I am creating an ansible rolke for configure ssh security on servers, following the documentation. Here is my YAML configuration file:
---
- name: Enable SSH security
hosts: webservers
tasks:
- name: Ensure SSH is installed
apt:
name: openssh-server
state: present
- name: Configure SSH to disable password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication'
line: 'PasswordAuthentication no'
notify: Restart SSH
- name: Ensure public key authentication is enabled
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
notify: Restart SSH
- name: Disable root SSH access
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin no'
notify: Restart SSH
handlers:
- name: Restart SSH
service:
name: ssh
state: restarted
It seem correct and well formatted, however when I run the playbook, I get this error:
SSH password:
BECOME password[defaults to SSH password]:
ERROR! conflicting action statements: hosts, tasks
The error appears to be in '/<full path>/Hetzner/roles/ssh_security/tasks/main.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: Enable SSH security
^ here
The Pycharm IDE yaml parser does not accuse this error. What could be wrong in this configuration?
you are mixing up playbook and role syntax. You use the playbook structure inside roles tasks.
Use this a main playbook:
and
/<full path>/Hetzner/roles/ssh_security/tasks/main.ymllike so:put handler under
/<full path>/Hetzner/roles/ssh_security/handlers/main.yml