Commit c5d488059d9407f1b9b96552159ffc298c8dc547 is invalidating sshd_config
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Invalid
|
Undecided
|
Unassigned | ||
Juno |
Fix Released
|
Medium
|
Matt Thompson | ||
Trunk |
Invalid
|
Undecided
|
Unassigned |
Bug Description
If there is a new line missing inside the sshd_config this commit will just add MaxStartups or MaxSessions to a existing line and invalidating sshd_config causing all sshd's to die.
Please fix regex:
diff --git a/rpc_deploymen
index 49c8791..89a4670 100644
--- a/rpc_deploymen
+++ b/rpc_deploymen
@@ -16,14 +16,14 @@
- name: set max sessions
lineinfile:
dest: /etc/ssh/
- regexp: 'MaxSessions'
+ regexp: '^MaxSessions.*'
line: "MaxSessions 500"
notify:
- restart ssh
- name: set max startups
lineinfile:
dest: /etc/ssh/
- regexp: 'MaxStartups'
+ regexp: '^MaxStartups.*'
line: "MaxStartups 500"
notify:
- restart ssh
Can you show us your ssh file before that ran?
I don't see how the original would break anything (also it'd really break testing hard if this was crashing ssh).
The lineinfile module replaces whole lines (and also only replaces 1 line, the last occurrence) - but it would replace a full line, so it shouldn't append anything to a line.
The regex before is doing a search so it'd replace the last occurrence of a line with "MaxSessions" in it with a line that is "MaxSessions 500". (Same for MaxStartups) - replacing the whole line, and includes os.linesep.
We need to determine that this isn't a larger bug related to the lineinfile module itself or some other issue.