From 0573ad57745a9d67d6c27240a08cd6d9668f602f Mon Sep 17 00:00:00 2001 From: spmfox Date: Mon, 26 Jun 2023 23:20:27 -0400 Subject: updating documentation, PermitRootLogin used in Kickstart if no SSH key is defined --- roles/libvirt/templates/kickstart/el8.ks | 4 ++-- roles/libvirt/templates/kickstart/el9.ks | 4 ++-- roles/libvirt/templates/kickstart/f38.ks | 4 ++-- roles/libvirt/vars/main.yml | 1 + 4 files changed, 7 insertions(+), 6 deletions(-) (limited to 'roles') diff --git a/roles/libvirt/templates/kickstart/el8.ks b/roles/libvirt/templates/kickstart/el8.ks index d574837..5097c0d 100644 --- a/roles/libvirt/templates/kickstart/el8.ks +++ b/roles/libvirt/templates/kickstart/el8.ks @@ -42,10 +42,10 @@ cat </root/.ssh/authorized_keys {{ libvirt_kickstart_root_ssh_key }} EOF -### set permissions chmod 0600 /root/.ssh/authorized_keys -### fix up selinux context restorecon -R /root/.ssh/ +{{ libvirt_kickstart_allow_root_ssh }} + %end diff --git a/roles/libvirt/templates/kickstart/el9.ks b/roles/libvirt/templates/kickstart/el9.ks index 37dc7ac..b37bcf0 100644 --- a/roles/libvirt/templates/kickstart/el9.ks +++ b/roles/libvirt/templates/kickstart/el9.ks @@ -42,10 +42,10 @@ cat </root/.ssh/authorized_keys {{ libvirt_kickstart_root_ssh_key }} EOF -### set permissions chmod 0600 /root/.ssh/authorized_keys -### fix up selinux context restorecon -R /root/.ssh/ +{{ libvirt_kickstart_allow_root_ssh }} + %end diff --git a/roles/libvirt/templates/kickstart/f38.ks b/roles/libvirt/templates/kickstart/f38.ks index 7dc7eee..de0adb8 100644 --- a/roles/libvirt/templates/kickstart/f38.ks +++ b/roles/libvirt/templates/kickstart/f38.ks @@ -41,10 +41,10 @@ cat </root/.ssh/authorized_keys {{ libvirt_kickstart_root_ssh_key }} EOF -### set permissions chmod 0600 /root/.ssh/authorized_keys -### fix up selinux context restorecon -R /root/.ssh/ +{{ libvirt_kickstart_allow_root_ssh }} + %end diff --git a/roles/libvirt/vars/main.yml b/roles/libvirt/vars/main.yml index 2c1456e..33ecc48 100644 --- a/roles/libvirt/vars/main.yml +++ b/roles/libvirt/vars/main.yml @@ -12,3 +12,4 @@ libvirt_kickstart_hostname: "{{ inventory_hostname }}" libvirt_kickstart_timezone: "{{ timezone if timezone is defined else 'Etc/GMT' }}" libvirt_kickstart_root_ssh_key: "{{ ssh_key if ssh_key is defined }}" libvirt_kickstart_root_password: "{{ root_password if root_password is defined else lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}" +libvirt_kickstart_allow_root_ssh: "{{ '' if ssh_key is defined else 'echo PermitRootLogin yes > /etc/ssh/sshd_config.d/01-permitrootlogin.conf' }}" -- cgit