fix restart of sshd deamon at every run

5ab15cdf · Alain Takoudjou · b6f077a5 · 5ab15cdf
Commit 5ab15cdf authored Sep 03, 2015 by Alain Takoudjou
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 6 deletions

playbook/roles/vm-bootstrap/tasks/ssh.yml playbook/roles/vm-bootstrap/tasks/ssh.yml +9 -6

No files found.
--- a/playbook/roles/vm-bootstrap/tasks/ssh.yml
+++ b/playbook/roles/vm-bootstrap/tasks/ssh.yml
@@ -45,14 +45,17 @@
    authorized_key: user=root key="{{ lookup('file', '/etc/opt/authorized_keys') }}"
    when: authorized_keys.stat.exists == True

+  - name: Check whether sshd_config is well configured
+    command: grep -wq "^PermitRootLogin no" /etc/ssh/sshd_config
+    register: permitrootlogin
+    always_run: True
+    ignore_errors: True
+    changed_when: False
+
  - name: update /etc/ssh/sshd_config
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (?!no)" line="PermitRootLogin no"
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (.*)" line="PermitRootLogin no" state=present
    notify:
      - restart ssh
      - restart sshd
+    when: permitrootlogin.rc != 0

-  - name: update /etc/ssh/sshd_config
-    lineinfile: dest=/etc/ssh/sshd_config line="PermitRootLogin no"
-    notify: 
-      - restart ssh
-      - restart sshd