2) I am not "overwriting configuration files with 'known good' ones," I am making specific changes to the config files with ansible plays. Specifically, before fixing my playbook for Kinetic, it looked like this:
- name: enable root ssh public key authentication
lineinfile:
dest: /etc/ssh/sshd_config
line: PermitRootLogin without-password
register: rootsshyeskey
- name: disable root ssh non-key authentication
replace:
dest: /etc/ssh/sshd_config
regexp: ^\s*PermitRootLogin(?!.*without-password).*\n?
register: rootsshnopassword
- name: add default sshd port
lineinfile:
dest: /etc/ssh/sshd_config
line: 'Port 22'
when: extra_ssh_port is defined
- name: add additional sshd port
lineinfile:
dest: /etc/ssh/sshd_config
line: 'Port {{extra_ssh_port}}'
when: extra_ssh_port is defined
register: sshdport
1) Nobody reads the release notes.
2) I am not "overwriting configuration files with 'known good' ones," I am making specific changes to the config files with ansible plays. Specifically, before fixing my playbook for Kinetic, it looked like this:
- name: enable root ssh public key authentication sshd_config sshd_config ogin(?! .*without- password) .*\n? sshd_config sshd_config
lineinfile:
dest: /etc/ssh/
line: PermitRootLogin without-password
register: rootsshyeskey
- name: disable root ssh non-key authentication
replace:
dest: /etc/ssh/
regexp: ^\s*PermitRootL
register: rootsshnopassword
- name: add default sshd port
lineinfile:
dest: /etc/ssh/
line: 'Port 22'
when: extra_ssh_port is defined
- name: add additional sshd port
lineinfile:
dest: /etc/ssh/
line: 'Port {{extra_ssh_port}}'
when: extra_ssh_port is defined
register: sshdport