Bug 2086935 - sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
Summary: sshd system role should be able to optionally manage /etc/ssh/sshd_config on ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: rhel-system-roles
Version: 8.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.7
Assignee: Rich Megginson
QA Contact: David Jež
Jan Fiala
URL:
Whiteboard: role:sshd
Depends On: 2052086
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-16 20:10 UTC by Rich Megginson
Modified: 2023-02-14 16:44 UTC (History)
7 users (show)

Fixed In Version: rhel-system-roles-1.18.0-1.el8
Doc Type: Enhancement
Doc Text:
.The `sshd` RHEL System Role can be managed through `/etc/ssh/sshd_config` The `sshd` RHEL System Role applied to a RHEL 9 managed node places the SSHD configuration in a drop-in directory (`/etc/ssh/sshd_config.d/00-ansible_system_role.conf` by default). Previously, any changes to the `/etc/ssh/sshd_config` file overwrote the default values in `00-ansible_system_role.conf`. With this update, you can manage SSHD by using `/etc/ssh/sshd_config` instead of `00-ansible_system_role.conf` while preserving the system default values in `00-ansible_system_role.conf`.
Clone Of: 2052086
Environment:
Last Closed: 2022-11-08 09:41:25 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github willshersystems ansible-sshd pull 178 0 None Merged Make sure Include is in the main configuration file when drop-in directory is used 2022-05-16 20:23:31 UTC
Red Hat Issue Tracker RHELPLAN-122284 0 None None None 2023-02-14 08:14:31 UTC
Red Hat Product Errata RHEA-2022:7568 0 None None None 2022-11-08 09:41:41 UTC

Description Rich Megginson 2022-05-16 20:10:01 UTC 
+++ This bug was initially created as a clone of Bug #2052086 +++

Description of problem:
The sshd RHEL System Role, when run on a RHEL 9 managed node, by default places the configuration in /etc/ssh/sshd_config.d/00-ansible_system_role.conf.  Customers should be able to optionally manage the /etc/ssh/sshd_config file on RHEL 9 instead of using 00-ansible_system_role.conf


Version-Release number of selected component (if applicable):
RHEL 9 beta

How reproducible:
Every time

Steps to Reproduce:
1. Run playbook similar to this on RHEL 9 beta:
- hosts: localhost
  become: true

  roles:
    - role: redhat.rhel_system_roles.sshd
      vars:
        sshd_config_file: /etc/ssh/sshd_config
        sshd_skip_defaults: false
        sshd:
          PermitRootLogin: no

Actual results:
Generated /etc/ssh/sshd_config file:

# cat /etc/ssh/sshd_config
#
# Ansible managed
#
PermitRootLogin no

Expected results:
I would expect the role to populate the sshd_config file with the RHEL 9 default sshd_config settings, plus the PermitRootLogin setting that I specified.

--- Additional comment from Jakub Jelen on 2022-05-02 18:43:23 UTC ---

This should be fixed with the following upstream PR: https://github.com/willshersystems/ansible-sshd/pull/178 (as part of the other related change from #2052081)

Feedback/testing/comments welcomed.
Comment 4 Jakub Jelen 2022-05-17 07:24:07 UTC 
This used case is covered with the upstream test tests/tests_alternative_file.yml
Comment 12 errata-xmlrpc 2022-11-08 09:41:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:7568
Note You need to log in before you can comment on or make changes to this bug.