public-health-ch/ansible/roles/dev-sec.ssh-hardening/tests/default.yml

---
- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
  hosts: localhost
  pre_tasks:
    - name: use python3
      set_fact:
        ansible_python_interpreter: /usr/bin/python3
      when: ansible_facts.distribution == 'Fedora'

    - package: name="{{ packages }}" state=present
      vars:
        packages:
          - openssh-clients
          - openssh-server
          - libselinux-python
      ignore_errors: true
    - apt: name="{{packages}}" state=present update_cache=true
      vars:
        packages:
          - "openssh-client"
          - "openssh-server"
      ignore_errors: true
    - file: path="/var/run/sshd" state=directory
    - name: create ssh host keys
      command: "ssh-keygen -A"
      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or 
            ansible_facts.distribution == "Fedora" or
            ansible_facts.distribution == "Amazon"

  roles:
    - ansible-ssh-hardening