From 5ab15cdfe4b3dce17ed7d5dee710d0359c54de9a Mon Sep 17 00:00:00 2001 From: Alain Takoudjou <alain.takoudjou@nexedi.com> Date: Thu, 3 Sep 2015 15:47:00 +0200 Subject: [PATCH] fix restart of sshd deamon at every run --- playbook/roles/vm-bootstrap/tasks/ssh.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/playbook/roles/vm-bootstrap/tasks/ssh.yml b/playbook/roles/vm-bootstrap/tasks/ssh.yml index a130c25..8a793c1 100644 --- a/playbook/roles/vm-bootstrap/tasks/ssh.yml +++ b/playbook/roles/vm-bootstrap/tasks/ssh.yml @@ -45,14 +45,17 @@ authorized_key: user=root key="{{ lookup('file', '/etc/opt/authorized_keys') }}" when: authorized_keys.stat.exists == True + - name: Check whether sshd_config is well configured + command: grep -wq "^PermitRootLogin no" /etc/ssh/sshd_config + register: permitrootlogin + always_run: True + ignore_errors: True + changed_when: False + - name: update /etc/ssh/sshd_config - lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (?!no)" line="PermitRootLogin no" + lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin no" state=present notify: - restart ssh - restart sshd + when: permitrootlogin.rc != 0 - - name: update /etc/ssh/sshd_config - lineinfile: dest=/etc/ssh/sshd_config line="PermitRootLogin no" - notify: - - restart ssh - - restart sshd -- 2.30.9