puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add default SFTP subsystem for SLES12

Browse Source
This commit is contained in:
Phil Friderici 2015-10-07 15:02:00 +02:00
parent 260b9f3900
commit 45ef1ddbaa
4 changed files with 146 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -17,6 +17,7 @@ only), 1.9.3, 2.0.0 and 2.1.0.
* EL 6 * EL 6
* EL 7 * EL 7
* SLES 11 * SLES 11
* SLES 12
* Ubuntu 12.04 LTS * Ubuntu 12.04 LTS
* Solaris 9 * Solaris 9
* Solaris 10 * Solaris 10

4
manifests/init.pp
View File

@ -139,8 +139,12 @@ class ssh (
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
case $::architecture { case $::architecture {
'x86_64': { 'x86_64': {
if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) {
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
} else {
$default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server' $default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server'
} }
}
'i386' : { 'i386' : {
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server' $default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
} }

12
metadata.json
View File

@ -65,10 +65,18 @@
] ]
}, },
{ {
"operatingsystem": "SLES" "operatingsystem": "SLES",
"operatingsystemrelease": [
"11",
"12"
]
}, },
{ {
"operatingsystem": "SLED" "operatingsystem": "SLED",
"operatingsystemrelease": [
"11",
"12"
]
}, },
{ {
"operatingsystem": "Ubuntu", "operatingsystem": "Ubuntu",

130
spec/classes/init_spec.rb
View File

@ -771,6 +771,136 @@ describe 'ssh' do
} }
end end
context 'with default params on osfamily Suse/SLES architecture x86_64 operatingsystemrelease 12' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'Suse',
:operatingsystem => 'SLES',
:operatingsystemrelease => '12.1',
:architecture => 'x86_64',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should compile.with_all_deps }
it { should contain_class('ssh')}
it { should_not contain_class('common')}
it {
should contain_package('openssh').with({
'ensure' => 'installed',
})
}
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it {
should contain_file('ssh_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'require' => 'Package[openssh]',
})
}
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) }
it { should contain_file('ssh_config').without_content(/^\s*ForwardAgent$/) }
it { should contain_file('ssh_config').without_content(/^\s*ForwardX11$/) }
it { should contain_file('ssh_config').without_content(/^\s*ServerAliveInterval$/) }
it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
it {
should contain_file('sshd_config').with({
'ensure' => 'file',
'path' => '/etc/ssh/sshd_config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
'require' => 'Package[openssh]',
})
}
it { should contain_file('sshd_config').with_content(/^Port 22$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) }
it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) }
it { should contain_file('sshd_config').with_content(/^Banner none$/) }
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) }
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) }
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) }
it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should contain_file('sshd_config').without_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').without_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { should contain_file('sshd_config').without_content(/^AuthorizedKeysFile/) }
it { should contain_file('sshd_config').without_content(/^StrictModes/) }
it { should contain_file('sshd_config').without_content(/^MaxStartups/) }
it { should contain_file('sshd_config').without_content(/^MaxSessions/) }
it { should contain_file('sshd_config').without_content(/^\s*AuthorizedKeysCommand/) }
it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) }
it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) }
it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) }
it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) }
it { should contain_file('sshd_config').without_content(/^ForceCommand/) }
it { should contain_file('sshd_config').without_content(/^Match/) }
it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) }
it { should contain_file('sshd_config').without_content(/^\s*MACs/) }
it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) }
it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
it {
should contain_service('sshd_service').with({
'ensure' => 'running',
'name' => 'sshd',
'enable' => 'true',
'hasrestart' => 'true',
'hasstatus' => 'true',
'subscribe' => 'File[sshd_config]',
})
}
it {
should contain_resources('sshkey').with({
'purge' => 'true',
})
}
end
context 'with default params on osfamily Suse architecture i386' do context 'with default params on osfamily Suse architecture i386' do
let :facts do let :facts do
{ {