Merge pull request #142 from ghoneycutt/sshd_addressfamily

Sshd addressfamily
This commit is contained in:
Garrett Honeycutt 2015-12-10 11:46:44 -05:00
commit 2b29ced114
4 changed files with 41 additions and 0 deletions

View File

@ -148,6 +148,12 @@ in ssh_config.
- *Default*: undef - *Default*: undef
sshd_addressfamily
----------------
Specifies the value of the AddressFamily setting in sshd_config. Valid values are 'any', 'inet' (IPv4 only), 'inet6' (IPv6 only) and undef. A value of undef will ensure that AddressFamily is not in the configuration.
- *Default*: 'any'
sshd_config_path sshd_config_path
---------------- ----------------
Path to sshd_config. Path to sshd_config.

View File

@ -79,6 +79,7 @@ class ssh (
$sshd_ignoreuserknownhosts = 'no', $sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes', $sshd_ignorerhosts = 'yes',
$manage_service = true, $manage_service = true,
$sshd_addressfamily = 'any',
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = true, $service_enable = true,
@ -768,4 +769,9 @@ class ssh (
validate_hash($keys_real) validate_hash($keys_real)
create_resources('ssh_authorized_key', $keys_real) create_resources('ssh_authorized_key', $keys_real)
} }
if $sshd_addressfamily != undef {
validate_re($sshd_addressfamily, '^(any|inet|inet6)$',
"ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to ${sshd_addressfamily}.")
}
} }

View File

@ -3414,4 +3414,30 @@ describe 'ssh' do
end end
end end
describe 'with parameter sshd_addressfamily' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
['any','inet','inet6'].each do |value|
context "set to a valid entry of #{value}" do
let(:params) { { :sshd_addressfamily => value } }
it { should contain_file('sshd_config').with_content(/^AddressFamily #{value}$/) }
end
end
['foo','bar',123].each do |value|
context "specified as invalid value #{value}" do
let(:params) { { :sshd_addressfamily => value } }
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to/)
end
end
end
end
end end

View File

@ -18,6 +18,9 @@ Port <%= @sshd_config_port %>
#Protocol 2,1 #Protocol 2,1
Protocol 2 Protocol 2
#AddressFamily any #AddressFamily any
<% if @sshd_addressfamily != nil -%>
AddressFamily <%= @sshd_addressfamily %>
<% end -%>
<% if @sshd_listen_address.class == Array -%> <% if @sshd_listen_address.class == Array -%>
<% @sshd_listen_address.each do |val| -%> <% @sshd_listen_address.each do |val| -%>
ListenAddress <%= val %> ListenAddress <%= val %>