From 077a3f90943a816e2eb2cf2849b5d940892ac584 Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Fri, 11 Sep 2020 19:29:30 +0200 Subject: [PATCH] Always restart sshd after playbook has been run --- tasks/main.yml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index a6ec275..a59c928 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -41,7 +41,7 @@ - name: SFTP-Server | Add sshd_config block blockinfile: dest: /etc/ssh/sshd_config - marker: '# {mark} SFTP-Server {{ sftp_group_name }} block' + marker: "# {mark} SFTP-Server {{ sftp_group_name }} block" block: | Match Group {{ sftp_group_name }} ChrootDirectory %h @@ -75,11 +75,11 @@ # A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory. - name: SFTP-Server | Root SFTP permissions file: - path: "{{ sftp_home_partition }}" - state: directory - mode: 0750 - group: "{{ sftp_group_name }}" - owner: root + path: "{{ sftp_home_partition }}" + state: directory + mode: 0750 + group: "{{ sftp_group_name }}" + owner: root - name: SFTP-Server | Correct ownership and permission of home directories file: @@ -162,3 +162,10 @@ auth,authpriv.* /var/log/sftp/auth.log when: sftp_enable_logging notify: SFTP-Server | Restart rsyslog + +# Restart sshd to ensure all configuration has been applied. This should always be the last task. +- name: SFTP-Server | Restart sshd + service: + name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}" + state: restarted + ignore_errors: Yes