From 21682352fdb147b2ac1d4eda4e86d2c524f8a509 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 6 Feb 2024 09:43:37 +0100 Subject: [PATCH 1/2] Workaround for CentOS7 reporting ansible_facts['service_mgr'] == 'sysvinit' in containers Signed-off-by: Jakub Jelen --- tasks/install_service.yml | 5 ++++- tests/tests_systemd_services.yml | 7 ++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tasks/install_service.yml b/tasks/install_service.yml index b92d51e..aee2514 100644 --- a/tasks/install_service.yml +++ b/tasks/install_service.yml @@ -1,6 +1,9 @@ --- - name: Install systemd service files - when: sshd_install_service | bool and ansible_facts['service_mgr'] == 'systemd' + when: + - sshd_install_service | bool + - ansible_facts['service_mgr'] == 'systemd' or + (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') block: - name: Install service unit file ansible.builtin.template: diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml index e1e3f1a..3258933 100644 --- a/tests/tests_systemd_services.yml +++ b/tests/tests_systemd_services.yml @@ -34,7 +34,8 @@ - name: Read the service files and verify they are reasonable tags: tests::verify when: - - ansible_facts['service_mgr'] == 'systemd' + - ansible_facts['service_mgr'] == 'systemd' or + (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') block: - name: Read the distribution service file ansible.builtin.slurp: @@ -114,7 +115,8 @@ - name: Read the instantiated service file and verify they are reasonable tags: tests::verify when: - - ansible_facts['service_mgr'] == 'systemd' + - ansible_facts['service_mgr'] == 'systemd' or + (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7') - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12 block: - name: Read the distribution instantiated service file @@ -154,6 +156,5 @@ that: - "' -f /etc/ssh/' in service_inst.content | b64decode" - - name: "Restore configuration files" ansible.builtin.include_tasks: tasks/restore.yml From 6ab3f8538134ed8c585330021980a470cb806523 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 6 Feb 2024 10:09:06 +0100 Subject: [PATCH 2/2] EL7 main service file requires mandatory environment file note, that this is not the case for the instantiated, which is in sync with everything else. Signed-off-by: Jakub Jelen --- templates/sshd.service.j2 | 2 +- vars/RedHat_7.yml | 1 + vars/main.yml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/sshd.service.j2 b/templates/sshd.service.j2 index ec6da4e..73e9384 100644 --- a/templates/sshd.service.j2 +++ b/templates/sshd.service.j2 @@ -13,7 +13,7 @@ Documentation=man:sshd(8) man:sshd_config(5) [Service] Type=notify {% if __sshd_environment_file is string %} -EnvironmentFile=-{{ __sshd_environment_file }} +EnvironmentFile={{ __sshd_environment_file_mandatory | ternary('', '-')}}{{ __sshd_environment_file }} {% elif __sshd_environment_file is iterable %} {% for file in __sshd_environment_file %} EnvironmentFile=-{{ file }} diff --git a/vars/RedHat_7.yml b/vars/RedHat_7.yml index 061993c..98b745b 100644 --- a/vars/RedHat_7.yml +++ b/vars/RedHat_7.yml @@ -33,6 +33,7 @@ __sshd_hostkeys_nofips: - /etc/ssh/ssh_host_ed25519_key __sshd_environment_file: /etc/sysconfig/sshd +__sshd_environment_file_mandatory: true __sshd_environment_variable: $OPTIONS __sshd_service_after: sshd-keygen.service __sshd_service_wants: sshd-keygen.service diff --git a/vars/main.yml b/vars/main.yml index 3dbfcca..792e84f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -67,6 +67,7 @@ __sshd_supports_validate: true # The path to an environment file for the SSHD service __sshd_environment_file: ~ +__sshd_environment_file_mandatory: false # The variable name we are passing from the environment file as an argument to the sshd __sshd_environment_variable: $OPTIONS