puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add ability to add more OS's and add spec tests

Browse Source
This commit is contained in:
Garrett Honeycutt 2013-10-15 12:43:09 -04:00
parent 144596197e
commit 1ac04501e0
5 changed files with 87 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Modulefile
View File

@ -1,5 +1,5 @@
name 'ghoneycutt-ssh'
version '2.0.1'
version '2.2.0'
source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
author 'ghoneycutt'
license 'Apache License, Version 2.0'

1
README.md
View File

@ -234,4 +234,3 @@ ssh::keys:
ensure: absent
user: root
</pre>

32
manifests/init.pp
View File

@ -16,9 +16,7 @@
# user: root
#
class ssh (
$packages = ['openssh-server',
'openssh-server',
'openssh-clients'],
$packages = 'USE_DEFAULTS',
$permit_root_login = 'no',
$purge_keys = 'true',
$manage_firewall = false,
@ -40,7 +38,7 @@ class ssh (
$sshd_config_use_dns = 'yes',
$sshd_config_banner = 'none',
$sshd_config_xauth_location = '/usr/bin/xauth',
$sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server',
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
$service_ensure = 'running',
$service_name = 'sshd',
$service_enable = 'true',
@ -83,9 +81,33 @@ class ssh (
}
}
case $::osfamily {
'RedHat': {
$default_packages = ['openssh-server',
'openssh-server',
'openssh-clients']
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
}
default: {
fail("ssh supports osfamily RedHat. Detected osfamily is <${::osfamily}>.")
}
}
if $packages == 'USE_DEFAULTS' {
$packages_real = $default_packages
} else {
$packages_real = $packages
}
if $sshd_config_subsystem_sftp == 'USE_DEFAULTS' {
$sshd_config_subsystem_sftp_real = $default_sshd_config_subsystem_sftp
} else {
$sshd_config_subsystem_sftp_real = $sshd_config_subsystem_sftp
}
package { 'ssh_packages':
ensure => installed,
name => $packages,
name => $packages_real,
}
file { 'ssh_config' :

169
spec/classes/init_spec.rb
View File

@ -1,10 +1,11 @@
require 'spec_helper'
describe 'ssh' do
context 'with default params' do
context 'with default params on osfamily RedHat' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
@ -45,10 +46,42 @@ describe 'ssh' do
})
}
it {
should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/)
}
it {
should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/)
}
it {
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
}
it {
should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/)
}
it {
should contain_file('sshd_config').with_content(/^PrintMotd yes$/)
}
it {
should contain_file('sshd_config').with_content(/^UseDNS yes$/)
}
it {
should contain_file('sshd_config').with_content(/^Banner none$/)
}
it {
should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/)
}
it {
should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/)
}
it {
should contain_service('sshd_service').with({
'ensure' => 'running',
@ -67,7 +100,7 @@ describe 'ssh' do
}
end
context 'with manage_root_ssh_config set to \'true\'' do
context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do
let :facts do
{
:fqdn => 'monkey.example.com',
@ -84,60 +117,6 @@ describe 'ssh' do
it { should include_class('common')}
it {
should contain_package('ssh_packages').with({
'ensure' => 'installed',
'name' => ['openssh-server','openssh-server','openssh-clients'],
})
}
it {
should contain_file('ssh_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'require' => 'Package[ssh_packages]',
})
}
it {
should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
}
it {
should contain_file('sshd_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/sshd_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
'require' => 'Package[ssh_packages]',
})
}
it {
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
}
it {
should contain_service('sshd_service').with({
'ensure' => 'running',
'name' => 'sshd',
'enable' => 'true',
'hasrestart' => 'true',
'hasstatus' => 'true',
'subscribe' => 'File[sshd_config]',
})
}
it {
should contain_resources('sshkey').with({
'purge' => 'true',
})
}
it {
should contain_file('root_ssh_dir').with({
'ensure' => 'directory',
@ -148,9 +127,19 @@ describe 'ssh' do
'require' => 'Common::Mkdir_p[/root/.ssh]',
})
}
it {
should contain_file('root_ssh_config').with({
'ensure' => 'file',
'path' => '/root/.ssh/config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
})
}
end
context 'with manage_root_ssh_config set to invalid value' do
context 'with manage_root_ssh_config set to invalid value on valid osfamily' do
let :facts do
{
:fqdn => 'monkey.example.com',
@ -170,10 +159,11 @@ describe 'ssh' do
end
end
context 'with manage_firewall set to true' do
context 'with manage_firewall set to true on valid osfamily' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
@ -185,60 +175,6 @@ describe 'ssh' do
it { should_not include_class('common')}
it {
should contain_package('ssh_packages').with({
'ensure' => 'installed',
'name' => ['openssh-server','openssh-server','openssh-clients'],
})
}
it {
should contain_file('ssh_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'require' => 'Package[ssh_packages]',
})
}
it {
should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
}
it {
should contain_file('sshd_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/sshd_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
'require' => 'Package[ssh_packages]',
})
}
it {
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
}
it {
should contain_service('sshd_service').with({
'ensure' => 'running',
'name' => 'sshd',
'enable' => 'true',
'hasrestart' => 'true',
'hasstatus' => 'true',
'subscribe' => 'File[sshd_config]',
})
}
it {
should contain_resources('sshkey').with({
'purge' => 'true',
})
}
it {
should contain_firewall('22 open port 22 for SSH').with({
'action' => 'accept',
@ -247,7 +183,11 @@ describe 'ssh' do
})
}
end
context 'with keys defined' do
context 'with keys defined on valid osfamily' do
let :facts do
{ :osfamily => 'RedHat' }
end
let(:params) { { :keys => {
'root_for_userX' => {
'ensure' => 'present',
@ -267,6 +207,9 @@ describe 'ssh' do
'type' => 'dsa',
'key' => 'AAAA==',
})
}
it {
should contain_ssh_authorized_key('root_for_userY').with({
'ensure' => 'absent',
'user' => 'root',

6
templates/sshd_config.erb
View File

@ -1,7 +1,7 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@ -46,7 +46,7 @@ PermitRootLogin <%= @permit_root_login %>
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
@ -126,4 +126,4 @@ Banner <%= @sshd_config_banner %>
XAuthLocation <%= @sshd_config_xauth_location %>
# override default of no subsystems
Subsystem sftp <%= @sshd_config_subsystem_sftp %>
Subsystem sftp <%= @sshd_config_subsystem_sftp_real %>