From 5ab15cdfe4b3dce17ed7d5dee710d0359c54de9a Mon Sep 17 00:00:00 2001
From: Alain Takoudjou <alain.takoudjou@nexedi.com>
Date: Thu, 3 Sep 2015 15:47:00 +0200
Subject: [PATCH] fix restart of sshd deamon at every run

---
 playbook/roles/vm-bootstrap/tasks/ssh.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/playbook/roles/vm-bootstrap/tasks/ssh.yml b/playbook/roles/vm-bootstrap/tasks/ssh.yml
index a130c25..8a793c1 100644
--- a/playbook/roles/vm-bootstrap/tasks/ssh.yml
+++ b/playbook/roles/vm-bootstrap/tasks/ssh.yml
@@ -45,14 +45,17 @@
     authorized_key: user=root key="{{ lookup('file', '/etc/opt/authorized_keys') }}"
     when: authorized_keys.stat.exists == True
 
+  - name: Check whether sshd_config is well configured
+    command: grep -wq "^PermitRootLogin no" /etc/ssh/sshd_config
+    register: permitrootlogin
+    always_run: True
+    ignore_errors: True
+    changed_when: False
+
   - name: update /etc/ssh/sshd_config
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (?!no)" line="PermitRootLogin no"
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin no" state=present
     notify:
       - restart ssh
       - restart sshd
+    when: permitrootlogin.rc != 0
 
-  - name: update /etc/ssh/sshd_config
-    lineinfile: dest=/etc/ssh/sshd_config line="PermitRootLogin no"
-    notify: 
-      - restart ssh
-      - restart sshd
-- 
2.30.9