Skip to content

test ssh socket and variants #1003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 19, 2025
+50 −24
Merged

test ssh socket and variants #1003

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cc14a8b
test ssh socket and variants
konstruktoid Sep 16, 2025
73599a0
update directory tests
konstruktoid Sep 19, 2025
c055d62
Merge branch 'master' into sshsocket
konstruktoid Sep 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletions handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,29 +78,34 @@
when:
- ansible_facts.virtualization_type not in ["container", "docker", "podman"]

- name: Restart ssh service
- name: Restart ssh socket
become: true
ansible.builtin.service:
name: ssh
name: "{{ 'ssh.socket' if ansible_facts.os_family == 'Debian' else 'sshd.socket' }}"
state: restarted
register: ssh_service
failed_when:
- ssh_service is not success
- not 'Could not find the requested service' in ssh_service.msg
enabled: true
when:
- ansible_facts.virtualization_type not in ["container", "docker", "podman"]
- ansible_facts.distribution == "Ubuntu"

- name: Restart sshd service
- name: Restart ssh service
become: true
ansible.builtin.service:
name: sshd
name: "{{ 'ssh.service' if ansible_facts.os_family == 'Debian' else 'sshd.service' }}"
state: restarted
register: sshd_service
failed_when:
- sshd_service is not success
- not 'Could not find the requested service' in sshd_service.msg
enabled: true
when:
- ansible_facts.virtualization_type not in ["container", "docker", "podman"]

- name: Disable ssh service
become: true
ansible.builtin.service:
name: "{{ 'ssh.service' if ansible_facts.os_family == 'Debian' else 'sshd.service' }}"
state: stopped
enabled: false
when:
- ansible_facts.virtualization_type not in ["container", "docker", "podman"]
- ansible_facts.distribution == "Ubuntu"

- name: Restart Postfix
become: true
Expand Down
10 changes: 10 additions & 0 deletions molecule/default/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,16 @@
when:
- ansible_facts.distribution == 'AlmaLinux'

- name: Install acl on Debian
become: true
ansible.builtin.apt:
name: acl
state: present
install_recommends: false
update_cache: true
when:
- ansible_facts.os_family == 'Debian'

- name: Include Ansible role
ansible.builtin.import_role:
name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
23 changes: 14 additions & 9 deletions molecule/default/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@
become: true
ansible.builtin.user:
name: "{{ item }}"
group: "{{ item }}"
shell: /bin/bash
create_home: true
generate_ssh_key: true
Expand All @@ -118,9 +117,9 @@
- name: Assert home directory permissions
ansible.builtin.assert:
that:
- home_dir.stat.mode == "0700"
- home_dir.stat.mode == login_defs.home_mode
success_msg: "{{ home_dir.stat.path }} has correct permissions: {{ home_dir.stat.mode }}"
fail_msg: "{{ home_dir.stat.path }} permissions are incorrect: {{ home_dir.stat.mode }}"
fail_msg: "{{ home_dir.stat.path }} permissions are incorrect: {{ home_dir.stat.mode }}, expected {{ login_defs.home_mode }} or {{ umask_value }}"
when:
- home_dir.stat.exists

Expand All @@ -144,17 +143,23 @@
- sshd
- sshd_config

- name: Ensure privilege separation directory exists
- name: Ensure privilege separation directories exist
become: true
ansible.builtin.file:
path: /run/sshd
path: "{{ item.path }}"
owner: root
group: root
state: directory
mode: "0755"
tags:
- sshd
- sshd_config
mode: "{{ item.mode }}"
register: privsep_dir
failed_when:
- privsep_dir is changed
- not (item.path == '/run/sshd' and ansible_facts.distribution == 'Ubuntu')
loop:
- { path: /run/sshd, mode: "0755" }
- { path: /usr/share/empty.sshd, mode: "0711" }
- { path: /var/empty, mode: "0755" }
- { path: /var/empty/sshd, mode: "0711" }

- name: Stat IPv6 status
become: true
Expand Down
12 changes: 9 additions & 3 deletions tasks/sshconfig.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,18 @@
ansible.builtin.debug:
msg: "{{ ssh_installed_version }}"

- name: Ensure privilege separation directory exists
- name: Ensure privilege separation directories exist
become: true
ansible.builtin.file:
path: "{{ item.path }}"
owner: root
group: root
state: directory
mode: "{{ item.mode }}"
register: privsep_dir
changed_when:
- privsep_dir is changed
- not (item.path == '/run/sshd' and ansible_facts.distribution == 'Ubuntu')
loop:
- { path: /run/sshd, mode: "0755" }
- { path: /usr/share/empty.sshd, mode: "0711" }
Expand Down Expand Up @@ -250,7 +254,8 @@
(not sshd_config_d.stat.exists) or
(grep_include.rc != 0)
notify:
- Restart sshd service
- Disable ssh service
- Restart ssh socket
- Restart ssh service

- name: Configure sshd using sshd_config.d
Expand All @@ -268,7 +273,8 @@
- sshd_config_d.stat.exists
- grep_include.rc == 0
notify:
- Restart sshd service
- Disable ssh service
- Restart ssh socket
- Restart ssh service

- name: Remove possible Subsystem duplicate
Expand Down
Loading