[sshd] Expose sshd version in Ansible facts

(cherry picked from commit f0e9a8d)
debops · Feb 7, 2023 · 6c053c1 · 6c053c1
1 parent 9974df8
commit 6c053c1
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -39,6 +39,12 @@ Added
   is present on the host, in which case it will attempt to update the
   certificates stored in the internal Proxmox certificate store.
 
+:ref:`debops.sshd` role
+'''''''''''''''''''''''
+
+- The :file:`sshd.fact` script now exposes the version number of installed
+  :command:`sshd` daemon via Ansible local facts.
+
 :ref:`debops.zabbix_agent` role
 '''''''''''''''''''''''''''''''
 

diff --git a/ansible/roles/sshd/defaults/main.yml b/ansible/roles/sshd/defaults/main.yml
@@ -53,6 +53,13 @@ sshd__ldap_packages: '{{ [ "ldap-utils" ]
 #
 # List of additional packages to install.
 sshd__packages: []
+
+                                                                   # ]]]
+# .. envvar:: sshd__version [[[
+#
+# The version of the currently installed :command:`sshd` daemon, exposed using
+# Ansible local facts.
+sshd__version: '{{ ansible_local.sshd.version | d("0.0") }}'
                                                                    # ]]]
                                                                    # ]]]
 # Host whitelists and allow lists [[[

diff --git a/ansible/roles/sshd/templates/etc/ansible/facts.d/sshd.fact.j2 b/ansible/roles/sshd/templates/etc/ansible/facts.d/sshd.fact.j2
@@ -38,6 +38,16 @@ output = {'configured': True,
 for item in sshd_facts:
     output.update({item['fact']: item['default']})
 
+try:
+    version_stdout = subprocess.check_output(
+            ["dpkg-query", "-W", "-f=${Version}",
+             "openssh-server"]).decode('utf-8').split('-')[0]
+    if version_stdout:
+        output['version'] = version_stdout.split(':')[1].split('p')[0]
+
+except Exception:
+    pass
+
 try:
     with open("/etc/ssh/sshd_config") as fd:
         for line in fd.readlines():