Bug 2052081

Summary: sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
Product: Red Hat Enterprise Linux 9 Reporter: Brian Smith <briasmit>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Jakub Haruda <jharuda>
Severity: unspecified Docs Contact: Jan Fiala <jafiala>
Priority: unspecified    
Version: 9.0CC: gfialova, jharuda, jjelen, nhosoi, rmeggins, spetrosi
Target Milestone: rcKeywords: Triaged
Target Release: 9.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:sshd
Fixed In Version: rhel-system-roles-1.18.0-1.el9 Doc Type: Enhancement
Doc Text:
.The `sshd` RHEL System Role verifies the include directive for the drop-in directory The `sshd` RHEL System Role on RHEL 9 manages only a file in the drop-in directory, but previously did not verify that the directory is included from the main `sshd_config` file. With this update, the role verifies that `sshd_config` contains the include directive for the drop-in directory. As a result, the role more reliably applies the provided configuration.
 Story Points: ---
Clone Of:
: 2086934 (view as bug list) Environment:
Last Closed: 2022-11-15 10:22:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2086934    

Description Brian Smith 2022-02-08 16:33:57 UTC 
Description of problem:
The sshd RHEL System Role, when run on a RHEL 9 managed node, by default places the configuration in /etc/ssh/sshd_config.d/00-ansible_system_role.conf  This assumes that the /etc/ssh/sshd_config file has a line at the top with "Include > /etc/ssh/sshd_config.d/*.conf".  This line is in the default sshd_config file on RHEL 9, however it should not be assumed that it is there (for example a customer might have previously used a different tool to manage the sshd_config file and this tool might not have included this line in the file).  

Version-Release number of selected component (if applicable):
RHEL 9 beta

How reproducible:
Every time

Steps to Reproduce:
1.  Edit the sshd_config file and remove the "Include > /etc/ssh/sshd_config.d/*.conf" line
2.  Run the sshd System Role to set the sshd configuration on the system
3.  The configuration does not take effect
Comment 2 Jakub Jelen 2022-05-02 18:42:40 UTC 
This should be fixed with the following upstream PR: https://github.com/willshersystems/ansible-sshd/pull/178

Feedback/testing/comments welcomed.
Comment 6 Jakub Jelen 2022-05-17 06:59:24 UTC 
The upstream test in tests/tests_include_present.yml verifies this use case.
Comment 13 errata-xmlrpc 2022-11-15 10:22:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:8117