puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add sshd_listen parameter for ListenAddress

Browse Source
This commit is contained in:
Markus Frosch 2014-09-11 11:50:14 +02:00 committed by Markus Frosch
parent 4a05db8ff4
commit 445981f9af
3 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
manifests/init.pp
View File

@ -65,6 +65,7 @@ class ssh (
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS', $sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$sshd_acceptenv = 'USE_DEFAULTS', $sshd_acceptenv = 'USE_DEFAULTS',
$sshd_config_hostkey = 'USE_DEFAULTS', $sshd_config_hostkey = 'USE_DEFAULTS',
$sshd_listen = undef,
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = 'true', $service_enable = 'true',
@ -348,6 +349,10 @@ class ssh (
$sshd_config_hostkey_real = $sshd_config_hostkey $sshd_config_hostkey_real = $sshd_config_hostkey
} }
if $sshd_listen {
validate_array($sshd_listen)
}
if $service_hasstatus == 'USE_DEFAULTS' { if $service_hasstatus == 'USE_DEFAULTS' {
$service_hasstatus_real = $default_service_hasstatus $service_hasstatus_real = $default_service_hasstatus
} else { } else {

6
spec/classes/init_spec.rb
View File

@ -81,6 +81,7 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should contain_file('sshd_config').without_content(/^ListenAddress/) }
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
@ -882,6 +883,9 @@ describe 'ssh' do
:sshd_config_allowgroups => [ 'ssh', :sshd_config_allowgroups => [ 'ssh',
'security', 'security',
], ],
:sshd_listen => [ '192.168.1.1',
'2001:db8::dead:f00d',
],
} }
end end
@ -931,6 +935,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^\s*DenyGroups nossh wheel$/) } it { should contain_file('sshd_config').with_content(/^\s*DenyGroups nossh wheel$/) }
it { should contain_file('sshd_config').with_content(/^\s*AllowUsers foo bar$/) } it { should contain_file('sshd_config').with_content(/^\s*AllowUsers foo bar$/) }
it { should contain_file('sshd_config').with_content(/^\s*AllowGroups ssh security$/) } it { should contain_file('sshd_config').with_content(/^\s*AllowGroups ssh security$/) }
it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1$/) }
it { should contain_file('sshd_config').with_content(/^ListenAddress 2001:db8::dead:f00d$/) }
it { it {
should contain_file('sshd_banner').with({ should contain_file('sshd_banner').with({

7
templates/sshd_config.erb
View File

@ -18,8 +18,11 @@ Port <%= @sshd_config_port %>
#Protocol 2,1 #Protocol 2,1
Protocol 2 Protocol 2
#AddressFamily any #AddressFamily any
#ListenAddress 0.0.0.0 <% if @sshd_listen -%>
#ListenAddress :: <% @sshd_listen.each do |val| -%>
ListenAddress <%= val %>
<% end -%>
<% end -%>
# HostKey for protocol version 1 # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key #HostKey /etc/ssh/ssh_host_key