Fix local installer compatibility on newer hosts
Made-with: Cursor
This commit is contained in:
c4ch3c4d3
@@ -13,7 +13,7 @@
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure courseware loopback-only sshd policy
|
||||
- name: Configure courseware sshd policy
|
||||
become: true
|
||||
template:
|
||||
src: sshd-courseware-terminal.conf.j2
|
||||
@@ -46,6 +46,15 @@
|
||||
enabled: true
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: Reload sshd when config changed with systemd
|
||||
become: true
|
||||
systemd:
|
||||
name: ssh
|
||||
state: reloaded
|
||||
when:
|
||||
- ansible_service_mgr == "systemd"
|
||||
- courseware_terminal_sshd_config.changed
|
||||
|
||||
- name: Check for running sshd when systemd is unavailable
|
||||
become: true
|
||||
command: pgrep -x sshd
|
||||
@@ -89,19 +98,13 @@
|
||||
environment:
|
||||
PATH: "{{ courseware_node_runtime_bin_dir }}:{{ ansible_env.PATH }}"
|
||||
|
||||
- name: Check loopback sshd listener
|
||||
become: true
|
||||
command: ss -ltn
|
||||
register: courseware_terminal_ss_listeners
|
||||
changed_when: false
|
||||
|
||||
- name: Assert sshd is loopback-only
|
||||
assert:
|
||||
that:
|
||||
- "'127.0.0.1:22' in courseware_terminal_ss_listeners.stdout"
|
||||
- "'0.0.0.0:22' not in courseware_terminal_ss_listeners.stdout"
|
||||
- "'[::]:22' not in courseware_terminal_ss_listeners.stdout"
|
||||
fail_msg: "sshd must listen only on 127.0.0.1:22 for the browser terminal deployment."
|
||||
- name: Wait for sshd to accept local WeTTY connections
|
||||
wait_for:
|
||||
host: 127.0.0.1
|
||||
port: 22
|
||||
state: started
|
||||
timeout: 10
|
||||
msg: "sshd must accept connections on 127.0.0.1:22 for the browser terminal deployment."
|
||||
|
||||
- name: Assert WeTTY binary exists
|
||||
stat:
|
||||
|
||||
Reference in New Issue
Block a user