This repository was archived by the owner on Dec 26, 2020. It is now read-only.
This repository was archived by the owner on Dec 26, 2020. It is now read-only.
Simplify crypto.yml checks with blocks #256
Closed
Description
Is your feature request related to a problem? Please describe.
Right now there's much duplicated code in the crypto.yaml task-file.
Describe the solution you'd like
We should use blocks
- name: block
block:
- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
- name: set macs according to openssh-version if openssh >= 7.6
set_fact:
ssh_macs: '{{ ssh_macs_76_default }}'
- name: set ciphers according to openssh-version if openssh >= 6.6
set_fact:
ssh_ciphers: '{{ ssh_ciphers_66_default }}'
when: sshd_version.stdout is version('6.3', '>=') and not ssh_host_key_files