From 0eac85dcb27036d863fcbaf5d0351f982df2ed78 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sun, 8 Oct 2017 22:17:24 +0000
Subject: [PATCH] Directly restart sshd after signing certs

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/basessh/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index e1c14c3f33..0f685a4068 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -183,6 +183,17 @@
   - sshd
   - base
 
+- name: Restart sshd in case we just signed a new certificate so it gets applied
+  service: name=sshd state=restarted
+  when: "certs_to_sign | length != 0"
+  tags:
+  - basessh
+  - sshd_cert
+  - sshd_config
+  - config
+  - sshd
+  - base
+
 - name: make sure there is no old ssh host key for the host still around
   local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
   ignore_errors: True