20bb 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -72,14 +72,10 @@ jobs: tag: "opensuse" - image: "docker-molecule-images" tag: "focal" - - image: "docker-molecule-images" - tag: "bionic" - image: "docker-molecule-images" tag: "jammy" - image: "docker-molecule-images" - tag: "lunar" - - image: "docker-molecule-images" - tag: "noble" + tag: "bionic" steps: - name: Checkout Role uses: actions/checkout@v4 diff --git a/README.md b/README.md index 9c8c1e5..0271cbd 100644 --- a/README.md +++ b/README.md @@ -70,12 +70,12 @@ openssh_syslog_facility: AUTH openssh_loglevel: INFO openssh_login_grace_time: 2m -openssh_permit_root_login: "true" -openssh_strict_modes: "true" +openssh_permit_root_login: "yes" +openssh_strict_modes: "yes" openssh_max_auth_tries: 6 openssh_max_sessions: 10 -openssh_pub_key_authentication: "true" +openssh_pub_key_authentication: "yes" openssh_authorized_key_file: ".ssh/authorized_keys" @@ -83,44 +83,44 @@ openssh_authorized_prinicpals_file: none openssh_authorized_keys_command: none openssh_authorized_keys_command_user: nobody -openssh_host_based_authentication: "false" -openssh_ignore_user_known_hosts: "false" -openssh_ignore_rhosts: "true" +openssh_host_based_authentication: "no" +openssh_ignore_user_known_hosts: "no" +openssh_ignore_rhosts: "yes" -openssh_permit_empty_passwords: "false" -openssh_password_authentication: "true" +openssh_permit_empty_passwords: "no" +openssh_password_authentication: "yes" -openssh_challenge_response_authentication: "false" +openssh_challenge_response_authentication: "no" -openssh_gssapi_authentication: "true" -openssh_gssapi_cleanup_credentials: "false" -openssh_gssapi_strict_acceptor_check: "true" -openssh_gssapi_key_exchange: "false" -openssh_gssaip_enable_k5_users: "false" +openssh_gssapi_authentication: "yes" +openssh_gssapi_cleanup_credentials: "no" +openssh_gssapi_strict_acceptor_check: "yes" +openssh_gssapi_key_exchange: "no" +openssh_gssaip_enable_k5_users: "no" -openssh_use_pam: "true" +openssh_use_pam: "yes" -openssh_allow_agent_forwarding: "true" -openssh_allow_tcp_forwarding: "true" -openssh_gateway_ports: "false" -openssh_x11_forwarding: "true" +openssh_allow_agent_forwarding: "yes" +openssh_allow_tcp_forwarding: "yes" +openssh_gateway_ports: "no" +openssh_x11_forwarding: "yes" openssh_x11_display_offset: 10 -openssh_x11_use_localhost: "true" -openssh_permit_tty: "true" +openssh_x11_use_localhost: "yes" +openssh_permit_tty: "yes" -openssh_print_motd: "false" +openssh_print_motd: "no" -openssh_print_last_log: "true" -openssh_tcp_keep_alive: "true" -openssh_permit_user_environment: "false" +openssh_print_last_log: "yes" +openssh_tcp_keep_alive: "yes" +openssh_permit_user_environment: "no" openssh_compression: delayed openssh_client_alive_interval: 30 openssh_client_alive_count_max: 3 -openssh_show_patch_level: "false" -openssh_use_dns: "false" +openssh_show_patch_level: "no" +openssh_use_dns: "no" openssh_pid_file: /var/run/sshd.pid openssh_max_startups: "10:30:100" -openssh_permit_tunnel: "false" +openssh_permit_tunnel: "no" openssh_chroot_directory: none openssh_version_addendum: none @@ -192,7 +192,7 @@ This role has been tested on these [container images](https://hub.docker.com/u/b |[Debian](https://hub.docker.com/r/buluma/debian)|all| |[Fedora](https://hub.docker.com/r/buluma/fedora)|all| |[opensuse](https://hub.docker.com/r/buluma/opensuse)|all| -|[Ubuntu](https://hub.docker.com/r/buluma/ubuntu)|all| +|[Ubuntu](https://hub.docker.com/r/buluma/ubuntu)|focal, jammy, bionic| The minimum version of Ansible required is 2.12, tests have been done to: diff --git a/meta/main.yml b/meta/main.yml index 5326cc6..f6a9fef 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -29,7 +29,9 @@ galaxy_info: - all - name: Ubuntu versions: - - all + - focal + - jammy + - bionic galaxy_tags: - openssh From 7250caf20100560cec599c9eca18f1717316d632 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Fri, 29 Mar 2024 08:27:54 +0300 Subject: [PATCH 13/24] Ansible Generated Update. --- .github/workflows/molecule.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index f8f20bb..385e7ae 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -46,10 +46,10 @@ jobs: fail-fast: false matrix: config: - - image: "docker-molecule-images" - tag: "alpine-openrc" - - image: "docker-molecule-images" - tag: "amazonlinux2023" + - image: "alpine" + tag: "all" + - image: "amazonlinux" + tag: "latest" - image: "enterpriselinux" tag: "8" - image: "enterpriselinux" From b0b93663e59111f35a0447eb49594ee4464ad480 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Fri, 29 Mar 2024 20:22:27 +0300 Subject: [PATCH 14/24] Ansible Generated Update. --- .github/workflows/molecule.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 385e7ae..bc1b2cc 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -46,8 +46,8 @@ jobs: fail-fast: false matrix: config: - - image: "alpine" - tag: "all" + - image: "alpine-openrc" + tag: "latest" - image: "amazonlinux" tag: "latest" - image: "enterpriselinux" From e190205c264283a2b92b02041e6fe458bcee0a65 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 19 May 2024 05:03:53 +0300 Subject: [PATCH 15/24] Ansible Generated Update. --- .github/workflows/molecule.yml | 12 ++++-------- .github/workflows/release_drafter.yml | 2 +- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index bc1b2cc..488fea4 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -46,10 +46,10 @@ jobs: fail-fast: false matrix: config: - - image: "alpine-openrc" - tag: "latest" - - image: "amazonlinux" - tag: "latest" + - image: "docker-molecule-images" + tag: "alpine-openrc" + - image: "docker-molecule-images" + tag: "amazonlinux2023" - image: "enterpriselinux" tag: "8" - image: "enterpriselinux" @@ -58,10 +58,6 @@ jobs: tag: "buster" - image: "docker-molecule-images" tag: "bullseye" - - image: "docker-molecule-images" - tag: "37" - - image: "docker-molecule-images" - tag: "38" - image: "docker-molecule-images" tag: "39" - image: "docker-molecule-images" diff --git a/.github/workflows/release_drafter.yml b/.github/workflows/release_drafter.yml index 875566b..3c3db61 100644 --- a/.github/workflows/release_drafter.yml +++ b/.github/workflows/release_drafter.yml @@ -41,7 +41,7 @@ jobs: steps: # Drafts your next Release notes as Pull Requests are merged into "master" - - uses: release-drafter/release-drafter@v6 + - uses: release-drafter/release-drafter@master # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml with: config-name: release-drafter.yml From 0eabc777f4edb5da34322d365894dd41e53298d3 Mon Sep 17 00:00:00 2001 From: "Shadow Walker [GH bot]" Date: Sun, 19 May 2024 03:20:11 +0000 Subject: [PATCH 16/24] Updated CHANGELOG.md on "2024-05-19 03:20:11" --- CHANGELOG.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2eb7b0..ece7e95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## [24.3.31](https://github.com/buluma/ansible-role-openssh/tree/24.3.31) (2024-03-29) + +[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/2.1.0...24.3.31) + ## [2.1.0](https://github.com/buluma/ansible-role-openssh/tree/2.1.0) (2024-01-22) [Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/2.0.0...2.1.0) @@ -10,20 +14,20 @@ ## [2.0.0](https://github.com/buluma/ansible-role-openssh/tree/2.0.0) (2023-12-25) -[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.10...2.0.0) +[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.11...2.0.0) **Closed issues:** - Update buluma/todo-to-issue-action@v1.0.1 @buluma [\#16](https://github.com/buluma/ansible-role-openssh/issues/16) - Update action [\#15](https://github.com/buluma/ansible-role-openssh/issues/15) -## [1.0.10](https://github.com/buluma/ansible-role-openssh/tree/1.0.10) (2023-11-21) +## [1.0.11](https://github.com/buluma/ansible-role-openssh/tree/1.0.11) (2023-11-21) -[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.11...1.0.10) +[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.10...1.0.11) -## [1.0.11](https://github.com/buluma/ansible-role-openssh/tree/1.0.11) (2023-11-21) +## [1.0.10](https://github.com/buluma/ansible-role-openssh/tree/1.0.10) (2023-11-21) -[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.9...1.0.11) +[Full Changelog](https://github.com/buluma/ansible-role-openssh/compare/1.0.9...1.0.10) ## [1.0.9](https://github.com/buluma/ansible-role-openssh/tree/1.0.9) (2023-11-21) From 41f462bfaed12a25b440748abf70e8b16e559a37 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sat, 25 May 2024 13:48:45 +0300 Subject: [PATCH 17/24] Tox is misbehaving. Default for now. --- tox.ini | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 tox.ini diff --git a/tox.ini b/tox.ini deleted file mode 100644 index 075c759..0000000 --- a/tox.ini +++ /dev/null @@ -1,30 +0,0 @@ -# -# Ansible managed -# -[tox] -minversion = 4.2.4 -# Ansible 7 is disabled, causing issues with Fedora: -# https://github.com/ansible/ansible/issues/81199#event-9773321055 -# envlist = py3-ansible{7,8,9} -envlist = py3-ansible{8,9} - -skipsdist = true - -[testenv] -deps = - -rrequirements.txt - ansible7: ansible == 7.* - ansible8: ansible == 8.* - ansible9: ansible == 9.* -commands = molecule test -setenv = - TOX_ENVNAME={envname} - PY_COLORS=1 - ANSIBLE_FORCE_COLOR=1 - ANSIBLE_ROLES_PATH=../ - -passenv = - namespace - image - tag - DOCKER_HOST From c7ce5bdf01eb66db9ef3ecb6cd3bb175738680d0 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 26 May 2024 11:55:02 +0300 Subject: [PATCH 18/24] Tox is misbehaving. Default for now. --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ed09075..d24d40e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +4,4 @@ molecule-plugins[docker] == 23.* ansible-lint == 24.* paramiko == 3.* # Pinning requests version due to [bug](https://github.com/docker/docker-py/issues/3113) -# requests == 2.28.1 +requests == 2.28.1 From fef43c85a1d5bcf59c53470b954bb146aec3624a Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Mon, 17 Jun 2024 15:05:40 +0300 Subject: [PATCH 19/24] Tox is misbehaving. Default for now. --- .github/workflows/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 488fea4..4cce9e6 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -78,7 +78,7 @@ jobs: with: path: "${{ github.repository }}" - name: Running Molecule Test - uses: buluma/molecule-action@v24.2.0 + uses: buluma/molecule-action@v24.6.17 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} From b386b1550dfc6898b190b453340bca558ad746bc Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Mon, 17 Jun 2024 20:45:14 +0300 Subject: [PATCH 20/24] Tox is misbehaving. Default for now. --- tox.ini | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 tox.ini diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..820c88a --- /dev/null +++ b/tox.ini @@ -0,0 +1,28 @@ +# +# Ansible managed +# +[tox] +minversion = 4.2.4 +envlist = py3-ansible{8,9} + +skipsdist = true + +[testenv] +deps = + -rrequirements.txt + ansible8: ansible == 8.* + ansible9: ansible == 9.* + ansible10: ansible == 10.* + +commands = molecule test +setenv = + TOX_ENVNAME={envname} + PY_COLORS=1 + ANSIBLE_FORCE_COLOR=1 + ANSIBLE_ROLES_PATH=../ + +passenv = + namespace + image + tag + DOCKER_HOST From 210e66ee40465d34fddd312a440e5a15bf4e0141 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Wed, 10 Jul 2024 18:55:13 +0300 Subject: [PATCH 21/24] Tox is misbehaving. Default for now. --- .ansible-lint | 3 --- .github/pull_request_template.md | 11 +++++++++++ .github/workflows/molecule.yml | 31 +++++++++++++++++++------------ requirements.txt | 4 ++-- 4 files changed, 32 insertions(+), 17 deletions(-) create mode 100644 .github/pull_request_template.md diff --git a/.ansible-lint b/.ansible-lint index fa67b68..f179ac0 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -13,8 +13,5 @@ exclude_paths: - .github - requirements.yml -skip_list: - - yaml[truthy] - enable_list: - name[prefix] diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 4cce9e6..c599e72 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -12,7 +12,6 @@ on: - main - testing - dependabot/** - # - renovate/** paths-ignore: - '**/README.md' - '**/CHANGELOG.md' @@ -21,8 +20,7 @@ on: pull_request: pull_request_target: schedule: - # - cron: '29 15 15 * *' - - cron: '29 15 * * *' + - cron: '29 15 15 * *' workflow_dispatch: @@ -32,6 +30,7 @@ concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true + jobs: lint: runs-on: ubuntu-20.04 @@ -41,7 +40,9 @@ jobs: - name: ansible-lint uses: ansible-community/ansible-lint-action@main test: - runs-on: ubuntu-22.04 + needs: + - lint + runs-on: ubuntu-20.04 strategy: fail-fast: false matrix: @@ -73,18 +74,24 @@ jobs: - image: "docker-molecule-images" tag: "bionic" steps: - - name: Checkout Role + - name: checkout uses: actions/checkout@v4 + + - name: Set up Python 3. + uses: actions/setup-python@v5 with: - path: "${{ github.repository }}" - - name: Running Molecule Test - uses: buluma/molecule-action@v24.6.17 - with: + python-version: '3.x' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: molecule + run: molecule converge + env: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} - - name: Running Role Test - run: ansible-galaxy role import --api-key ${{ secrets.galaxy_api_key }} buluma ${{ github.event.repository.name }} - dependabot: needs: - lint diff --git a/requirements.txt b/requirements.txt index d24d40e..5250f77 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ -ansible-compat == 4.* +ansible-compat == 24.* molecule == 24.* molecule-plugins[docker] == 23.* ansible-lint == 24.* paramiko == 3.* # Pinning requests version due to [bug](https://github.com/docker/docker-py/issues/3113) -requests == 2.28.1 +# requests == 2.28.1 From b2e087ed13ac11d07c425a51e5d6544a353632b6 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Fri, 12 Jul 2024 05:38:49 +0300 Subject: [PATCH 22/24] Tox is misbehaving. Default for now. --- .github/workflows/molecule.yml | 29 ++++++++++++----------------- requirements.txt | 2 +- 2 files changed, 13 insertions(+), 18 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index c599e72..89cf913 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -12,6 +12,7 @@ on: - main - testing - dependabot/** + # - renovate/** paths-ignore: - '**/README.md' - '**/CHANGELOG.md' @@ -20,7 +21,8 @@ on: pull_request: pull_request_target: schedule: - - cron: '29 15 15 * *' + # - cron: '29 15 15 * *' + - cron: '29 15 * * *' workflow_dispatch: @@ -30,7 +32,6 @@ concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true - jobs: lint: runs-on: ubuntu-20.04 @@ -42,7 +43,7 @@ jobs: test: needs: - lint - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: @@ -74,24 +75,18 @@ jobs: - image: "docker-molecule-images" tag: "bionic" steps: - - name: checkout + - name: Checkout Role uses: actions/checkout@v4 - - - name: Set up Python 3. - uses: actions/setup-python@v5 with: - python-version: '3.x' - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - - - name: molecule - run: molecule converge - env: + path: "${{ github.repository }}" + - name: Running Molecule Test + uses: buluma/molecule-action@v24.6.17 + with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} + - name: Running Role Test + run: ansible-galaxy role import --api-key ${{ secrets.galaxy_api_key }} buluma ${{ github.event.repository.name }} + dependabot: needs: - lint diff --git a/requirements.txt b/requirements.txt index 5250f77..a65a4f4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +4,4 @@ molecule-plugins[docker] == 23.* ansible-lint == 24.* paramiko == 3.* # Pinning requests version due to [bug](https://github.com/docker/docker-py/issues/3113) -# requests == 2.28.1 +requests == 2.28.1 From b8a593ed26b7865a6e413346a480b5ecde6d1315 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Fri, 19 Jul 2024 03:54:07 +0300 Subject: [PATCH 23/24] Tox is misbehaving. Default for now. --- .github/workflows/molecule.yml | 16 ++++++--------- .yamllint | 36 ++++++++++++++++++++++------------ 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 89cf913..ce34c11 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -12,7 +12,6 @@ on: - main - testing - dependabot/** - # - renovate/** paths-ignore: - '**/README.md' - '**/CHANGELOG.md' @@ -21,8 +20,7 @@ on: pull_request: pull_request_target: schedule: - # - cron: '29 15 15 * *' - - cron: '29 15 * * *' + - cron: '29 15 15/15 * *' workflow_dispatch: @@ -36,10 +34,10 @@ jobs: lint: runs-on: ubuntu-20.04 steps: - - name: checkout + - name: Checkout Role uses: actions/checkout@v4 - - name: ansible-lint - uses: ansible-community/ansible-lint-action@main + - name: Run Ansible-lint + uses: ansible/ansible-lint@v24.7.0 test: needs: - lint @@ -60,12 +58,12 @@ jobs: tag: "buster" - image: "docker-molecule-images" tag: "bullseye" + - image: "docker-molecule-images" + tag: "38" - image: "docker-molecule-images" tag: "39" - image: "docker-molecule-images" tag: "40" - - image: "docker-molecule-images" - tag: "rawhide" - image: "docker-molecule-images" tag: "opensuse" - image: "docker-molecule-images" @@ -84,8 +82,6 @@ jobs: with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} - - name: Running Role Test - run: ansible-galaxy role import --api-key ${{ secrets.galaxy_api_key }} buluma ${{ github.event.repository.name }} dependabot: needs: diff --git a/.yamllint b/.yamllint index 1460f2c..1d2600f 100644 --- a/.yamllint +++ b/.yamllint @@ -1,17 +1,27 @@ --- extends: default - +# https://ansible.readthedocs.io/projects/lint/rules/yaml/#octals rules: + comments: + # https://github.com/prettier/prettier/issues/6780 + min-spaces-from-content: 1 + # https://github.com/adrienverge/yamllint/issues/384 + comments-indentation: false + document-start: disable + # 160 chars was the default used by old E204 rule, but + # you can easily change it or disable in your .yamllint file. + line-length: + max: 310 + # We are adding an extra space inside braces as that's how prettier does it + # and we are trying not to fight other linters. braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - truthy: - check-keys: false - -ignore: | - .tox/ - .cache/ + min-spaces-inside: 0 # yamllint defaults to 0 + max-spaces-inside: 1 # yamllint defaults to 0 + # key-duplicates: + # forbid-duplicated-merge-keys: true # not enabled by default + octal-values: + forbid-implicit-octal: true # yamllint defaults to false + forbid-explicit-octal: true # yamllint defaults to false + # quoted-strings: + # quote-type: double + # required: only-when-needed From fc445cf033ef2ef828b617cea21763e11c1b3b31 Mon Sep 17 00:00:00 2001 From: Michael Buluma Date: Sun, 28 Jul 2024 10:31:01 +0300 Subject: [PATCH 24/24] Ansible Generated Update --- .github/workflows/molecule.yml | 7 +++++++ tox.ini | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index ce34c11..f9686f7 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -73,6 +73,13 @@ jobs: - image: "docker-molecule-images" tag: "bionic" steps: + + - name: Docker Login + uses: docker/login-action@v3.2.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Checkout Role uses: actions/checkout@v4 with: diff --git a/tox.ini b/tox.ini index 820c88a..e0e43b4 100644 --- a/tox.ini +++ b/tox.ini @@ -3,7 +3,7 @@ # [tox] minversion = 4.2.4 -envlist = py3-ansible{8,9} +envlist = py3-ansible{9} skipsdist = true