Garrett Honeycutt
commit
5e60d4eceb
105
README.md
105
README.md
@ -1,4 +1,4 @@
|
|||||||
# puppet-module-ssh #
|
# puppet-module-ssh
|
||||||
|
|
||||||
Manage ssh client and server.
|
Manage ssh client and server.
|
||||||
|
|
||||||
@ -6,7 +6,7 @@ The module uses exported resources to manage ssh keys and removes ssh keys that
|
|||||||
|
|
||||||
===
|
===
|
||||||
|
|
||||||
# Compatability #
|
# Compatability
|
||||||
|
|
||||||
This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3 and 2.0.0.
|
This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3 and 2.0.0.
|
||||||
|
|
||||||
@ -15,10 +15,15 @@ This module has been tested to work on the following systems with Puppet v3 and
|
|||||||
* EL 6
|
* EL 6
|
||||||
* SLES 11
|
* SLES 11
|
||||||
* Ubuntu 12.04 LTS
|
* Ubuntu 12.04 LTS
|
||||||
|
* Solaris 9
|
||||||
|
* Solaris 10
|
||||||
|
* Solaris 11
|
||||||
|
|
||||||
===
|
===
|
||||||
|
|
||||||
# Parameters #
|
# Parameters
|
||||||
|
A value of `'USE_DEFAULTS'` will use the defaults specified by the module.
|
||||||
|
|
||||||
|
|
||||||
hiera_merge
|
hiera_merge
|
||||||
-----------
|
-----------
|
||||||
@ -34,13 +39,13 @@ ssh_config_hash_known_hosts
|
|||||||
HashKnownHosts in ssh_config.
|
HashKnownHosts in ssh_config.
|
||||||
Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts.
|
Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts.
|
||||||
These hashed names may be used normally by ssh and sshd, but they do not reveal identifying
|
These hashed names may be used normally by ssh and sshd, but they do not reveal identifying
|
||||||
information should the file's contents be disclosed. The default is 'no'.
|
information should the file's contents be disclosed. The default is 'no' on Linux.
|
||||||
|
|
||||||
Note that existing names and addresses in known hosts files will not be converted automatically,
|
Note that existing names and addresses in known hosts files will not be converted automatically,
|
||||||
but may be manually hashed using ssh-keygen. Use of this option may break facilities such as
|
but may be manually hashed using ssh-keygen. Use of this option may break facilities such as
|
||||||
tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts.
|
tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts.
|
||||||
|
|
||||||
- *Default*: 'no'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
ssh_config_path
|
ssh_config_path
|
||||||
---------------
|
---------------
|
||||||
@ -86,10 +91,16 @@ ServerAliveInterval option in ssh_config. Not set by default.
|
|||||||
|
|
||||||
ssh_config_sendenv_xmodifiers
|
ssh_config_sendenv_xmodifiers
|
||||||
-----------------------
|
-----------------------
|
||||||
Boolean to set 'SendEnv XMODIFIERS' in ssh_config.
|
Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on Linux.
|
||||||
|
|
||||||
- *Default*: false
|
- *Default*: false
|
||||||
|
|
||||||
|
ssh_sendenv
|
||||||
|
-------------
|
||||||
|
Boolean to enable SendEnv options for specifying environment variables. Default is set to true on Linux.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
sshd_config_path
|
sshd_config_path
|
||||||
----------------
|
----------------
|
||||||
Path to sshd_config.
|
Path to sshd_config.
|
||||||
@ -110,15 +121,15 @@ sshd_config's group.
|
|||||||
|
|
||||||
sshd_config_mode
|
sshd_config_mode
|
||||||
---------------
|
---------------
|
||||||
sshd_config's mode.
|
sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris.
|
||||||
|
|
||||||
- *Default*: '0600'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
sshd_config_port
|
sshd_config_port
|
||||||
---------------------------
|
---------------------------
|
||||||
String to specify listen port for sshd. Port option in sshd_config.
|
String to specify listen port for sshd. Port option in sshd_config.
|
||||||
|
|
||||||
- *Default*: 22
|
- *Default*: '22'
|
||||||
|
|
||||||
sshd_config_syslog_facility
|
sshd_config_syslog_facility
|
||||||
---------------------------
|
---------------------------
|
||||||
@ -146,9 +157,9 @@ PrintMotd option in sshd_config.
|
|||||||
|
|
||||||
sshd_config_use_dns
|
sshd_config_use_dns
|
||||||
-------------------
|
-------------------
|
||||||
UseDNS option in sshd_config.
|
UseDNS option in sshd_config. The default is 'yes' on Linux.
|
||||||
|
|
||||||
- *Default*: 'yes'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
sshd_config_banner
|
sshd_config_banner
|
||||||
------------------
|
------------------
|
||||||
@ -184,35 +195,32 @@ sshd_config_xauth_location
|
|||||||
--------------------------
|
--------------------------
|
||||||
XAuthLocation option in sshd_config.
|
XAuthLocation option in sshd_config.
|
||||||
|
|
||||||
- *Default*: '/usr/bin/xauth'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
sshd_config_subsystem_sftp
|
sshd_config_subsystem_sftp
|
||||||
--------------------------
|
--------------------------
|
||||||
Path to sftp file transfer subsystem in sshd_config.
|
Path to sftp file transfer subsystem in sshd_config.
|
||||||
|
|
||||||
- *Default*: '/usr/libexec/openssh/sftp-server'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
|
||||||
sshd_password_authentication
|
sshd_password_authentication
|
||||||
-----------------------------
|
-----------------------------
|
||||||
PasswordAuthentication in sshd_config.
|
PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed.
|
||||||
Specifies whether password authentication is allowed.
|
|
||||||
|
|
||||||
- *Default*: 'yes'
|
- *Default*: 'yes'
|
||||||
|
|
||||||
sshd_allow_tcp_forwarding
|
sshd_allow_tcp_forwarding
|
||||||
-------------------------
|
-------------------------
|
||||||
AllowTcpForwarding in sshd_config.
|
AllowTcpForwarding in sshd_config. Specifies whether TCP forwarding is permitted.
|
||||||
Specifies whether TCP forwarding is permitted.
|
|
||||||
|
|
||||||
- *Default*: 'yes'
|
- *Default*: 'yes'
|
||||||
|
|
||||||
sshd_x11_forwarding
|
sshd_x11_forwarding
|
||||||
-------------------
|
-------------------
|
||||||
X11Forwarding in sshd_config.
|
X11Forwarding in sshd_config. Specifies whether X11 forwarding is permitted.
|
||||||
Specifies whether X11 forwarding is permitted.
|
|
||||||
|
|
||||||
- *Default*: 'no'
|
- *Default*: 'yes'
|
||||||
|
|
||||||
sshd_use_pam
|
sshd_use_pam
|
||||||
------------
|
------------
|
||||||
@ -220,8 +228,9 @@ UsePam in sshd_config.
|
|||||||
Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM
|
Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM
|
||||||
authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition
|
authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition
|
||||||
to PAM account and session module processing for all authentication types.
|
to PAM account and session module processing for all authentication types.
|
||||||
|
This module sets this option to 'yes' on Linux and undef on Solaris.
|
||||||
|
|
||||||
- *Default*: 'no'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
sshd_client_alive_interval
|
sshd_client_alive_interval
|
||||||
--------------------------
|
--------------------------
|
||||||
@ -251,6 +260,54 @@ Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-o
|
|||||||
|
|
||||||
- *Default*: yes
|
- *Default*: yes
|
||||||
|
|
||||||
|
ssh_config_forward_x11_trusted
|
||||||
|
------------------------------
|
||||||
|
ForwardX11Trusted. Determine remote X11 client access to the original X11 display. The option is set to 'yes' on Linux. Valid values are 'yes', 'no', and undef.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS' (Not valid on Solaris.)
|
||||||
|
|
||||||
|
ssh_package_source
|
||||||
|
------------------
|
||||||
|
Source to SSH packages.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
ssh_package_adminfile
|
||||||
|
---------------------
|
||||||
|
Path to admin file for SSH packages.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
sshd_gssapiauthentication
|
||||||
|
-------------------------
|
||||||
|
GSSAPIAuthentication: Enables/disables GSS-API user authentication. Valid values are 'yes' and 'no'.
|
||||||
|
|
||||||
|
- *Default*: 'yes'
|
||||||
|
|
||||||
|
sshd_gssapikeyexchange
|
||||||
|
----------------------
|
||||||
|
GSSAPIKeyExchange: Enables/disables GSS-API-authenticated key exchanges. Valid values are 'yes', 'no', and undef.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
sshd_pamauthenticationviakbdint
|
||||||
|
-------------------------------
|
||||||
|
PAMAuthenticationViaKBDInt: Use PAM via keyboard interactive method for authentication. Valid values are 'yes', 'no', and undef.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
sshd_gssapicleanupcredentials
|
||||||
|
-----------------------------
|
||||||
|
GSSAPICleanupCredentials: Specifies whether to automatically destroy the user's credentials on logout. Default is 'yes' on Linux. Valid values are 'yes', 'no', and undef.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
|
sshd_acceptenv
|
||||||
|
-------------
|
||||||
|
Boolean to enable AcceptEnv options for specifying environment variables. Default is set to true on Linux.
|
||||||
|
|
||||||
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
purge_keys
|
purge_keys
|
||||||
----------
|
----------
|
||||||
Remove keys not managed by puppet.
|
Remove keys not managed by puppet.
|
||||||
@ -259,7 +316,7 @@ Remove keys not managed by puppet.
|
|||||||
|
|
||||||
manage_firewall
|
manage_firewall
|
||||||
---------------
|
---------------
|
||||||
Open firewall for SSH service.
|
Open firewall for SSH service. Not used on Solaris.
|
||||||
|
|
||||||
- *Default*: false
|
- *Default*: false
|
||||||
|
|
||||||
@ -289,9 +346,9 @@ Specify that the init script has a restart command. Valid values are 'true' and
|
|||||||
|
|
||||||
service_hasstatus
|
service_hasstatus
|
||||||
-----------------
|
-----------------
|
||||||
Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false'
|
Boolean to declare whether the service's init script has a functional status command.
|
||||||
|
|
||||||
- *Default*: 'true'
|
- *Default*: 'USE_DEFAULTS'
|
||||||
|
|
||||||
ssh_key_ensure
|
ssh_key_ensure
|
||||||
--------------
|
--------------
|
||||||
|
|||||||
@ -8,56 +8,320 @@ class ssh (
|
|||||||
$permit_root_login = 'yes',
|
$permit_root_login = 'yes',
|
||||||
$purge_keys = 'true',
|
$purge_keys = 'true',
|
||||||
$manage_firewall = false,
|
$manage_firewall = false,
|
||||||
$ssh_config_hash_known_hosts = 'no',
|
$ssh_package_source = 'USE_DEFAULTS',
|
||||||
|
$ssh_package_adminfile = 'USE_DEFAULTS',
|
||||||
|
$ssh_config_hash_known_hosts = 'USE_DEFAULTS',
|
||||||
$ssh_config_path = '/etc/ssh/ssh_config',
|
$ssh_config_path = '/etc/ssh/ssh_config',
|
||||||
$ssh_config_owner = 'root',
|
$ssh_config_owner = 'root',
|
||||||
$ssh_config_group = 'root',
|
$ssh_config_group = 'root',
|
||||||
$ssh_config_mode = '0644',
|
$ssh_config_mode = '0644',
|
||||||
$ssh_config_forward_x11 = undef,
|
$ssh_config_forward_x11 = undef,
|
||||||
|
$ssh_config_forward_x11_trusted = 'USE_DEFAULTS',
|
||||||
$ssh_config_forward_agent = undef,
|
$ssh_config_forward_agent = undef,
|
||||||
$ssh_config_server_alive_interval = undef,
|
$ssh_config_server_alive_interval = undef,
|
||||||
$ssh_config_sendenv_xmodifiers = false,
|
$ssh_config_sendenv_xmodifiers = false,
|
||||||
|
$ssh_sendenv = 'USE_DEFAULTS',
|
||||||
$sshd_config_path = '/etc/ssh/sshd_config',
|
$sshd_config_path = '/etc/ssh/sshd_config',
|
||||||
$sshd_config_owner = 'root',
|
$sshd_config_owner = 'root',
|
||||||
$sshd_config_group = 'root',
|
$sshd_config_group = 'root',
|
||||||
$sshd_config_mode = '0600',
|
$sshd_config_mode = 'USE_DEFAULTS',
|
||||||
$sshd_config_port = '22',
|
$sshd_config_port = '22',
|
||||||
$sshd_config_syslog_facility = 'AUTH',
|
$sshd_config_syslog_facility = 'AUTH',
|
||||||
$sshd_config_login_grace_time = '120',
|
$sshd_config_login_grace_time = '120',
|
||||||
$sshd_config_challenge_resp_auth = 'yes',
|
$sshd_config_challenge_resp_auth = 'yes',
|
||||||
$sshd_config_print_motd = 'yes',
|
$sshd_config_print_motd = 'yes',
|
||||||
$sshd_config_use_dns = 'yes',
|
$sshd_config_use_dns = 'USE_DEFAULTS',
|
||||||
$sshd_config_banner = 'none',
|
$sshd_config_banner = 'none',
|
||||||
$sshd_banner_content = undef,
|
$sshd_banner_content = undef,
|
||||||
$sshd_banner_owner = 'root',
|
$sshd_banner_owner = 'root',
|
||||||
$sshd_banner_group = 'root',
|
$sshd_banner_group = 'root',
|
||||||
$sshd_banner_mode = '0644',
|
$sshd_banner_mode = '0644',
|
||||||
$sshd_config_xauth_location = '/usr/bin/xauth',
|
$sshd_config_xauth_location = 'USE_DEFAULTS',
|
||||||
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
|
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
|
||||||
|
$sshd_password_authentication = 'yes',
|
||||||
|
$sshd_allow_tcp_forwarding = 'yes',
|
||||||
|
$sshd_x11_forwarding = 'yes',
|
||||||
|
$sshd_use_pam = 'USE_DEFAULTS',
|
||||||
|
$sshd_client_alive_interval = '0',
|
||||||
|
$sshd_gssapiauthentication = 'yes',
|
||||||
|
$sshd_gssapikeyexchange = 'USE_DEFAULTS',
|
||||||
|
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
|
||||||
|
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
|
||||||
|
$sshd_acceptenv = 'USE_DEFAULTS',
|
||||||
$service_ensure = 'running',
|
$service_ensure = 'running',
|
||||||
$service_name = 'USE_DEFAULTS',
|
$service_name = 'USE_DEFAULTS',
|
||||||
$service_enable = 'true',
|
$service_enable = 'true',
|
||||||
$service_hasrestart = 'true',
|
$service_hasrestart = 'true',
|
||||||
$service_hasstatus = 'true',
|
$service_hasstatus = 'USE_DEFAULTS',
|
||||||
$ssh_key_ensure = 'present',
|
$ssh_key_ensure = 'present',
|
||||||
$ssh_key_type = 'ssh-rsa',
|
$ssh_key_type = 'ssh-rsa',
|
||||||
$keys = undef,
|
$keys = undef,
|
||||||
$manage_root_ssh_config = 'false',
|
$manage_root_ssh_config = 'false',
|
||||||
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
|
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
|
||||||
$sshd_password_authentication = 'yes',
|
|
||||||
$sshd_allow_tcp_forwarding = 'yes',
|
|
||||||
$sshd_x11_forwarding = 'yes',
|
|
||||||
$sshd_use_pam = 'yes',
|
|
||||||
$sshd_client_alive_interval = '0',
|
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
case $::osfamily {
|
||||||
|
'RedHat': {
|
||||||
|
$default_packages = ['openssh-server',
|
||||||
|
'openssh-clients']
|
||||||
|
$default_service_name = 'sshd'
|
||||||
|
$default_ssh_config_hash_known_hosts = 'no'
|
||||||
|
$default_ssh_config_forward_x11_trusted = 'yes'
|
||||||
|
$default_ssh_package_source = undef
|
||||||
|
$default_ssh_package_adminfile = undef
|
||||||
|
$default_ssh_sendenv = true
|
||||||
|
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
|
||||||
|
$default_sshd_config_mode = '0600'
|
||||||
|
$default_sshd_config_use_dns = 'yes'
|
||||||
|
$default_sshd_config_xauth_location = '/usr/bin/xauth'
|
||||||
|
$default_sshd_use_pam = 'yes'
|
||||||
|
$default_sshd_gssapikeyexchange = undef
|
||||||
|
$default_sshd_pamauthenticationviakbdint = undef
|
||||||
|
$default_sshd_gssapicleanupcredentials = 'yes'
|
||||||
|
$default_sshd_acceptenv = true
|
||||||
|
$default_service_hasstatus = true
|
||||||
|
}
|
||||||
|
'Suse': {
|
||||||
|
$default_packages = 'openssh'
|
||||||
|
$default_service_name = 'sshd'
|
||||||
|
$default_ssh_config_hash_known_hosts = 'no'
|
||||||
|
$default_ssh_package_source = undef
|
||||||
|
$default_ssh_package_adminfile = undef
|
||||||
|
$default_ssh_sendenv = true
|
||||||
|
$default_ssh_config_forward_x11_trusted = 'yes'
|
||||||
|
$default_sshd_config_mode = '0600'
|
||||||
|
$default_sshd_config_use_dns = 'yes'
|
||||||
|
$default_sshd_config_xauth_location = '/usr/bin/xauth'
|
||||||
|
$default_sshd_use_pam = 'yes'
|
||||||
|
$default_sshd_gssapikeyexchange = undef
|
||||||
|
$default_sshd_pamauthenticationviakbdint = undef
|
||||||
|
$default_sshd_gssapicleanupcredentials = 'yes'
|
||||||
|
$default_sshd_acceptenv = true
|
||||||
|
$default_service_hasstatus = true
|
||||||
|
case $::architecture {
|
||||||
|
'x86_64': {
|
||||||
|
$default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server'
|
||||||
|
}
|
||||||
|
'i386' : {
|
||||||
|
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail("ssh supports architectures x86_64 and i386 for Suse. Detected architecture is <${::architecture}>.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'Debian': {
|
||||||
|
$default_packages = ['openssh-server',
|
||||||
|
'openssh-client']
|
||||||
|
$default_service_name = 'ssh'
|
||||||
|
$default_ssh_config_forward_x11_trusted = 'yes'
|
||||||
|
$default_ssh_config_hash_known_hosts = 'no'
|
||||||
|
$default_ssh_package_source = undef
|
||||||
|
$default_ssh_package_adminfile = undef
|
||||||
|
$default_ssh_sendenv = true
|
||||||
|
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
|
||||||
|
$default_sshd_config_mode = '0600'
|
||||||
|
$default_sshd_config_use_dns = 'yes'
|
||||||
|
$default_sshd_config_xauth_location = '/usr/bin/xauth'
|
||||||
|
$default_sshd_use_pam = 'yes'
|
||||||
|
$default_sshd_gssapikeyexchange = undef
|
||||||
|
$default_sshd_pamauthenticationviakbdint = undef
|
||||||
|
$default_sshd_gssapicleanupcredentials = 'yes'
|
||||||
|
$default_sshd_acceptenv = true
|
||||||
|
$default_service_hasstatus = true
|
||||||
|
}
|
||||||
|
'Solaris': {
|
||||||
|
$default_packages = ['SUNWsshcu',
|
||||||
|
'SUNWsshdr',
|
||||||
|
'SUNWsshdu',
|
||||||
|
'SUNWsshr',
|
||||||
|
'SUNWsshu']
|
||||||
|
$default_ssh_config_hash_known_hosts = undef
|
||||||
|
$default_ssh_package_source = '/var/spool/pkg'
|
||||||
|
$default_ssh_package_adminfile = undef
|
||||||
|
$default_ssh_sendenv = false
|
||||||
|
$default_ssh_config_forward_x11_trusted = undef
|
||||||
|
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
|
||||||
|
$default_sshd_config_mode = '0644'
|
||||||
|
$default_sshd_config_use_dns = undef
|
||||||
|
$default_sshd_config_xauth_location = '/usr/openwin/bin/xauth'
|
||||||
|
$default_sshd_use_pam = undef
|
||||||
|
$default_sshd_gssapikeyexchange = 'yes'
|
||||||
|
$default_sshd_pamauthenticationviakbdint = 'yes'
|
||||||
|
$default_sshd_gssapicleanupcredentials = undef
|
||||||
|
$default_sshd_acceptenv = false
|
||||||
|
case $::kernelrelease {
|
||||||
|
'5.10','5.11': {
|
||||||
|
$default_service_name = 'ssh'
|
||||||
|
$default_service_hasstatus = true
|
||||||
|
}
|
||||||
|
'5.9' : {
|
||||||
|
$default_service_name = 'sshd'
|
||||||
|
$default_service_hasstatus = false
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail('ssh module supports Solaris kernel release 5.9, 5.10 and 5.11.')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail("ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is <${::osfamily}>.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $packages == 'USE_DEFAULTS' {
|
||||||
|
$packages_real = $default_packages
|
||||||
|
} else {
|
||||||
|
$packages_real = $packages
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_config_hash_known_hosts == 'USE_DEFAULTS' {
|
||||||
|
$ssh_config_hash_known_hosts_real = $default_ssh_config_hash_known_hosts
|
||||||
|
} else {
|
||||||
|
$ssh_config_hash_known_hosts_real = $ssh_config_hash_known_hosts
|
||||||
|
}
|
||||||
|
|
||||||
|
if $service_name == 'USE_DEFAULTS' {
|
||||||
|
$service_name_real = $default_service_name
|
||||||
|
} else {
|
||||||
|
$service_name_real = $service_name
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_config_subsystem_sftp == 'USE_DEFAULTS' {
|
||||||
|
$sshd_config_subsystem_sftp_real = $default_sshd_config_subsystem_sftp
|
||||||
|
} else {
|
||||||
|
$sshd_config_subsystem_sftp_real = $sshd_config_subsystem_sftp
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_config_mode == 'USE_DEFAULTS' {
|
||||||
|
$sshd_config_mode_real = $default_sshd_config_mode
|
||||||
|
} else {
|
||||||
|
$sshd_config_mode_real = $sshd_config_mode
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_config_xauth_location == 'USE_DEFAULTS' {
|
||||||
|
$sshd_config_xauth_location_real = $default_sshd_config_xauth_location
|
||||||
|
} else {
|
||||||
|
$sshd_config_xauth_location_real = $sshd_config_xauth_location
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_package_source == 'USE_DEFAULTS' {
|
||||||
|
$ssh_package_source_real = $default_ssh_package_source
|
||||||
|
} else {
|
||||||
|
$ssh_package_source_real = $ssh_package_source
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_package_adminfile == 'USE_DEFAULTS' {
|
||||||
|
$ssh_package_adminfile_real = $default_ssh_package_adminfile
|
||||||
|
} else {
|
||||||
|
$ssh_package_adminfile_real = $ssh_package_adminfile
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_package_adminfile_real != undef {
|
||||||
|
validate_absolute_path($ssh_package_adminfile_real)
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_config_use_dns == 'USE_DEFAULTS' {
|
||||||
|
$sshd_config_use_dns_real = $default_sshd_config_use_dns
|
||||||
|
} else {
|
||||||
|
$sshd_config_use_dns_real = $sshd_config_use_dns
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_use_pam == 'USE_DEFAULTS' {
|
||||||
|
$sshd_use_pam_real = $default_sshd_use_pam
|
||||||
|
} else {
|
||||||
|
$sshd_use_pam_real = $sshd_use_pam
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_config_forward_x11_trusted == 'USE_DEFAULTS' {
|
||||||
|
$ssh_config_forward_x11_trusted_real = $default_ssh_config_forward_x11_trusted
|
||||||
|
} else {
|
||||||
|
$ssh_config_forward_x11_trusted_real = $ssh_config_forward_x11_trusted
|
||||||
|
}
|
||||||
|
if $ssh_config_forward_x11_trusted_real != undef {
|
||||||
|
validate_re($ssh_config_forward_x11_trusted_real, '^(yes|no)$', "ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <${ssh_config_forward_x11_trusted_real}>.")
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_gssapikeyexchange == 'USE_DEFAULTS' {
|
||||||
|
$sshd_gssapikeyexchange_real = $default_sshd_gssapikeyexchange
|
||||||
|
} else {
|
||||||
|
$sshd_gssapikeyexchange_real = $sshd_gssapikeyexchange
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_pamauthenticationviakbdint == 'USE_DEFAULTS' {
|
||||||
|
$sshd_pamauthenticationviakbdint_real = $default_sshd_pamauthenticationviakbdint
|
||||||
|
} else {
|
||||||
|
$sshd_pamauthenticationviakbdint_real = $sshd_pamauthenticationviakbdint
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_gssapicleanupcredentials == 'USE_DEFAULTS' {
|
||||||
|
$sshd_gssapicleanupcredentials_real = $default_sshd_gssapicleanupcredentials
|
||||||
|
} else {
|
||||||
|
$sshd_gssapicleanupcredentials_real = $sshd_gssapicleanupcredentials
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssh_sendenv == 'USE_DEFAULTS' {
|
||||||
|
$ssh_sendenv_real = $default_ssh_sendenv
|
||||||
|
} else {
|
||||||
|
case type($ssh_sendenv) {
|
||||||
|
'string': {
|
||||||
|
validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.")
|
||||||
|
$ssh_sendenv_real = str2bool($ssh_sendenv)
|
||||||
|
}
|
||||||
|
'boolean': {
|
||||||
|
$ssh_sendenv_real = $ssh_sendenv
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail('ssh::ssh_sendenv type must be true or false.')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_acceptenv == 'USE_DEFAULTS' {
|
||||||
|
$sshd_acceptenv_real = $default_sshd_acceptenv
|
||||||
|
} else {
|
||||||
|
case type($sshd_acceptenv) {
|
||||||
|
'string': {
|
||||||
|
validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.")
|
||||||
|
$sshd_acceptenv_real = str2bool($sshd_acceptenv)
|
||||||
|
}
|
||||||
|
'boolean': {
|
||||||
|
$sshd_acceptenv_real = $sshd_acceptenv
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail('ssh::sshd_acceptenv type must be true or false.')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $service_hasstatus == 'USE_DEFAULTS' {
|
||||||
|
$service_hasstatus_real = $default_service_hasstatus
|
||||||
|
} else {
|
||||||
|
case type($service_hasstatus) {
|
||||||
|
'string': {
|
||||||
|
validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.")
|
||||||
|
$service_hasstatus_real = str2bool($service_hasstatus)
|
||||||
|
}
|
||||||
|
'boolean': {
|
||||||
|
$service_hasstatus_real = $service_hasstatus
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail('ssh::service_hasstatus must be true or false.')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# validate params
|
# validate params
|
||||||
validate_re($ssh_config_hash_known_hosts, '^(yes|no)$', "ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts}>.")
|
if $ssh_config_hash_known_hosts_real != undef {
|
||||||
|
validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.")
|
||||||
|
}
|
||||||
validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
|
validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
|
||||||
validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
|
validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
|
||||||
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
|
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
|
||||||
validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
|
validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
|
||||||
validate_re($sshd_use_pam, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam}>.")
|
if $sshd_use_pam_real != undef {
|
||||||
|
validate_re($sshd_use_pam_real, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam_real}>.")
|
||||||
|
}
|
||||||
if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
|
if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
|
||||||
|
|
||||||
if $sshd_config_banner != 'none' {
|
if $sshd_config_banner != 'none' {
|
||||||
@ -67,6 +331,20 @@ class ssh (
|
|||||||
fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.')
|
fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
validate_re($sshd_gssapiauthentication, '^(yes|no)$', "ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <${sshd_gssapiauthentication}>.")
|
||||||
|
|
||||||
|
if $sshd_gssapikeyexchange_real != undef {
|
||||||
|
validate_re($sshd_gssapikeyexchange_real, '^(yes|no)$', "ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <${sshd_gssapikeyexchange_real}>.")
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_pamauthenticationviakbdint_real != undef {
|
||||||
|
validate_re($sshd_pamauthenticationviakbdint_real, '^(yes|no)$', "ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <${sshd_pamauthenticationviakbdint_real}>.")
|
||||||
|
}
|
||||||
|
|
||||||
|
if $sshd_gssapicleanupcredentials_real != undef {
|
||||||
|
validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.")
|
||||||
|
}
|
||||||
|
|
||||||
case type($hiera_merge) {
|
case type($hiera_merge) {
|
||||||
'string': {
|
'string': {
|
||||||
validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
|
validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
|
||||||
@ -122,59 +400,10 @@ class ssh (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
case $::osfamily {
|
|
||||||
'RedHat': {
|
|
||||||
$default_packages = ['openssh-server',
|
|
||||||
'openssh-clients']
|
|
||||||
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
|
|
||||||
$default_service_name = 'sshd'
|
|
||||||
}
|
|
||||||
'Suse': {
|
|
||||||
$default_packages = 'openssh'
|
|
||||||
$default_service_name = 'sshd'
|
|
||||||
case $::architecture {
|
|
||||||
'x86_64': {
|
|
||||||
$default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server'
|
|
||||||
}
|
|
||||||
'i386' : {
|
|
||||||
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
fail("ssh supports architectures x86_64 and i386 for Suse. Detected architecture is <${::architecture}>.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'Debian': {
|
|
||||||
$default_packages = [ 'openssh-server',
|
|
||||||
'openssh-client']
|
|
||||||
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
|
|
||||||
$default_service_name = 'ssh'
|
|
||||||
}
|
|
||||||
default: {
|
|
||||||
fail("ssh supports osfamilies RedHat, Suse and Debian. Detected osfamily is <${::osfamily}>.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $packages == 'USE_DEFAULTS' {
|
|
||||||
$packages_real = $default_packages
|
|
||||||
} else {
|
|
||||||
$packages_real = $packages
|
|
||||||
}
|
|
||||||
|
|
||||||
if $service_name == 'USE_DEFAULTS' {
|
|
||||||
$service_name_real = $default_service_name
|
|
||||||
} else {
|
|
||||||
$service_name_real = $service_name
|
|
||||||
}
|
|
||||||
|
|
||||||
if $sshd_config_subsystem_sftp == 'USE_DEFAULTS' {
|
|
||||||
$sshd_config_subsystem_sftp_real = $default_sshd_config_subsystem_sftp
|
|
||||||
} else {
|
|
||||||
$sshd_config_subsystem_sftp_real = $sshd_config_subsystem_sftp
|
|
||||||
}
|
|
||||||
|
|
||||||
package { $packages_real:
|
package { $packages_real:
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
|
source => $ssh_package_source_real,
|
||||||
|
adminfile => $ssh_package_adminfile_real,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { 'ssh_config' :
|
file { 'ssh_config' :
|
||||||
@ -190,7 +419,7 @@ class ssh (
|
|||||||
file { 'sshd_config' :
|
file { 'sshd_config' :
|
||||||
ensure => file,
|
ensure => file,
|
||||||
path => $sshd_config_path,
|
path => $sshd_config_path,
|
||||||
mode => $sshd_config_mode,
|
mode => $sshd_config_mode_real,
|
||||||
owner => $sshd_config_owner,
|
owner => $sshd_config_owner,
|
||||||
group => $sshd_config_group,
|
group => $sshd_config_group,
|
||||||
content => template('ssh/sshd_config.erb'),
|
content => template('ssh/sshd_config.erb'),
|
||||||
@ -247,7 +476,7 @@ class ssh (
|
|||||||
name => $service_name_real,
|
name => $service_name_real,
|
||||||
enable => $service_enable,
|
enable => $service_enable,
|
||||||
hasrestart => $service_hasrestart,
|
hasrestart => $service_hasrestart,
|
||||||
hasstatus => $service_hasstatus,
|
hasstatus => $service_hasstatus_real,
|
||||||
subscribe => File['sshd_config'],
|
subscribe => File['sshd_config'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -264,7 +493,6 @@ class ssh (
|
|||||||
ensure => $ssh_key_ensure,
|
ensure => $ssh_key_ensure,
|
||||||
type => $ssh_key_type,
|
type => $ssh_key_type,
|
||||||
key => $key,
|
key => $key,
|
||||||
require => Package[$packages_real],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# import all nodes' ssh keys
|
# import all nodes' ssh keys
|
||||||
|
|||||||
@ -2,9 +2,8 @@ require 'spec_helper'
|
|||||||
describe 'ssh' do
|
describe 'ssh' do
|
||||||
|
|
||||||
context 'with default params on osfamily RedHat' do
|
context 'with default params on osfamily RedHat' do
|
||||||
let :facts do
|
let(:facts) do
|
||||||
{
|
{ :fqdn => 'monkey.example.com',
|
||||||
:fqdn => 'monkey.example.com',
|
|
||||||
:osfamily => 'RedHat',
|
:osfamily => 'RedHat',
|
||||||
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
}
|
}
|
||||||
@ -37,7 +36,9 @@ describe 'ssh' do
|
|||||||
|
|
||||||
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts no$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
|
||||||
|
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
@ -69,6 +70,12 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
|
||||||
|
|
||||||
it {
|
it {
|
||||||
should contain_service('sshd_service').with({
|
should contain_service('sshd_service').with({
|
||||||
@ -88,6 +95,290 @@ describe 'ssh' do
|
|||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with default params on osfamily Solaris kernelrelease 5.8' do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.8',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect {
|
||||||
|
should include_class('ssh')
|
||||||
|
}.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with default params on osfamily Solaris kernelrelease 5.11' do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should include_class('ssh')}
|
||||||
|
|
||||||
|
it { should_not include_class('common')}
|
||||||
|
|
||||||
|
|
||||||
|
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
|
||||||
|
it {
|
||||||
|
should contain_package(pkg).with({
|
||||||
|
'ensure' => 'installed',
|
||||||
|
'source' => '/var/spool/pkg',
|
||||||
|
'adminfile' => nil,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('ssh_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/ssh_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
|
||||||
|
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('sshd_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/sshd_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Banner none$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_service('sshd_service').with({
|
||||||
|
'ensure' => 'running',
|
||||||
|
'name' => 'ssh',
|
||||||
|
'enable' => 'true',
|
||||||
|
'hasrestart' => 'true',
|
||||||
|
'hasstatus' => 'true',
|
||||||
|
'subscribe' => 'File[sshd_config]',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_resources('sshkey').with({
|
||||||
|
'purge' => 'true',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with default params on osfamily Solaris kernelrelease 5.10' do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.10',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should include_class('ssh')}
|
||||||
|
|
||||||
|
it { should_not include_class('common')}
|
||||||
|
|
||||||
|
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
|
||||||
|
it {
|
||||||
|
should contain_package(pkg).with({
|
||||||
|
'ensure' => 'installed',
|
||||||
|
'source' => '/var/spool/pkg',
|
||||||
|
'adminfile' => nil,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('ssh_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/ssh_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
|
||||||
|
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('sshd_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/sshd_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Banner none$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_service('sshd_service').with({
|
||||||
|
'ensure' => 'running',
|
||||||
|
'name' => 'ssh',
|
||||||
|
'enable' => 'true',
|
||||||
|
'hasrestart' => 'true',
|
||||||
|
'hasstatus' => 'true',
|
||||||
|
'subscribe' => 'File[sshd_config]',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_resources('sshkey').with({
|
||||||
|
'purge' => 'true',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with default params on osfamily Solaris kernelrelease 5.9' do
|
||||||
|
let :facts do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.9',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should include_class('ssh')}
|
||||||
|
|
||||||
|
it { should_not include_class('common')}
|
||||||
|
|
||||||
|
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
|
||||||
|
it {
|
||||||
|
should contain_package(pkg).with({
|
||||||
|
'ensure' => 'installed',
|
||||||
|
'source' => '/var/spool/pkg',
|
||||||
|
'adminfile' => nil,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('ssh_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/ssh_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
|
||||||
|
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_file('sshd_config').with({
|
||||||
|
'ensure' => 'file',
|
||||||
|
'path' => '/etc/ssh/sshd_config',
|
||||||
|
'owner' => 'root',
|
||||||
|
'group' => 'root',
|
||||||
|
'mode' => '0644',
|
||||||
|
'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ],
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Banner none$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_service('sshd_service').with({
|
||||||
|
'ensure' => 'running',
|
||||||
|
'name' => 'sshd',
|
||||||
|
'enable' => 'true',
|
||||||
|
'hasrestart' => 'true',
|
||||||
|
'hasstatus' => 'false',
|
||||||
|
'subscribe' => 'File[sshd_config]',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_resources('sshkey').with({
|
||||||
|
'purge' => 'true',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
context 'with default params on osfamily Debian' do
|
context 'with default params on osfamily Debian' do
|
||||||
let :facts do
|
let :facts do
|
||||||
{
|
{
|
||||||
@ -123,7 +414,9 @@ describe 'ssh' do
|
|||||||
|
|
||||||
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts no$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
|
||||||
|
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
@ -155,6 +448,12 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
|
||||||
|
|
||||||
it {
|
it {
|
||||||
should contain_service('sshd_service').with({
|
should contain_service('sshd_service').with({
|
||||||
@ -209,7 +508,9 @@ describe 'ssh' do
|
|||||||
|
|
||||||
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts no$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
|
||||||
|
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
@ -241,6 +542,12 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
|
||||||
|
|
||||||
it {
|
it {
|
||||||
should contain_service('sshd_service').with({
|
should contain_service('sshd_service').with({
|
||||||
@ -295,7 +602,9 @@ describe 'ssh' do
|
|||||||
|
|
||||||
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts no$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
|
||||||
|
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
|
||||||
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
|
||||||
@ -327,6 +636,12 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
|
||||||
|
|
||||||
it {
|
it {
|
||||||
should contain_service('sshd_service').with({
|
should contain_service('sshd_service').with({
|
||||||
@ -362,7 +677,7 @@ describe 'ssh' do
|
|||||||
it 'should fail' do
|
it 'should fail' do
|
||||||
expect {
|
expect {
|
||||||
should contain_class('ssh')
|
should contain_class('ssh')
|
||||||
}.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse and Debian. Detected osfamily is <C64>\./)
|
}.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is <C64>\./)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -400,6 +715,7 @@ describe 'ssh' do
|
|||||||
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts yes$/) }
|
it { should contain_file('ssh_config').with_content(/^ HashKnownHosts yes$/) }
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ ForwardAgent yes$/) }
|
it { should contain_file('ssh_config').with_content(/^ ForwardAgent yes$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ ForwardX11 yes$/) }
|
it { should contain_file('ssh_config').with_content(/^ ForwardX11 yes$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^ ServerAliveInterval 300$/) }
|
it { should contain_file('ssh_config').with_content(/^ ServerAliveInterval 300$/) }
|
||||||
@ -463,6 +779,12 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding no$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding no$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM no$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM no$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 242$/) }
|
it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 242$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
|
||||||
|
|
||||||
it {
|
it {
|
||||||
should contain_file('sshd_banner').with({
|
should contain_file('sshd_banner').with({
|
||||||
@ -533,7 +855,7 @@ describe 'ssh' do
|
|||||||
it 'should fail' do
|
it 'should fail' do
|
||||||
expect {
|
expect {
|
||||||
should contain_class('ssh')
|
should contain_class('ssh')
|
||||||
}.to raise_error(Puppet::Error,/ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./)
|
}.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -672,16 +994,13 @@ describe 'ssh' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
context 'with sshd_config_banner set to invalid value on valid osfamily' do
|
context 'with sshd_config_banner set to invalid value on valid osfamily' do
|
||||||
let :facts do
|
let(:params) { { :sshd_config_banner => 'invalid/path' } }
|
||||||
{
|
let(:facts) do
|
||||||
:fqdn => 'monkey.example.com',
|
{ :fqdn => 'monkey.example.com',
|
||||||
:osfamily => 'RedHat',
|
:osfamily => 'RedHat',
|
||||||
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
let :params do
|
|
||||||
{ :sshd_config_banner => 'invalid/path' }
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should fail' do
|
it 'should fail' do
|
||||||
expect {
|
expect {
|
||||||
@ -691,18 +1010,13 @@ describe 'ssh' do
|
|||||||
end
|
end
|
||||||
|
|
||||||
context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
|
context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
|
||||||
|
let(:params) { { :sshd_banner_content => 'textinbanner' } }
|
||||||
let :facts do
|
let :facts do
|
||||||
{
|
{ :fqdn => 'monkey.example.com',
|
||||||
:fqdn => 'monkey.example.com',
|
|
||||||
:osfamily => 'RedHat',
|
:osfamily => 'RedHat',
|
||||||
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:sshd_banner_content => 'textinbanner'
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should fail' do
|
it 'should fail' do
|
||||||
expect {
|
expect {
|
||||||
@ -713,16 +1027,13 @@ describe 'ssh' do
|
|||||||
|
|
||||||
|
|
||||||
context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do
|
context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do
|
||||||
|
let(:params) { { :ssh_config_sendenv_xmodifiers => ['invalid','type'] } }
|
||||||
let :facts do
|
let :facts do
|
||||||
{
|
{ :fqdn => 'monkey.example.com',
|
||||||
:fqdn => 'monkey.example.com',
|
|
||||||
:osfamily => 'RedHat',
|
:osfamily => 'RedHat',
|
||||||
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
let :params do
|
|
||||||
{ :ssh_config_sendenv_xmodifiers => ['invalid','type'] }
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should fail' do
|
it 'should fail' do
|
||||||
expect {
|
expect {
|
||||||
@ -898,4 +1209,513 @@ describe 'ssh' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with ssh_package_adminfile parameter specified' do
|
||||||
|
context 'as a valid path' do
|
||||||
|
let(:params) { { :ssh_package_adminfile => '/var/tmp/admin' } }
|
||||||
|
let :facts do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
|
||||||
|
it {
|
||||||
|
should contain_package(pkg).with({
|
||||||
|
'ensure' => 'installed',
|
||||||
|
'source' => '/var/spool/pkg',
|
||||||
|
'adminfile' => '/var/tmp/admin',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid path' do
|
||||||
|
let(:params) { { :ssh_package_adminfile => 'invalid/path' } }
|
||||||
|
let :facts do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with sshd_config_xauth_location parameter specified' do
|
||||||
|
context 'as a valid path' do
|
||||||
|
let(:params) { { :sshd_config_xauth_location => '/opt/ssh/bin/xauth' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid path' do
|
||||||
|
let(:params) { { :sshd_config_xauth_location => 'invalid/path' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid type' do
|
||||||
|
let(:params) { { :sshd_config_xauth_location => true } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with ssh_package_source parameter specified' do
|
||||||
|
context 'as a valid path' do
|
||||||
|
let(:params) { { :ssh_package_source => '/mnt/packages' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
|
||||||
|
it {
|
||||||
|
should contain_package(pkg).with({
|
||||||
|
'ensure' => 'installed',
|
||||||
|
'source' => '/mnt/packages',
|
||||||
|
'adminfile' => nil,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid path' do
|
||||||
|
let(:params) { { :ssh_package_source => 'invalid/path' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid type' do
|
||||||
|
let(:params) { { :ssh_package_source => true } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter ssh_config_forward_x11_trusted' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :ssh_config_forward_x11_trusted => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'not specified' do
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true].each do |value|
|
||||||
|
context "specified an invalid value #{value}" do
|
||||||
|
let(:params) { { :ssh_config_forward_x11_trusted => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter sshd_gssapiauthentication' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapiauthentication => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true].each do |value|
|
||||||
|
context "specified an invalid value #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapiauthentication => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter sshd_gssapikeyexchange' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapikeyexchange => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'not specified' do
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true].each do |value|
|
||||||
|
context "specified an invalid value #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapikeyexchange => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter sshd_pamauthenticationviakbdint' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :sshd_pamauthenticationviakbdint => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'not specified' do
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true].each do |value|
|
||||||
|
context "specified an invalid value #{value}" do
|
||||||
|
let(:params) { { :sshd_pamauthenticationviakbdint => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter sshd_gssapicleanupcredentials' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapicleanupcredentials => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'not specified' do
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'Solaris',
|
||||||
|
:kernelrelease => '5.11',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true].each do |value|
|
||||||
|
context "specified an invalid value #{value}" do
|
||||||
|
let(:params) { { :sshd_gssapicleanupcredentials => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter ssh_sendenv specified' do
|
||||||
|
['true',true].each do |value|
|
||||||
|
context "as #{value}" do
|
||||||
|
let(:params) { { :ssh_sendenv => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*SendEnv/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
['false',false].each do |value|
|
||||||
|
context "as #{value}" do
|
||||||
|
let(:params) { { :ssh_sendenv => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid string' do
|
||||||
|
let(:params) { { :ssh_sendenv => 'invalid' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid type' do
|
||||||
|
let(:params) { { :ssh_sendenv => ['invalid','type'] } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter sshd_acceptenv specified' do
|
||||||
|
['true',true].each do |value|
|
||||||
|
context "as #{value}" do
|
||||||
|
let(:params) { { :sshd_acceptenv => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^\s*AcceptEnv/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
['false',false].each do |value|
|
||||||
|
context "as #{value}" do
|
||||||
|
let(:params) { { :sshd_acceptenv => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid string' do
|
||||||
|
let(:params) { { :sshd_acceptenv => 'invalid' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as an invalid type' do
|
||||||
|
let(:params) { { :sshd_acceptenv => ['invalid','type'] } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with parameter service_hasstatus' do
|
||||||
|
['true',true,'false',false].each do |value|
|
||||||
|
context "specified as #{value}" do
|
||||||
|
let(:params) { { :service_hasstatus => value } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it {
|
||||||
|
should contain_service('sshd_service').with({
|
||||||
|
'ensure' => 'running',
|
||||||
|
'name' => 'sshd',
|
||||||
|
'enable' => 'true',
|
||||||
|
'hasrestart' => 'true',
|
||||||
|
'hasstatus' => value,
|
||||||
|
'subscribe' => 'File[sshd_config]',
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'specified as an invalid string' do
|
||||||
|
let(:params) { { :service_hasstatus => 'invalid' } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be 'true' or 'false' and is set to <invalid>./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'specified as an invalid type' do
|
||||||
|
let(:params) { { :service_hasstatus => ['invalid','type'] } }
|
||||||
|
let(:facts) do
|
||||||
|
{ :fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be true or false./) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -45,13 +45,17 @@
|
|||||||
# TunnelDevice any:any
|
# TunnelDevice any:any
|
||||||
# PermitLocalCommand no
|
# PermitLocalCommand no
|
||||||
# HashKnownHosts no
|
# HashKnownHosts no
|
||||||
HashKnownHosts <%= @ssh_config_hash_known_hosts %>
|
<% if @ssh_config_hash_known_hosts_real != nil -%>
|
||||||
|
HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
|
||||||
|
<% end -%>
|
||||||
Host *
|
Host *
|
||||||
GSSAPIAuthentication yes
|
GSSAPIAuthentication yes
|
||||||
# If this option is set to yes then remote X11 clients will have full access
|
# If this option is set to yes then remote X11 clients will have full access
|
||||||
# to the original X11 display. As virtually no X11 client supports the untrusted
|
# to the original X11 display. As virtually no X11 client supports the untrusted
|
||||||
# mode correctly we set this to yes.
|
# mode correctly we set this to yes.
|
||||||
ForwardX11Trusted yes
|
<% if @ssh_config_forward_x11_trusted_real != nil -%>
|
||||||
|
ForwardX11Trusted <%= @ssh_config_forward_x11_trusted_real %>
|
||||||
|
<% end -%>
|
||||||
<% if @ssh_config_forward_agent != nil -%>
|
<% if @ssh_config_forward_agent != nil -%>
|
||||||
ForwardAgent <%= @ssh_config_forward_agent %>
|
ForwardAgent <%= @ssh_config_forward_agent %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
@ -61,6 +65,7 @@ Host *
|
|||||||
<% if @ssh_config_server_alive_interval != nil -%>
|
<% if @ssh_config_server_alive_interval != nil -%>
|
||||||
ServerAliveInterval <%= @ssh_config_server_alive_interval %>
|
ServerAliveInterval <%= @ssh_config_server_alive_interval %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% if @ssh_sendenv_real == true -%>
|
||||||
# Send locale-related environment variables
|
# Send locale-related environment variables
|
||||||
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||||
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||||
@ -68,3 +73,4 @@ Host *
|
|||||||
<% if @ssh_config_sendenv_xmodifiers_real == true -%>
|
<% if @ssh_config_sendenv_xmodifiers_real == true -%>
|
||||||
SendEnv XMODIFIERS
|
SendEnv XMODIFIERS
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% end -%>
|
||||||
|
|||||||
@ -24,7 +24,7 @@ Protocol 2
|
|||||||
# HostKey for protocol version 1
|
# HostKey for protocol version 1
|
||||||
#HostKey /etc/ssh/ssh_host_key
|
#HostKey /etc/ssh/ssh_host_key
|
||||||
# HostKeys for protocol version 2
|
# HostKeys for protocol version 2
|
||||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
#HostKey /etc/ssh/ssh_host_dsa_key
|
#HostKey /etc/ssh/ssh_host_dsa_key
|
||||||
|
|
||||||
# Lifetime and size of ephemeral version 1 server key
|
# Lifetime and size of ephemeral version 1 server key
|
||||||
@ -63,6 +63,14 @@ PermitRootLogin <%= @permit_root_login %>
|
|||||||
# To disable tunneled clear text passwords, change to no here!
|
# To disable tunneled clear text passwords, change to no here!
|
||||||
#PasswordAuthentication yes
|
#PasswordAuthentication yes
|
||||||
PasswordAuthentication <%= @sshd_password_authentication %>
|
PasswordAuthentication <%= @sshd_password_authentication %>
|
||||||
|
<% if @sshd_pamauthenticationviakbdint_real != nil -%>
|
||||||
|
# Use PAM via keyboard interactive method for authentication.
|
||||||
|
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
|
||||||
|
# passwords even when PasswordAuthentication is set to no. This is dependent
|
||||||
|
# on what the individual modules request and is out of the control of sshd
|
||||||
|
# or the protocol.
|
||||||
|
PAMAuthenticationViaKBDInt <%= @sshd_pamauthenticationviakbdint_real %>
|
||||||
|
<% end -%>
|
||||||
#PermitEmptyPasswords no
|
#PermitEmptyPasswords no
|
||||||
|
|
||||||
# Change to no to disable s/key passwords
|
# Change to no to disable s/key passwords
|
||||||
@ -77,10 +85,16 @@ ChallengeResponseAuthentication <%= @sshd_config_challenge_resp_auth %>
|
|||||||
|
|
||||||
# GSSAPI options
|
# GSSAPI options
|
||||||
#GSSAPIAuthentication no
|
#GSSAPIAuthentication no
|
||||||
GSSAPIAuthentication yes
|
GSSAPIAuthentication <%= @sshd_gssapiauthentication %>
|
||||||
|
<% if @sshd_gssapikeyexchange_real != nil -%>
|
||||||
|
GSSAPIKeyExchange <%= @sshd_gssapikeyexchange_real %>
|
||||||
|
<% end -%>
|
||||||
|
<% if @sshd_gssapicleanupcredentials_real != nil -%>
|
||||||
#GSSAPICleanupCredentials yes
|
#GSSAPICleanupCredentials yes
|
||||||
GSSAPICleanupCredentials yes
|
GSSAPICleanupCredentials <%= @sshd_gssapicleanupcredentials_real %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
<% if @sshd_use_pam_real != nil -%>
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
# be allowed through the ChallengeResponseAuthentication mechanism.
|
# be allowed through the ChallengeResponseAuthentication mechanism.
|
||||||
@ -90,12 +104,15 @@ GSSAPICleanupCredentials yes
|
|||||||
# session checks to run without PAM authentication, then enable this but set
|
# session checks to run without PAM authentication, then enable this but set
|
||||||
# ChallengeResponseAuthentication=no
|
# ChallengeResponseAuthentication=no
|
||||||
#UsePAM no
|
#UsePAM no
|
||||||
UsePAM <%= @sshd_use_pam %>
|
UsePAM <%= @sshd_use_pam_real %>
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
<% if @sshd_acceptenv_real == true -%>
|
||||||
# Accept locale-related environment variables
|
# Accept locale-related environment variables
|
||||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||||
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||||
AcceptEnv LC_IDENTIFICATION LC_ALL
|
AcceptEnv LC_IDENTIFICATION LC_ALL
|
||||||
|
<% end -%>
|
||||||
#AllowTcpForwarding yes
|
#AllowTcpForwarding yes
|
||||||
AllowTcpForwarding <%= @sshd_allow_tcp_forwarding %>
|
AllowTcpForwarding <%= @sshd_allow_tcp_forwarding %>
|
||||||
#GatewayPorts no
|
#GatewayPorts no
|
||||||
@ -115,8 +132,10 @@ PrintMotd <%= @sshd_config_print_motd %>
|
|||||||
ClientAliveInterval <%= @sshd_client_alive_interval %>
|
ClientAliveInterval <%= @sshd_client_alive_interval %>
|
||||||
#ClientAliveCountMax 3
|
#ClientAliveCountMax 3
|
||||||
#ShowPatchLevel no
|
#ShowPatchLevel no
|
||||||
|
<% if @sshd_config_use_dns_real != nil -%>
|
||||||
#UseDNS yes
|
#UseDNS yes
|
||||||
UseDNS <%= @sshd_config_use_dns %>
|
UseDNS <%= @sshd_config_use_dns_real %>
|
||||||
|
<% end -%>
|
||||||
#PidFile /var/run/sshd.pid
|
#PidFile /var/run/sshd.pid
|
||||||
#MaxStartups 10
|
#MaxStartups 10
|
||||||
#PermitTunnel no
|
#PermitTunnel no
|
||||||
@ -127,7 +146,7 @@ UseDNS <%= @sshd_config_use_dns %>
|
|||||||
Banner <%= @sshd_config_banner %>
|
Banner <%= @sshd_config_banner %>
|
||||||
|
|
||||||
#XAuthLocation /usr/bin/xauth
|
#XAuthLocation /usr/bin/xauth
|
||||||
XAuthLocation <%= @sshd_config_xauth_location %>
|
XAuthLocation <%= @sshd_config_xauth_location_real %>
|
||||||
|
|
||||||
# override default of no subsystems
|
# override default of no subsystems
|
||||||
Subsystem sftp <%= @sshd_config_subsystem_sftp_real %>
|
Subsystem sftp <%= @sshd_config_subsystem_sftp_real %>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user