Directly restart sshd after signing certs

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2026-05-11 18:36:53 +08:00 · 2017-10-08 22:17:24 +00:00
parent 73bd8b0db0
commit 0eac85dcb2
1 changed files with 11 additions and 0 deletions
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -183,6 +183,17 @@
  - sshd
  - base

+- name: Restart sshd in case we just signed a new certificate so it gets applied
+  service: name=sshd state=restarted
+  when: "certs_to_sign | length != 0"
+  tags:
+  - basessh
+  - sshd_cert
+  - sshd_config
+  - config
+  - sshd
+  - base
+
 - name: make sure there is no old ssh host key for the host still around
  local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
  ignore_errors: True