--- - name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings hosts: all become: true environment: http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}" https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}" no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}" tasks: - name: use python3 set_fact: ansible_python_interpreter: /usr/bin/python3 when: ansible_facts.distribution == 'Fedora' - name: install packages # noqa ignore-errors yum: name: - openssh-clients - openssh-server - libselinux-python state: present update_cache: true ignore_errors: true - name: install packages # noqa ignore-errors dnf: name: - openssh-clients - openssh-server - procps-ng state: present update_cache: true ignore_errors: true - name: install packages # noqa ignore-errors apt: name: - openssh-client - openssh-server state: present update_cache: true ignore_errors: true - name: install required tools on SuSE # cannot use zypper module, since it depends on python-xml shell: "zypper -n install python-xml" when: ansible_facts.os_family == 'Suse' - name: install packages zypper: name: - "openssh" when: ansible_facts.os_family == 'Suse' - name: install required tools on Arch pacman: name: - openssh - awk state: present update_cache: true when: ansible_facts.os_family == 'Archlinux' - name: created needed directory file: path: "/var/run/sshd" state: directory - name: create ssh host keys # noqa ignore-errors command: "ssh-keygen -A" when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora" or ansible_facts.distribution == "Amazon" or ansible_facts.os_family == "Suse" changed_when: false ignore_errors: true