From c05931e9ade7c16411cda7e0f42a1a81c1e14713 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 24 Feb 2026 17:54:41 +0100 Subject: [PATCH] Ensure that sshd is installed In some cases, like Swift role, there can be a race condition between ssh_keypairs and openssh-server installation. This results in failure to place configuration, when openssh-server is not present yet. With that the role attempts to execute a ssh server reload, which will fail if sshd is not installed. So we assume that one who is running role against the host expects ssh to be present on such host after all. Change-Id: I2480856a947ef4bdc3fa0c35750ad5813bafc985 Signed-off-by: Dmitriy Rabotyagov --- roles/ssh_keypairs/tasks/main.yml | 9 +++++++++ .../tasks/standalone/install_ssh_ca.yml | 13 ++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/roles/ssh_keypairs/tasks/main.yml b/roles/ssh_keypairs/tasks/main.yml index 1a9b6ff5..cf24df0b 100644 --- a/roles/ssh_keypairs/tasks/main.yml +++ b/roles/ssh_keypairs/tasks/main.yml @@ -17,6 +17,15 @@ ansible.builtin.include_vars: file: "{{ ssh_keypairs_method ~ '_keypair.yml' }}" +- name: Ensure that openssh is installed + vars: + _sshd_service_package: + redhat: openssh-server + debian: openssh-server + ansible.builtin.package: + name: "{{ _sshd_service_package[ansible_facts['os_family'] | lower] }}" + state: present + - name: Create keypairs when: ssh_keypairs_create_keys | bool block: diff --git a/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml b/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml index 3bb85f43..520b020e 100644 --- a/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml +++ b/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml @@ -13,11 +13,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure trusted CA directory is present +- name: Ensure required directories are present ansible.builtin.file: - path: "/etc/ssh/trusted_ca.d" + path: "{{ item.path }}" state: directory - mode: "0700" + mode: "{{ item.mode }}" + owner: root + group: root + loop: + - path: "/etc/ssh/trusted_ca.d" + mode: "0700" + - path: "/etc/ssh/sshd_config.d/" + mode: "0755" - name: Slurp up SSH CA certificates from keypair setup host ({{ ssh_keypairs_setup_host }}) delegate_to: "{{ ssh_keypairs_setup_host }}"