)]}'
{"tripleo_ansible/roles/tripleo-sshd/defaults/main.yml":[{"author":{"_account_id":23811,"name":"Oliver Walsh","email":"owalsh@redhat.com","username":"owalsh"},"change_message_id":"2583e645f6fbdb80233cb83753ef2dcdefeefa1f","unresolved":false,"context_lines":[{"line_number":29,"context_line":"# SSH configuration options"},{"line_number":30,"context_line":"tripleo_sshd_password_authentication: \u0027no\u0027"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"tripleo_sshd_server_options:"},{"line_number":33,"context_line":"  HostKey:"},{"line_number":34,"context_line":"    - \u0027/etc/ssh/ssh_host_rsa_key\u0027"},{"line_number":35,"context_line":"    - \u0027/etc/ssh/ssh_host_ecdsa_key\u0027"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_4f769aa6","line":32,"updated":"2019-09-04 15:59:44.000000000","message":"also have UsePrivilegeSeparation: \u0027sandbox\u0027 in the t-h-t default but it\u0027s not really necessary","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3a543c484209fe9a45f5e88301b388e91ebd020c","unresolved":false,"context_lines":[{"line_number":29,"context_line":"# SSH configuration options"},{"line_number":30,"context_line":"tripleo_sshd_password_authentication: \u0027no\u0027"},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"tripleo_sshd_server_options:"},{"line_number":33,"context_line":"  HostKey:"},{"line_number":34,"context_line":"    - \u0027/etc/ssh/ssh_host_rsa_key\u0027"},{"line_number":35,"context_line":"    - \u0027/etc/ssh/ssh_host_ecdsa_key\u0027"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_af894ec7","line":32,"in_reply_to":"7faddb67_4f769aa6","updated":"2019-09-04 16:42:00.000000000","message":"I actually took that one out because it throws a deprecation warning - https://patchwork.openembedded.org/patch/139981 - seems that the option no longer has any effect.","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"}],"tripleo_ansible/roles/tripleo-sshd/tasks/main.yml":[{"author":{"_account_id":23811,"name":"Oliver Walsh","email":"owalsh@redhat.com","username":"owalsh"},"change_message_id":"48e430bf6ede7b431e789c1e33e73b297a312a80","unresolved":false,"context_lines":[{"line_number":39,"context_line":"      notify:"},{"line_number":40,"context_line":"        - Restart sshd"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"    - name: force systemd to reread configs"},{"line_number":43,"context_line":"      meta: flush_handlers"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    - name: Adjust ssh server configuration"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_af95ce3e","line":42,"range":{"start_line":42,"start_character":12,"end_line":42,"end_character":43},"updated":"2019-09-04 16:18:59.000000000","message":"isn\u0027t that forcing the Restart sshd handler?\n\nDo we need this? I guess it\u0027s worth it to ensure sshd is running with the default rpm config if any of the next tasks fail","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3a543c484209fe9a45f5e88301b388e91ebd020c","unresolved":false,"context_lines":[{"line_number":39,"context_line":"      notify:"},{"line_number":40,"context_line":"        - Restart sshd"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"    - name: force systemd to reread configs"},{"line_number":43,"context_line":"      meta: flush_handlers"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    - name: Adjust ssh server configuration"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_6fc116e4","line":42,"range":{"start_line":42,"start_character":12,"end_line":42,"end_character":43},"in_reply_to":"7faddb67_af95ce3e","updated":"2019-09-04 16:42:00.000000000","message":"Done","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":23811,"name":"Oliver Walsh","email":"owalsh@redhat.com","username":"owalsh"},"change_message_id":"2583e645f6fbdb80233cb83753ef2dcdefeefa1f","unresolved":false,"context_lines":[{"line_number":50,"context_line":"      notify:"},{"line_number":51,"context_line":"        - Restart sshd"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    - name: Adjust ssh server auth configuration"},{"line_number":54,"context_line":"      lineinfile:"},{"line_number":55,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":56,"context_line":"        state: present"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_947ca9b6","line":53,"range":{"start_line":53,"start_character":6,"end_line":53,"end_character":48},"updated":"2019-09-04 15:59:44.000000000","message":"IIUC this is normally used when a root password has been set so might need the ability to set PermitRootLogin","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"d0962160220c97146c1e0f247868e9be57fb11ae","unresolved":false,"context_lines":[{"line_number":50,"context_line":"      notify:"},{"line_number":51,"context_line":"        - Restart sshd"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    - name: Adjust ssh server auth configuration"},{"line_number":54,"context_line":"      lineinfile:"},{"line_number":55,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":56,"context_line":"        state: present"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_ec30b109","line":53,"range":{"start_line":53,"start_character":6,"end_line":53,"end_character":48},"in_reply_to":"7faddb67_2aa46c06","updated":"2019-09-04 18:14:51.000000000","message":"I\u0027ll work a debug message in here so deployers are aware of when this is set and that they might want to confirm settings for root login and the use of PAM.","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3a543c484209fe9a45f5e88301b388e91ebd020c","unresolved":false,"context_lines":[{"line_number":50,"context_line":"      notify:"},{"line_number":51,"context_line":"        - Restart sshd"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    - name: Adjust ssh server auth configuration"},{"line_number":54,"context_line":"      lineinfile:"},{"line_number":55,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":56,"context_line":"        state: present"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_af506e2d","line":53,"range":{"start_line":53,"start_character":6,"end_line":53,"end_character":48},"in_reply_to":"7faddb67_947ca9b6","updated":"2019-09-04 16:42:00.000000000","message":"I think your right, however, i also think if someone has this set to anything other than \"no\" then they should also define other necessary config via tripleo_sshd_server_options. That said, I could add a debug message when tripleo_sshd_server_options !\u003d no ?","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":23811,"name":"Oliver Walsh","email":"owalsh@redhat.com","username":"owalsh"},"change_message_id":"19163613fc2a094083e37e7485242ab32fe807b8","unresolved":false,"context_lines":[{"line_number":50,"context_line":"      notify:"},{"line_number":51,"context_line":"        - Restart sshd"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    - name: Adjust ssh server auth configuration"},{"line_number":54,"context_line":"      lineinfile:"},{"line_number":55,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":56,"context_line":"        state: present"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_2aa46c06","line":53,"range":{"start_line":53,"start_character":6,"end_line":53,"end_character":48},"in_reply_to":"7faddb67_af506e2d","updated":"2019-09-04 17:02:41.000000000","message":"Since we don\u0027t do anything right now for PermitRootLogin I think we can come back to it if/when somebody requests it...\n\nMakes me wonder why PasswordAuthentication is special - ah, it was added for the undercloud https://review.opendev.org/571829, not for enabling root login","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"0c5131bba1785f8b9ce931ebb8bddcb2f25e2b9d","unresolved":false,"context_lines":[{"line_number":50,"context_line":"      notify:"},{"line_number":51,"context_line":"        - Restart sshd"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    - name: Adjust ssh server auth configuration"},{"line_number":54,"context_line":"      lineinfile:"},{"line_number":55,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":56,"context_line":"        state: present"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_8c1fbd6e","line":53,"range":{"start_line":53,"start_character":6,"end_line":53,"end_character":48},"in_reply_to":"7faddb67_ec30b109","updated":"2019-09-04 18:15:50.000000000","message":"^ if we think its needed.","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":23811,"name":"Oliver Walsh","email":"owalsh@redhat.com","username":"owalsh"},"change_message_id":"48e430bf6ede7b431e789c1e33e73b297a312a80","unresolved":false,"context_lines":[{"line_number":98,"context_line":"      notify:"},{"line_number":99,"context_line":"        - Restart sshd"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    - name: force systemd to reread configs"},{"line_number":102,"context_line":"      meta: flush_handlers"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_8fc5725e","line":101,"range":{"start_line":101,"start_character":12,"end_line":101,"end_character":43},"updated":"2019-09-04 16:18:59.000000000","message":"isn\u0027t that forcing the Restart sshd handler?","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"3a543c484209fe9a45f5e88301b388e91ebd020c","unresolved":false,"context_lines":[{"line_number":98,"context_line":"      notify:"},{"line_number":99,"context_line":"        - Restart sshd"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"    - name: force systemd to reread configs"},{"line_number":102,"context_line":"      meta: flush_handlers"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faddb67_0fb42281","line":101,"range":{"start_line":101,"start_character":12,"end_line":101,"end_character":43},"in_reply_to":"7faddb67_8fc5725e","updated":"2019-09-04 16:42:00.000000000","message":"Done","commit_id":"7b66600488e19d55cc1a3024cd6740c683ef5c8f"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"f8a71fc880a9705f6efa36f46f58861eedfbac21","unresolved":false,"context_lines":[{"line_number":66,"context_line":"      lineinfile:"},{"line_number":67,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":68,"context_line":"        state: present"},{"line_number":69,"context_line":"        regexp: \u0027^PasswordAuthentication.*\u0027"},{"line_number":70,"context_line":"        line: \u0027PasswordAuthentication {{ tripleo_sshd_password_authentication }}\u0027"},{"line_number":71,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":72,"context_line":"      notify:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_5bb1798e","line":69,"range":{"start_line":69,"start_character":17,"end_line":69,"end_character":18},"updated":"2019-09-04 21:36:23.000000000","message":"what if this is commented? maybe \"^#?Pass...\" ?","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"859b926ea8088d91c76885ef8f3ff8e3cd1201f2","unresolved":false,"context_lines":[{"line_number":66,"context_line":"      lineinfile:"},{"line_number":67,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":68,"context_line":"        state: present"},{"line_number":69,"context_line":"        regexp: \u0027^PasswordAuthentication.*\u0027"},{"line_number":70,"context_line":"        line: \u0027PasswordAuthentication {{ tripleo_sshd_password_authentication }}\u0027"},{"line_number":71,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":72,"context_line":"      notify:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_2669008b","line":69,"range":{"start_line":69,"start_character":17,"end_line":69,"end_character":18},"in_reply_to":"7faddb67_5bb1798e","updated":"2019-09-04 21:48:50.000000000","message":"If it\u0027s commented it will append to the file, however, I can change this to use a look ahead.","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"f8a71fc880a9705f6efa36f46f58861eedfbac21","unresolved":false,"context_lines":[{"line_number":83,"context_line":"      lineinfile:"},{"line_number":84,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":85,"context_line":"        state: present"},{"line_number":86,"context_line":"        regexp: \u0027^Banner.*\u0027"},{"line_number":87,"context_line":"        line: \u0027Banner /etc/issue\u0027"},{"line_number":88,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":89,"context_line":"      when:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_5b5f3940","line":86,"range":{"start_line":86,"start_character":17,"end_line":86,"end_character":19},"updated":"2019-09-04 21:36:23.000000000","message":"ditto","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"859b926ea8088d91c76885ef8f3ff8e3cd1201f2","unresolved":false,"context_lines":[{"line_number":83,"context_line":"      lineinfile:"},{"line_number":84,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":85,"context_line":"        state: present"},{"line_number":86,"context_line":"        regexp: \u0027^Banner.*\u0027"},{"line_number":87,"context_line":"        line: \u0027Banner /etc/issue\u0027"},{"line_number":88,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":89,"context_line":"      when:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_e62d2846","line":86,"range":{"start_line":86,"start_character":17,"end_line":86,"end_character":19},"in_reply_to":"7faddb67_5b5f3940","updated":"2019-09-04 21:48:50.000000000","message":"Done","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"},{"author":{"_account_id":10969,"name":"Shnaidman Sagi (Sergey)","display_name":"Shnaidman Sagi","email":"sshnaidm@redhat.com","username":"sergsh"},"change_message_id":"f8a71fc880a9705f6efa36f46f58861eedfbac21","unresolved":false,"context_lines":[{"line_number":102,"context_line":"      lineinfile:"},{"line_number":103,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":104,"context_line":"        state: present"},{"line_number":105,"context_line":"        regexp: \u0027^PrintMotd.*\u0027"},{"line_number":106,"context_line":"        line: \u0027PrintMotd yes\u0027"},{"line_number":107,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":108,"context_line":"      when:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_1b55411e","line":105,"range":{"start_line":105,"start_character":17,"end_line":105,"end_character":19},"updated":"2019-09-04 21:36:23.000000000","message":"ditto","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"},{"author":{"_account_id":7353,"name":"Kevin Carter","email":"kevin@cloudnull.com","username":"cloudnull"},"change_message_id":"859b926ea8088d91c76885ef8f3ff8e3cd1201f2","unresolved":false,"context_lines":[{"line_number":102,"context_line":"      lineinfile:"},{"line_number":103,"context_line":"        path: /etc/ssh/sshd_config"},{"line_number":104,"context_line":"        state: present"},{"line_number":105,"context_line":"        regexp: \u0027^PrintMotd.*\u0027"},{"line_number":106,"context_line":"        line: \u0027PrintMotd yes\u0027"},{"line_number":107,"context_line":"        validate: \u0027/usr/sbin/sshd -T -f %s\u0027"},{"line_number":108,"context_line":"      when:"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7faddb67_063164a2","line":105,"range":{"start_line":105,"start_character":17,"end_line":105,"end_character":19},"in_reply_to":"7faddb67_1b55411e","updated":"2019-09-04 21:48:50.000000000","message":"Done","commit_id":"0ff813633edf5318f1b6ba6d5c9d752aa4ae1c1e"}]}