Restart the service when needed

Some changes, such as sysconfig change, requires the service to be restarted. Fixes: #302 Signed-off-by: Jakub Jelen <[email protected]>
willshersystems · Dec 19, 2024 · fcb09cc · fcb09cc
1 parent 426469d
commit fcb09cc
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -96,6 +96,14 @@ changed configuration. Defaults to the same value as `sshd_manage_service`.
 (Except on AIX, where `sshd_manage_service` is default *false*, but
 `sshd_allow_reload` is default *true*)
 
+#### sshd_allow_restart
+
+Some changes, for example of the sysconfig and environment files require the full
+restart of the service. If set to *false*, a restart of sshd won't happen on these
+changes. This can help with troubleshooting. You'll need to manually restart sshd
+if you want to apply the changed configuration. Defaults to the same value as
+`sshd_manage_service`.
+
 #### sshd_install_service
 
 If set to *true*, the role will install service files for the ssh service.

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -13,6 +13,9 @@ sshd_manage_service: true
 # If the below is false, don't reload the ssh daemon on change
 sshd_allow_reload: true
 
+# If the below is false, don't restart the ssh daemon on change that requires restart
+sshd_allow_restart: true
+
 # If the below is true, also install service files from the templates pointed
 # to by the `sshd_service_template_*` variables
 sshd_install_service: false

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -12,6 +12,18 @@
     - ansible_facts['os_family'] != 'OpenWrt'
   listen: Reload_sshd
 
+- name: Restart the SSH service
+  ansible.builtin.service:
+    name: "{{ sshd_service }}"
+    state: restarted
+  when:
+    - sshd_allow_restart|bool
+    - ansible_facts['virtualization_type'] | default(None) not in __sshd_skip_virt_env
+    - ansible_connection != 'chroot'
+    - ansible_facts['os_family'] != 'AIX'
+    - ansible_facts['os_family'] != 'OpenWrt'
+  listen: Restart_sshd
+
 # sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
 # It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
 # Instead, use a dirty shell script:

diff --git a/tasks/install.yml b/tasks/install.yml
@@ -25,7 +25,7 @@
   when:
     - sshd_sysconfig | bool
     - __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy
-  notify: Reload_sshd
+  notify: Restart_sshd
 
 - name: Check FIPS mode
   ansible.builtin.include_tasks: check_fips.yml

diff --git a/vars/AIX.yml b/vars/AIX.yml
@@ -12,3 +12,4 @@ __sshd_os_supported: true
 sshd_install_service: false
 sshd_manage_service: false
 sshd_allow_reload: true
+sshd_allow_restart: false