ansible-collection-hardening/molecule/ssh_hardening_custom_tests/prepare.yml

---
- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
  hosts: all
  become: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
  tasks:
    - name: use python3
      set_fact:
        ansible_python_interpreter: /usr/bin/python3
      when: ansible_facts.distribution == 'Fedora'

    - name: install packages  # noqa ignore-errors
      yum:
        name:
          - openssh-clients
          - openssh-server
          - libselinux-python
        state: present
        update_cache: true
      ignore_errors: true

    - name: install packages  # noqa ignore-errors
      dnf:
        name:
          - openssh-clients
          - openssh-server
          - procps-ng
        state: present
        update_cache: true
      ignore_errors: true

    - name: install packages  # noqa ignore-errors
      apt:
        name:
          - openssh-client
          - openssh-server
        state: present
        update_cache: true
      ignore_errors: true

    - name: install required tools on SuSE
      # cannot use zypper module, since it depends on python-xml
      shell: "zypper -n install python-xml"
      when: ansible_facts.os_family == 'Suse'

    - name: install packages
      zypper:
        name:
          - "openssh"
      when: ansible_facts.os_family == 'Suse'

    - name: install required tools on Arch
      pacman:
        name:
          - openssh
          - awk
        state: present
        update_cache: true
      when: ansible_facts.os_family == 'Archlinux'

    - name: created needed directory
      file:
        path: "/var/run/sshd"
        state: directory

    - name: create ssh host keys  # noqa ignore-errors
      command: "ssh-keygen -A"
      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or
            ansible_facts.distribution == "Fedora" or
            ansible_facts.distribution == "Amazon" or
            ansible_facts.os_family == "Suse"
      changed_when: false
      ignore_errors: true