From 45ef1ddbaabb2463f792ec9fb72af54b8be0b892 Mon Sep 17 00:00:00 2001 From: Phil Friderici Date: Wed, 7 Oct 2015 15:02:00 +0200 Subject: [PATCH] add default SFTP subsystem for SLES12 --- README.md | 1 + manifests/init.pp | 6 +- metadata.json | 12 +++- spec/classes/init_spec.rb | 130 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 146 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c1a2ba7..d45b6e3 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ only), 1.9.3, 2.0.0 and 2.1.0. * EL 6 * EL 7 * SLES 11 + * SLES 12 * Ubuntu 12.04 LTS * Solaris 9 * Solaris 10 diff --git a/manifests/init.pp b/manifests/init.pp index 79f4acc..0e11109 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -139,7 +139,11 @@ class ssh ( $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] case $::architecture { 'x86_64': { - $default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server' + if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) { + $default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server' + } else { + $default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server' + } } 'i386' : { $default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server' diff --git a/metadata.json b/metadata.json index bd8e964..dff645e 100644 --- a/metadata.json +++ b/metadata.json @@ -65,10 +65,18 @@ ] }, { - "operatingsystem": "SLES" + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11", + "12" + ] }, { - "operatingsystem": "SLED" + "operatingsystem": "SLED", + "operatingsystemrelease": [ + "11", + "12" + ] }, { "operatingsystem": "Ubuntu", diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index b90ebb6..dc58e74 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -771,6 +771,136 @@ describe 'ssh' do } end + context 'with default params on osfamily Suse/SLES architecture x86_64 operatingsystemrelease 12' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'Suse', + :operatingsystem => 'SLES', + :operatingsystemrelease => '12.1', + :architecture => 'x86_64', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh')} + + it { should_not contain_class('common')} + + it { + should contain_package('openssh').with({ + 'ensure' => 'installed', + }) + } + + it { + should contain_file('ssh_known_hosts').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_known_hosts', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => 'Package[openssh]', + }) + } + + it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } + it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } + it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } + it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } + it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } + it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } + + it { should contain_file('ssh_config').without_content(/^\s*ForwardAgent$/) } + it { should contain_file('ssh_config').without_content(/^\s*ForwardX11$/) } + it { should contain_file('ssh_config').without_content(/^\s*ServerAliveInterval$/) } + it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } + it { should contain_file('ssh_config').without_content(/^\s*MACs/) } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[openssh]', + }) + } + + it { should contain_file('sshd_config').with_content(/^Port 22$/) } + it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } + it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } + it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } + it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } + it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } + it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } + it { should contain_file('sshd_config').with_content(/^Banner none$/) } + it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } + it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } + it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } + it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } + it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } + it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } + it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } + it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } + it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } + it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } + it { should contain_file('sshd_config').without_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } + it { should contain_file('sshd_config').without_content(/^\s*GSSAPIKeyExchange yes$/) } + it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } + it { should contain_file('sshd_config').without_content(/^AuthorizedKeysFile/) } + it { should contain_file('sshd_config').without_content(/^StrictModes/) } + it { should contain_file('sshd_config').without_content(/^MaxStartups/) } + it { should contain_file('sshd_config').without_content(/^MaxSessions/) } + it { should contain_file('sshd_config').without_content(/^\s*AuthorizedKeysCommand/) } + it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } + it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } + it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } + it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } + it { should contain_file('sshd_config').without_content(/^ForceCommand/) } + it { should contain_file('sshd_config').without_content(/^Match/) } + it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } + it { should contain_file('sshd_config').without_content(/^\s*MACs/) } + it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } + it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } + it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } + it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } + it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'sshd', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + end + context 'with default params on osfamily Suse architecture i386' do let :facts do {