Configure ssh on rhel in the common role

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 6d96e57a2d24722faabfb1e1ab616187657ad4db..995769544fd3c4a68665d765b6e3004c95ebf913 100644 (file)
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -3,3 +3,8 @@
   service:
     name: "{{ ntp_service_name }}" 
     state: restarted
+
+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted

diff --git a/roles/common/tasks/setup-redhat.yml b/roles/common/tasks/setup-redhat.yml
index 82486966f0054942e72a9f27248560209cb9f384..48e41bb3edf67645366546b6b905f0520eb55396 100644 (file)
--- a/roles/common/tasks/setup-redhat.yml
+++ b/roles/common/tasks/setup-redhat.yml
@@ -68,6 +68,28 @@
     - raid.pl
     - diskusage.pl
 
+- name: Upload rhel version specific sshd_config.
+  template:
+    src: "ssh/sshd_config_rhel_{{ ansible_distribution_version }}"
+    dest: /etc/ssh/sshd_config
+    owner: root 
+    group: root
+    mode: 0755
+  notify:
+    - restart sshd
+  tags:
+    - ssh
+
+- name: Upload ssh_config.
+  template:
+    src: ssh/ssh_config
+    dest: /etc/ssh/ssh_config
+    owner: root
+    group: root
+    mode: 0755
+  tags:
+    - ssh
+
 - name: Include version specific tasks.
   include: redhat/rhel_7.0.yml
   when: ansible_distribution_version == "7.0"

diff --git a/roles/common/templates/ssh/sshd_config_redhat_7.0 b/roles/common/templates/ssh/sshd_config_redhat_7.0
deleted file mode 100755 (executable)
index 087d4c7..0000000
--- a/roles/common/templates/ssh/sshd_config_redhat_7.0
+++ /dev/null
@@ -1,38 +0,0 @@
-# {{ ansible_managed }}
-#      $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
-
-# This is the sshd server system-wide configuration file.  See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
-
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-
-SyslogFacility AUTHPRIV
-
-AuthorizedKeysFile     .ssh/authorized_keys
-
-PasswordAuthentication yes
-
-ChallengeResponseAuthentication no
-
-# GSSAPI options
-GSSAPIAuthentication yes
-GSSAPICleanupCredentials yes
-
-UsePAM yes
-
-X11Forwarding yes
-UsePrivilegeSeparation sandbox         # Default for new installations.
-
-# Accept locale-related environment variables
-AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-AcceptEnv XMODIFIERS
-
-# override default of no subsystems
-Subsystem      sftp    /usr/libexec/openssh/sftp-server
-
-MaxSessions 1000

diff --git a/roles/common/templates/ssh/sshd_config_rhel_7.0 b/roles/common/templates/ssh/sshd_config_rhel_7.0
new file mode 100755 (executable)
index 0000000..087d4c7
--- /dev/null
+++ b/roles/common/templates/ssh/sshd_config_rhel_7.0
@@ -0,0 +1,38 @@
+# {{ ansible_managed }}
+#      $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
+
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+
+SyslogFacility AUTHPRIV
+
+AuthorizedKeysFile     .ssh/authorized_keys
+
+PasswordAuthentication yes
+
+ChallengeResponseAuthentication no
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+
+UsePAM yes
+
+X11Forwarding yes
+UsePrivilegeSeparation sandbox         # Default for new installations.
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+# override default of no subsystems
+Subsystem      sftp    /usr/libexec/openssh/sftp-server
+
+MaxSessions 1000