report changed properly for "deactivate short moduli" task

This fixes the ansible-lint no-changed-when complaint and also allows to notify the reboot handler.
2024-12-01 22:20:15 +01:00 · 2024-12-01 22:20:15 +01:00 · e6d6d9eed0
commit e6d6d9eed0
parent e3a29c422a
1 changed files with 17 additions and 1 deletions
--- a/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
+++ b/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml
@ -17,4 +17,20 @@

    - name: deactivate short moduli
      ansible.builtin.shell:
-        cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+        executable: /bin/bash
+        cmd: |
+          set -eo pipefail
+
+          awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp
+          if diff /etc/ssh/moduli /etc/ssh/moduli.tmp; then
+            rm /etc/ssh/moduli.tmp
+          else
+            mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+            echo "ansible-changed: changed /etc/ssh/moduli"
+          fi
+      register: result
+      changed_when:
+        - '"ansible-changed" in result.stdout'
+      notify:
+        # Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
+        - reboot the system