From e20efe994f7ac7560c64cdea8bc5f217fcb07cb5 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Tue, 17 Feb 2026 21:58:37 +0530 Subject: [PATCH 1/5] ci: add SUSE/openSUSE support and fix test compatibility Signed-off-by: HVSharma12 --- README.md | 1 + meta/main.yml | 1 + tests/tasks/setup.yml | 5 +++-- tests/tests_additional_packages.yml | 2 ++ tests/tests_all_options.yml | 12 +++++++++++- tests/tests_custom_drop_in.yml | 3 ++- tests/tests_global_config_mode.yml | 12 ++++++++---- tests/tests_global_drop_in.yml | 10 +++++++++- tests/tests_global_drop_in_role.yml | 10 +++++++++- tests/tests_no_skip_defaults.yml | 3 ++- tests/tests_regenerate_defaults.yml | 9 +++++++++ tests/tests_user_config.yml | 7 +++++++ vars/{SL-Micro.yml => Suse.yml} | 0 13 files changed, 64 insertions(+), 11 deletions(-) rename vars/{SL-Micro.yml => Suse.yml} (100%) diff --git a/README.md b/README.md index b9baa43b..7bb8b878 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ supported by ansible. The role was tested on: * RHEL/CentOS 6, 7, 8, 9, 10 * Fedora +* SUSE/openSUSE * Debian * Ubuntu diff --git a/meta/main.yml b/meta/main.yml index 8cf707b2..c457766d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -44,6 +44,7 @@ galaxy_info: - el9 - el10 - fedora + - leap - networking - openssh - redhat diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml index 2eaa0223..75a18a1a 100644 --- a/tests/tasks/setup.yml +++ b/tests/tasks/setup.yml @@ -20,7 +20,7 @@ vars: __ssh_test_packages: >- {{ - "openssh-clients" if ansible_facts['os_family'] == 'RedHat' + "openssh-clients" if ansible_facts['os_family'] in ['RedHat', 'Suse'] else "openssh-client" }} package: @@ -41,7 +41,8 @@ main_ssh_config_name: 00-ansible.conf main_ssh_config_path: /etc/ssh/ssh_config.d/ when: - - (ansible_facts['os_family'] == 'RedHat' + - ansible_facts['os_family'] == 'Suse' or + (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int >= 8) or (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20) diff --git a/tests/tests_additional_packages.yml b/tests/tests_additional_packages.yml index 9fa1da6f..096eec5f 100644 --- a/tests/tests_additional_packages.yml +++ b/tests/tests_additional_packages.yml @@ -9,6 +9,8 @@ openssh-ldap {% elif ansible_facts['os_family'] == 'RedHat' %} openssh-keycat + {% elif ansible_facts['os_family'] == 'Suse' %} + openssh-helpers {% else %} openssh-tests {% endif %} diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml index 1c4955c5..2619508e 100644 --- a/tests/tests_all_options.yml +++ b/tests/tests_all_options.yml @@ -22,7 +22,7 @@ set_fact: ssh_test_package: openssh-client when: > - ansible_facts['os_family'] != 'RedHat' + ansible_facts['os_family'] not in ['RedHat', 'Suse'] - name: Determine if system is ostree and set flag when: not __ssh_is_ostree is defined @@ -67,6 +67,16 @@ use: "{{ (__ssh_is_ostree | d(false)) | ternary('ansible.posix.rhel_rpm_ostree', omit) }}" + - name: Check if ssh_config man page is available + command: man -w ssh_config + register: __ssh_man_check + failed_when: false + changed_when: false + + - name: Skip if ssh_config man page is not available + meta: end_host + when: __ssh_man_check.rc != 0 + - name: Get list of options from manual page shell: >- set -o pipefail && man ssh_config \ diff --git a/tests/tests_custom_drop_in.yml b/tests/tests_custom_drop_in.yml index a240c815..16484ab1 100644 --- a/tests/tests_custom_drop_in.yml +++ b/tests/tests_custom_drop_in.yml @@ -10,7 +10,8 @@ - name: Skip if the system does not support drop in directory meta: end_host when: - - ansible_facts['distribution'] != 'Fedora' and + - ansible_facts['os_family'] != 'Suse' and + ansible_facts['distribution'] != 'Fedora' and not (ansible_facts['distribution'] in ['RedHat','CentOS'] and ansible_facts['distribution_version'] | int >= 8) and not (ansible_facts['distribution'] in ['Ubuntu'] and diff --git a/tests/tests_global_config_mode.yml b/tests/tests_global_config_mode.yml index f367d44f..a417c7eb 100644 --- a/tests/tests_global_config_mode.yml +++ b/tests/tests_global_config_mode.yml @@ -6,6 +6,10 @@ __ssh_test_backup_files: - /etc/ssh/ssh_config.d/00-ansible.conf - /etc/ssh/ssh_config + # SUSE Minimal VM images do not have the daemon user + __ssh_test_owner: >- + {{ 'nobody' if ansible_facts['os_family'] == 'Suse' + else 'daemon' }} tasks: - name: Backup configuration files @@ -19,8 +23,8 @@ Compression: true GSSAPIAuthentication: false # bad example - ssh_config_owner: daemon - ssh_config_group: daemon + ssh_config_owner: "{{ __ssh_test_owner }}" + ssh_config_group: "{{ __ssh_test_owner }}" ssh_config_mode: 600 - name: Verify the configuration file was created with right content @@ -46,8 +50,8 @@ assert: that: - config_mode.stat.exists - - config_mode.stat.gr_name == 'daemon' - - config_mode.stat.pw_name == 'daemon' + - config_mode.stat.gr_name == __ssh_test_owner + - config_mode.stat.pw_name == __ssh_test_owner - config_mode.stat.mode == '0600' - name: Restore configuration files diff --git a/tests/tests_global_drop_in.yml b/tests/tests_global_drop_in.yml index 70bd64e0..7fcd3a19 100644 --- a/tests/tests_global_drop_in.yml +++ b/tests/tests_global_drop_in.yml @@ -11,7 +11,8 @@ - name: Skip if the system does not support drop in directory meta: end_host when: - - ansible_facts['distribution'] != 'Fedora' and + - ansible_facts['os_family'] != 'Suse' and + ansible_facts['distribution'] != 'Fedora' and not (ansible_facts['distribution'] in ['RedHat','CentOS'] and ansible_facts['distribution_version'] | int >= 8) @@ -56,6 +57,12 @@ - "'Include' not in config.content | b64decode" - "'SendEnv' not in config.content | b64decode" + - name: Check if main configuration file exists + stat: + path: "/etc/ssh/ssh_config" + register: global_config_stat + when: global_config_stat.stat.exists + - name: Download the main configuration file too slurp: src: "/etc/ssh/ssh_config" @@ -69,6 +76,7 @@ - "'User somebody' not in content" vars: content: "{{ global_config.content | b64decode }}" + when: global_config_stat.stat.exists - name: Verify the file has default sensible permissions assert: diff --git a/tests/tests_global_drop_in_role.yml b/tests/tests_global_drop_in_role.yml index 8f653dcd..b6d51612 100644 --- a/tests/tests_global_drop_in_role.yml +++ b/tests/tests_global_drop_in_role.yml @@ -29,7 +29,8 @@ - name: Skip if the system does not support drop in directory meta: end_host when: - - ansible_facts['distribution'] != 'Fedora' and + - ansible_facts['os_family'] != 'Suse' and + ansible_facts['distribution'] != 'Fedora' and not (ansible_facts['distribution'] in ['RedHat','CentOS'] and ansible_facts['distribution_version'] | int >= 8) @@ -59,10 +60,16 @@ - "'Include' not in config.content | b64decode" - "'SendEnv' not in config.content | b64decode" + - name: Check if main configuration file exists + stat: + path: "/etc/ssh/ssh_config" + register: global_config_stat + - name: Download the main configuration file too slurp: src: "/etc/ssh/ssh_config" register: global_config + when: global_config_stat.stat.exists - name: Verify the options are NOT in the global configuration file assert: @@ -72,6 +79,7 @@ - "'User somebody' not in content" vars: content: "{{ global_config.content | b64decode }}" + when: global_config_stat.stat.exists - name: Verify the file has default sensible permissions assert: diff --git a/tests/tests_no_skip_defaults.yml b/tests/tests_no_skip_defaults.yml index f8cfd59c..a1a1ec76 100644 --- a/tests/tests_no_skip_defaults.yml +++ b/tests/tests_no_skip_defaults.yml @@ -9,7 +9,8 @@ __ssh_test_option: >- {% if ansible_facts['os_family'] in ['Ubuntu', 'Debian'] %} HashKnownHosts yes - {% elif ansible_facts['distribution'] == 'Fedora' or + {% elif ansible_facts['os_family'] == 'Suse' or + ansible_facts['distribution'] == 'Fedora' or (ansible_facts['distribution'] in ['RedHat', 'CentOS'] and ansible_facts['distribution_version'] | int >= 8) %} Include /etc/ssh/ssh_config.d/*.conf diff --git a/tests/tests_regenerate_defaults.yml b/tests/tests_regenerate_defaults.yml index cceae10d..bfbd4f04 100644 --- a/tests/tests_regenerate_defaults.yml +++ b/tests/tests_regenerate_defaults.yml @@ -13,6 +13,15 @@ - ansible_facts['distribution'] in ['CentOS', 'RedHat'] and ansible_facts['distribution_version'] | int < 7 + # SUSE uses /usr/etc/ssh/ssh_config as vendor config with settings + # beyond what __ssh_defaults provides (ForwardX11Trusted, SendEnv, + # etc). The role cannot regenerate the vendor config identically, + # and should use drop-in configs on SUSE instead. + - name: SUSE vendor config cannot be regenerated by the role + meta: end_host + when: + - ansible_facts['os_family'] == 'Suse' + - name: Backup configuration files include_tasks: tasks/backup.yml diff --git a/tests/tests_user_config.yml b/tests/tests_user_config.yml index 84040874..5c4ac4df 100644 --- a/tests/tests_user_config.yml +++ b/tests/tests_user_config.yml @@ -118,10 +118,16 @@ - ansible_facts['distribution'] not in ['CentOS', 'RedHat'] or ansible_facts['distribution_version'] | int > 6 + - name: Check if global configuration file exists + stat: + path: /etc/ssh/ssh_config + register: global_config_stat + - name: Download the global configuration files too slurp: src: /etc/ssh/ssh_config register: global_config + when: global_config_stat.stat.exists - name: Verify the options are NOT in the global configuration file assert: @@ -132,6 +138,7 @@ - "'User somebody' not in content" vars: content: "{{ global_config.content | b64decode }}" + when: global_config_stat.stat.exists - name: Restore configuration files include_tasks: tasks/restore.yml diff --git a/vars/SL-Micro.yml b/vars/Suse.yml similarity index 100% rename from vars/SL-Micro.yml rename to vars/Suse.yml From 57c7abfb8ecff08a9490818e175b60b9813e4309 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Tue, 17 Feb 2026 22:16:23 +0530 Subject: [PATCH 2/5] fix wrong when condition in stat task Signed-off-by: HVSharma12 --- tests/tests_global_drop_in.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_global_drop_in.yml b/tests/tests_global_drop_in.yml index 7fcd3a19..01f61383 100644 --- a/tests/tests_global_drop_in.yml +++ b/tests/tests_global_drop_in.yml @@ -61,12 +61,12 @@ stat: path: "/etc/ssh/ssh_config" register: global_config_stat - when: global_config_stat.stat.exists - name: Download the main configuration file too slurp: src: "/etc/ssh/ssh_config" register: global_config + when: global_config_stat.stat.exists - name: Verify the options are NOT in the global configuration file assert: From a9910329ca46da9d65f3d19c39c9544565000394 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Wed, 18 Feb 2026 01:48:44 +0530 Subject: [PATCH 3/5] add community.general to meta/collection-requirements.yml Signed-off-by: HVSharma12 --- meta/collection-requirements.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/collection-requirements.yml b/meta/collection-requirements.yml index 78f93d31..fd235bd7 100644 --- a/meta/collection-requirements.yml +++ b/meta/collection-requirements.yml @@ -2,3 +2,5 @@ --- collections: - name: ansible.posix + - name: community.general + version: ">=6.6.0,<12.0.0" From 91a6ceee75e4c8e736e2400d64a508e7f6553323 Mon Sep 17 00:00:00 2001 From: Harshvardhan Sharma Date: Wed, 18 Feb 2026 02:34:13 +0530 Subject: [PATCH 4/5] Update tests/tasks/setup.yml Co-authored-by: Jakub Jelen --- tests/tasks/setup.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml index 75a18a1a..7181c88f 100644 --- a/tests/tasks/setup.yml +++ b/tests/tasks/setup.yml @@ -41,8 +41,7 @@ main_ssh_config_name: 00-ansible.conf main_ssh_config_path: /etc/ssh/ssh_config.d/ when: - - ansible_facts['os_family'] == 'Suse' or - (ansible_facts['os_family'] == 'RedHat' + - ansible_facts['os_family'] in ['RedHat', 'Suse'] and ansible_facts['distribution_major_version'] | int >= 8) or (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20) From 045c6079c7aef1956d534add6493bde260d2be3d Mon Sep 17 00:00:00 2001 From: Harshvardhan Sharma Date: Wed, 18 Feb 2026 03:56:30 +0530 Subject: [PATCH 5/5] Update tests/tasks/setup.yml Co-authored-by: Richard Megginson --- tests/tasks/setup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml index 7181c88f..50140dff 100644 --- a/tests/tasks/setup.yml +++ b/tests/tasks/setup.yml @@ -41,7 +41,7 @@ main_ssh_config_name: 00-ansible.conf main_ssh_config_path: /etc/ssh/ssh_config.d/ when: - - ansible_facts['os_family'] in ['RedHat', 'Suse'] + - (ansible_facts['os_family'] in ['RedHat', 'Suse'] and ansible_facts['distribution_major_version'] | int >= 8) or (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)