Role - tripleo-sshd¶
Role Documentation¶
Welcome to the “tripleo_sshd” role documentation.
Role Defaults¶
This section highlights all of the defaults and variables set within the “tripleo_sshd” role.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_sshd"
# Mapping of sshd_config values
# Package state for ssh
tripleo_sshd_package_state: present
tripleo_sshd_motd_enabled: false
tripleo_sshd_message_of_the_day: ''
tripleo_sshd_banner_enabled: false
tripleo_sshd_banner_text: ''
# SSH configuration options
tripleo_sshd_password_authentication: no
tripleo_sshd_gssapi_authentication: no
tripleo_sshd_server_options:
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
SyslogFacility: AUTHPRIV
AuthorizedKeysFile: .ssh/authorized_keys
ChallengeResponseAuthentication: no
GSSAPIAuthentication: '{{ tripleo_sshd_gssapi_authentication }}'
GSSAPICleanupCredentials: no
UsePAM: yes
UseDNS: no
X11Forwarding: yes
AcceptEnv:
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- LC_IDENTIFICATION LC_ALL LANGUAGE
- XMODIFIERS
Subsystem: sftp /usr/libexec/openssh/sftp-server
Role Variables: redhat.yml¶
tripleo_sshd_packages:
- openssh-server
Role Variables: main.yml¶
tripleo_sshd_banner_text: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
tripleo_sshd_message_of_the_day: |
ALERT! You are entering into a secured area!
This service is restricted to authorized users only.
Molecule Scenarios¶
Molecule is being used to test the “tripleo_sshd” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.
- Driver: podman
- Driver: podman
- Driver: podman
Scenario: banners¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example banners playbook¶
- name: Converge
hosts: all
roles:
- name: tripleo_sshd
tripleo_sshd_motd_enabled: true
tripleo_sshd_banner_enabled: true
Scenario: gssapi¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example gssapi playbook¶
- name: Converge
hosts: all
roles:
- name: tripleo_sshd
tripleo_sshd_gssapi_authentication: yes
Scenario: default¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example default playbook¶
- name: Converge
hosts: all
roles:
- name: tripleo_sshd