fix: Document and streamline the sshd_main_config_file #281
Conversation
Jakuje
force-pushed
the
main_config_file
branch
from
94047d9 to
8b57d98
Compare
|
I think I understand the issue now. The problem is that for a distro, the role uses a default In this case, I wonder if the role could do: - set_fact:
sshd_main_config_file: None
when: sshd_config_file == sshd_main_config_file ~ '.d'and the rest of the code stays as is already. The above snippet could go into |
|
Thank you for having a look into this!
Yes, this could be the other option, maybe nicer as it would be checked only in one place, unlike what I suggested. But still I am not sure about the condition I will try to put together some tests coverage for the change here too. |
My bad. All these exist in condition with |
Jakuje
force-pushed
the
main_config_file
branch
3 times, most recently
from
d319ee8 to
3e44da4
Compare
The option was introduced in 6bb0d7b without documentation and intended use. The recent change f6ae209 propagated this option to the generated service files, which is resulting in unexpected results, when a user decided to set only `sshd_config_file` for the second sshd service causing the service file points to the system-wide configuration file. This is an attempt to fix this by introducing some heuristics to guess if the user wants to set up second drop-in directory (ending with .d) or create a standalone configuration file. Fixes: willshersystems#280
Signed-off-by: Jakub Jelen <[email protected]>
Jakuje
force-pushed
the
main_config_file
branch
from
3e44da4 to
a3e2752
Compare
|
The problem with the We had issues with others variables that were force set as facts in the past. I think the solution was to set only internal variables or to avoid So unless there will be some better ideas, I will revert the changes to the previous version, even though it requires modification on more places. Testing and feedback welcomed. |
Jakuje
force-pushed
the
main_config_file
branch
3 times, most recently
from
e10e7a8 to
c9cfdf7
Compare
To work around this you can do: # as the last task of the role
- set_fact:
sshd_main_config_file: __sshd_sentinel__
# in variables.yml
- set_fact:
sshd_main_config_file: "{{ __sshd_main_config_file }}"
when: sshd_main_config_file == '__sshd_sentinel__'
- set_fact:
sshd_main_config_file: None
when: sshd_config_file | dirname == sshd_main_config_file ~ '.d'I am not saying this is less cognitive load for a person that reads the role's code, but it keeps things centralized. |
Signed-off-by: Jakub Jelen <[email protected]>
Jakuje
force-pushed
the
main_config_file
branch
from
c9cfdf7 to
c1dfd1f
Compare
I am still undecided if having fact set to placeholder variable is nicer or more fragile. @richm @mattwillsher any thoughts or strong opinions? |
|
In general it is a bad idea for the role runtime code to do set_fact:
sshd_role_variable: valuefor role variables declared in |
|
any update? |
|
I think this is good to go if there are no other concerns
…On Thu, Apr 4, 2024, 21:29 Richard Megginson ***@***.***> wrote:
any update?
—
Reply to this email directly, view it on GitHub
<#281 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAUR2WO54GKQ7ZLAQIFLV2DY3WS3NAVCNFSM6AAAAABE4HVNASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZYGA2TIMJQGQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Thank you for the reviews and comments. Merging then. |
The option was introduced in f6ae209 without documentation and intended use. The recent change f6ae209 propagated this option to the generated service files, which is resulting in unexpected results, when a user decided to set only
sshd_config_filefor the second sshd service such as:This is an attempt to fix this by introducing some heuristics to guess if the user wants to set up second drop-in directory (ending with .d) or create a standalone configuration file.
Issue Tracker Tickets (Jira or BZ if any): https://issues.redhat.com/browse/RHEL-29309 #280