Always search for ssh keys

This patch ensures that a list of public/private ssh keys is always generated. Closes-Bug: 1731049 Change-Id: Ibc6eecafe96b97107e14ae3d0f92c4ad6018228c
2017-11-08 14:44:13 -06:00 · 2017-11-08 14:44:13 -06:00 · bb9de60355
commit bb9de60355
parent 79b3d25070
1 changed files with 7 additions and 1 deletions
--- a/tasks/rhel7stig/sshd.yml
+++ b/tasks/rhel7stig/sshd.yml
@ -75,6 +75,9 @@
  # The shell command will always report 'changed' so we need to
  # ignore that since this role is supposed to be idempotent.
  changed_when: false
+  check_mode: no
+  tags:
+    - always

 - name: Public host key files must have mode 0644 or less
  file:
@ -90,9 +93,12 @@
 - name: Determine existing private ssh host keys
  shell: ls /etc/ssh/*_key
  register: private_ssh_host_keys
-  # The sheel command will always report 'changed' so we need to
+  # The shell command will always report 'changed' so we need to
  # ignore that since this role is supposed to be idempotent
  changed_when: false
+  check_mode: no
+  tags:
+    - always

 - name: Private host key files must have mode 0600 or less
  file: