Merge "Ensure that sshd is installed"

2026-03-07 10:12:34 +00:00
parent 38d8ae8904 c05931e9ad
commit 4631243c3e
2 changed files with 19 additions and 3 deletions
--- a/roles/ssh_keypairs/tasks/main.yml
+++ b/roles/ssh_keypairs/tasks/main.yml
@@ -17,6 +17,15 @@
  ansible.builtin.include_vars:
    file: "{{ ssh_keypairs_method ~ '_keypair.yml' }}"

+- name: Ensure that openssh is installed
+  vars:
+    _sshd_service_package:
+      redhat: openssh-server
+      debian: openssh-server
+  ansible.builtin.package:
+    name: "{{ _sshd_service_package[ansible_facts['os_family'] | lower] }}"
+    state: present
+
 - name: Create keypairs
  when: ssh_keypairs_create_keys | bool
  block:
--- a/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml
+++ b/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml
@@ -13,11 +13,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Ensure trusted CA directory is present
+- name: Ensure required directories are present
  ansible.builtin.file:
-    path: "/etc/ssh/trusted_ca.d"
+    path: "{{ item.path }}"
    state: directory
-    mode: "0700"
+    mode: "{{ item.mode }}"
+    owner: root
+    group: root
+  loop:
+    - path: "/etc/ssh/trusted_ca.d"
+      mode: "0700"
+    - path: "/etc/ssh/sshd_config.d/"
+      mode: "0755"

 - name: Slurp up SSH CA certificates from keypair setup host ({{ ssh_keypairs_setup_host }})
  delegate_to: "{{ ssh_keypairs_setup_host }}"