pmhahn
commented
3 years ago This is not a UCS bug, but basic Ansible knowledge: Ansible scripts are YAML files, which have their own syntax for boolean values:
Any string matching the following values
y|Y|yes|Yes|YES|n|N|no|No|NO |true|True|TRUE|false|False|FALSE |on|On|ON|off|Off|OFF
are parsed as boolean and converted to True and False before Ansible or any Ansible module like ucr has a chance to see the original value.
You must quote these strings in your initial YAML file to prevent this, e.g.
name: set ucr variables valid for all UCS Servers
tags: ucrvars
univention_config_registry:
keys:
sshd/permitroot: "no"
I used to set some ucr variables with the ansible module in the form
name: set ucr variables valid for all UCS Servers tags: ucrvars univention_config_registry: keys: sshd/permitroot: no ...
Setting the variable for a target host
sshd/permitroot: no
does set the variable to "False", instead of "no". That leads to unsupported option error in sshd, when restarting sshd.
Jul 19 08:52:23 groupware sshd[846]: /etc/ssh/sshd_config line 40: unsupported option "False". Jul 19 08:52:23 groupware systemd[1]: ssh.service: Control process exited, code=exited status=255 Jul 19 08:52:23 groupware systemd[1]: ssh.service: Unit entered failed state. Jul 19 08:52:23 groupware systemd[1]: ssh.service: Failed with result 'exit-code'. Jul 19 08:52:23 groupware systemd[1]: ssh.service: Service hold-off time over, scheduling restart.