Defaults hostblock ignored when non-default hostblock is used

Question

Defaults hostblock ignored when non-default hostblock is used

Closed this issue a year ago · 6 comments

The defaults host block is ignored when another host block is given.

Here is a playbook to reproduce the issue:

- name: Test
  hosts: rhel7
  gather_facts: false
  tasks:
    - name: Handle ssh_config for RHEL7
      ansible.builtin.import_role:
        name: fedora.linux_system_roles.ssh
      vars:
        ssh_config_file: '~/src/tests/ssh_config_test'
        ssh_skip_defaults: false
        ssh:
          Host:
            - Condition: '*.abc'
              PubkeyAuthentication: 'yes'

The output is the following:

#
# Ansible managed
#
# system_role:ssh

Host *.abc
  PubkeyAuthentication yes

while I would expect also the defaults to appear next to what I specify

#
# Ansible managed
#
# system_role:ssh

Host *
  ForwardX11Trusted yes
  GSSAPIAuthentication yes
  SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  SendEnv XMODIFIERS
Host *.abc
  PubkeyAuthentication yes

Answer 1 · 2023-04-27T07:03:49.000Z

The current workaround is to use

        ssh_Host:
          - Condition: '*.abc'
            PubkeyAuthentication: 'yes'

instead of

        ssh:
          Host:
            - Condition: '*.abc'
              PubkeyAuthentication: 'yes'

Answer 2 · 2023-06-15T08:54:14.000Z

The defaults are described in the documentation:

By default (auto), the role writes the system-wide configuration file /etc/ssh/ssh_config and keeps OS defaults defined there (true). This is automatically disabled, when a drop-in configuration file is created (ssh_drop_in_name!=null) or when per-user configuration file is created (ssh_user!=null).

https://github.com/linux-system-roles/ssh#ssh_skip_defaults

But it looks like it is missing some clarity in regards what happens if you generate configuration in completely custom path. I think this should be mentioned explicitly that it is also disabled with custom paths.

By adding ssh_skip_defaults: false should print the defaults for you too.

Answer 3 · 2023-06-29T08:20:40.000Z

I don't see how this solves the issue.

I still think that the playbook above should give the expected output as mentioned above.

Do you get the expected output?

Answer 4 · 2023-06-29T09:45:20.000Z

Sorry, my bad. This works ok on RHEL9, which has support for drop-in directory, but on RHEL7 without the drop-in directory. Let me have a better look into this.

Answer 5 · 2023-06-29T17:35:00.000Z

Seems like I can see the issue. The template is wrong in the way that if you define the Match block, it will not print the default one. Let me propose a fix for this. Fixed in #104. Can you give it a try?

Answer 6 · 2023-07-03T14:01:12.000Z

@Jakuje I tried and it looks good.