From bc3d05008aade7975cb74b24d87a5510e20cddf3 Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Wed, 1 Feb 2017 17:47:57 +0200 Subject: [PATCH 1/5] Update minimum Ansible version to 2.0 --- README.md | 2 +- meta/main.yml | 2 +- tests/Dockerfile.ubuntu-14.04.ansible-1.9.6 | 12 ------------ 3 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 tests/Dockerfile.ubuntu-14.04.ansible-1.9.6 diff --git a/README.md b/README.md index 8edb0eb..74eba64 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ It is advisable that `scp_if_ssh` be set to `true` in the `ssh_connection` secti scp_if_ssh=True ``` -Other than that, only Ansible itself is required. Tested using Ansible 1.9, 2.0.2.0 and 2.1.0.0. Works on Ubuntu 14.04 and 16.04, untested on other versions. +Other than that, only Ansible itself is required. Tested using Ansible 2.0.2.0, 2.1.0.0 and 2.2.1.0. Works on Ubuntu 14.04 and 16.04, untested on other versions. Some work has been done on supporting RHEL, though this is not currently officially supported by the original author (further contributions are obviously welcome ;-) ## Role Variables diff --git a/meta/main.yml b/meta/main.yml index 7da6a3d..f498df7 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ galaxy_info: author: Johan Meiring description: "Setup chrooted SFTP service on top of OpenSSH" license: MIT - min_ansible_version: 1.9 + min_ansible_version: 2.0 platforms: - name: Ubuntu diff --git a/tests/Dockerfile.ubuntu-14.04.ansible-1.9.6 b/tests/Dockerfile.ubuntu-14.04.ansible-1.9.6 deleted file mode 100644 index 65fc420..0000000 --- a/tests/Dockerfile.ubuntu-14.04.ansible-1.9.6 +++ /dev/null @@ -1,12 +0,0 @@ -FROM ubuntu:14.04 -RUN apt-get update - -# Install OpenSSH server -RUN apt-get install -y openssh-server - -# Install Ansible -RUN apt-get install -y software-properties-common git python-pip python-dev libffi-dev libssl-dev -RUN pip install 'ansible==1.9.6' - -# Install Ansible inventory file -RUN mkdir /etc/ansible/ && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 985b70058b2899b5a7f43b52697fc34de205d26c Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Wed, 1 Feb 2017 17:49:10 +0200 Subject: [PATCH 2/5] Add test for 2.2.1.0 --- .travis.yml | 6 +++--- tests/Dockerfile.ubuntu-14.04.ansible-2.2.1.0 | 13 +++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 tests/Dockerfile.ubuntu-14.04.ansible-2.2.1.0 diff --git a/.travis.yml b/.travis.yml index 4b1ff64..f53e7c7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,17 +2,17 @@ sudo: required env: - - ansible: 1.9.6 + - ansible: 2.0.2.0 distribution: ubuntu version: 14.04 init: /sbin/init run_opts: "" - - ansible: 2.0.2.0 + - ansible: 2.1.0.0 distribution: ubuntu version: 14.04 init: /sbin/init run_opts: "" - - ansible: 2.1.0.0 + - ansible: 2.2.1.0 distribution: ubuntu version: 14.04 init: /sbin/init diff --git a/tests/Dockerfile.ubuntu-14.04.ansible-2.2.1.0 b/tests/Dockerfile.ubuntu-14.04.ansible-2.2.1.0 new file mode 100644 index 0000000..edc963a --- /dev/null +++ b/tests/Dockerfile.ubuntu-14.04.ansible-2.2.1.0 @@ -0,0 +1,13 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install OpenSSH server +RUN apt-get install -y openssh-server + +# Install Ansible +RUN apt-get install -y software-properties-common git python-pip python-dev libffi-dev libssl-dev +RUN pip install -U setuptools +RUN pip install 'ansible==2.2.1.0' + +# Install Ansible inventory file +RUN mkdir /etc/ansible/ && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From e08ee2ac82c479e8ff381b26ec409340331fc675 Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Wed, 1 Feb 2017 20:15:37 +0200 Subject: [PATCH 3/5] Add test for 2.2.1.0 under Ubuntu 16.04 --- .travis.yml | 5 +++++ tests/Dockerfile.ubuntu-16.04.ansible-2.2.1.0 | 13 +++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 tests/Dockerfile.ubuntu-16.04.ansible-2.2.1.0 diff --git a/.travis.yml b/.travis.yml index f53e7c7..b17afd4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,6 +17,11 @@ env: version: 14.04 init: /sbin/init run_opts: "" + - ansible: 2.2.1.0 + distribution: ubuntu + version: 16.04 + init: /sbin/init + run_opts: "" services: - docker diff --git a/tests/Dockerfile.ubuntu-16.04.ansible-2.2.1.0 b/tests/Dockerfile.ubuntu-16.04.ansible-2.2.1.0 new file mode 100644 index 0000000..5fe22d6 --- /dev/null +++ b/tests/Dockerfile.ubuntu-16.04.ansible-2.2.1.0 @@ -0,0 +1,13 @@ +FROM ubuntu:16.04 +RUN apt-get update + +# Install OpenSSH server +RUN apt-get install -y openssh-server + +# Install Ansible +RUN apt-get install -y software-properties-common git python-pip python-dev libffi-dev libssl-dev +RUN pip install -U setuptools +RUN pip install 'ansible==2.2.1.0' + +# Install Ansible inventory file +RUN mkdir /etc/ansible/ && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From aa59e8f384aa11afc1495b0672454144330160a3 Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Wed, 1 Feb 2017 20:15:57 +0200 Subject: [PATCH 4/5] Ignore sshd restart errors... seems to work but reporting is off --- handlers/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/handlers/main.yml b/handlers/main.yml index 4380a57..b677eaf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,3 +2,4 @@ - name: SFTP-Server | Restart sshd service: name={{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }} state=restarted + ignore_errors: Yes From 636761ed1be8f186d39478ccc20a81c2af95ced6 Mon Sep 17 00:00:00 2001 From: Johan Meiring Date: Wed, 1 Feb 2017 21:17:49 +0200 Subject: [PATCH 5/5] Modernise syntax --- handlers/main.yml | 5 ++-- tasks/main.yml | 63 ++++++++++++++++++++++++++++------------------- 2 files changed, 40 insertions(+), 28 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index b677eaf..29e63a9 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,6 @@ --- - name: SFTP-Server | Restart sshd - service: name={{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }} - state=restarted + service: + name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}" + state: restarted ignore_errors: Yes diff --git a/tasks/main.yml b/tasks/main.yml index 058b576..d0f4cb5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,15 +1,17 @@ --- # Creates group for SFTP users. - name: SFTP-Server | Create sftp user group - group: name={{ sftp_group_name }} - state=present + group: + name: "{{ sftp_group_name }}" + state: present # Necessary for chrooting of SFTP users. - name: SFTP-Server | Alter sftp subsystem entry - lineinfile: dest=/etc/ssh/sshd_config - regexp="^Subsystem(\s+)sftp" - line="Subsystem sftp internal-sftp -f AUTH -l VERBOSE" - state=present + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^Subsystem(\s+)sftp' + line: "Subsystem sftp internal-sftp -f AUTH -l VERBOSE" + state: present notify: SFTP-Server | Restart sshd # Some sed magic to grab the entire sshd_config, excluding our custom config block. @@ -19,7 +21,9 @@ changed_when: True == False - name: SFTP-Server | Ensure SELinux management package is present - package: name=libsemanage-python state=present + package: + name: libsemanage-python + state: present when: ansible_selinux - name: SFTP-Server | Set SELinux booleans @@ -34,48 +38,55 @@ # Create/recreate ssh_config. - name: SFTP-Server | Apply sshd_config template - template: src=sshd_config.j2 - dest=/etc/ssh/sshd_config - owner=root + template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + owner: root notify: SFTP-Server | Restart sshd # Create each SFTP user with home directory on the correct patition, and add to SFTP group. - name: SFTP-Server | Create sftp users - user: name={{ item.name }} - groups={{ sftp_group_name }} - home="{{ sftp_home_partition }}/{{ item.name }}" - state=present + user: + name: "{{ item.name }}" + groups: "{{ sftp_group_name }}" + home: "{{ sftp_home_partition }}/{{ item.name }}" + state: present with_items: "{{ sftp_users }}" # A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory. - name: SFTP-Server | Correct ownership and permission of home directories - file: path="{{ sftp_home_partition }}/{{ item.name }}" - owner=root - group={{ sftp_group_name }} - mode="0750" + file: + path: "{{ sftp_home_partition }}/{{ item.name }}" + owner: root + group: "{{ sftp_group_name }}" + mode: "0750" with_items: "{{ sftp_users }}" # Install all relevant public keys. - name: SFTP-Server | Install public keys - authorized_key: user={{ item.0.name }} key='{{ lookup('file', item.1) }}' + authorized_key: + user: "{{ item.0.name }}" + key: "{{ lookup('file', item.1) }}" with_subelements: - "{{ sftp_users }}" - authorized # Update user passwords, if they were specified. - name: SFTP-Server | Update user passwords - user: name={{ item.name }} - password={{ item.password }} + user: + name: "{{ item.name }}" + password: "{{ item.password }}" with_items: "{{ sftp_users }}" when: item.password is defined # Create directories for SFTP users. Optional, but recommended. - name: SFTP-Server | Create directories - file: path="{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}" - owner={{ item[0].name }} - group={{ item[0].name }} - mode="{{ item[1].mode | default(0750) }}" - state=directory + file: + path: "{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}" + owner: "{{ item[0].name }}" + group: "{{ item[0].name }}" + mode: "{{ item[1].mode | default(0750) }}" + state: directory with_nested: - "{{ sftp_users }}" - "{{ sftp_directories }}"