puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Align fixtures with defaults

Browse Source
This commit is contained in:
mergwyn 2020-07-06 20:08:07 +01:00
parent 2c12faac07
commit 7aa838a51d
6 changed files with 199 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
manifests/init.pp
View File

@ -110,6 +110,7 @@ class ssh (
$ssh_config_global_known_hosts_group = 'root',
$ssh_config_global_known_hosts_mode = '0644',
$ssh_config_user_known_hosts_file = undef,
Optional[Ssh::Include] $ssh_config_include = 'USE_DEFAULTS',
$config_entries = {},
$keys = undef,
$manage_root_ssh_config = false,
@ -122,6 +123,7 @@ class ssh (
$sshd_config_key_revocation_list = undef,
$sshd_config_authorized_principals_file = undef,
$sshd_config_allowagentforwarding = undef,
Optional[Ssh::Include] $sshd_config_include = 'USE_DEFAULTS',
) {
case $::osfamily {
@ -134,6 +136,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -153,6 +156,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'Suse': {
$default_packages = 'openssh'
@ -162,6 +166,7 @@ class ssh (
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = undef
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
$default_sshd_config_xauth_location = '/usr/bin/xauth'
@ -176,6 +181,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
case $::architecture {
'x86_64': {
if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) {
@ -212,6 +218,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -225,6 +232,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'18.04': {
$default_sshd_config_hostkey = [
@ -239,6 +247,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -252,32 +261,36 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'20.04': {
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
$default_ssh_config_hash_known_hosts = 'yes'
$default_sshd_config_xauth_location = undef
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_package_source = undef
$default_service_hasstatus = true
$default_ssh_package_adminfile = undef
$default_ssh_package_source = undef
$default_ssh_config_hash_known_hosts = 'yes'
$default_ssh_gssapiauthentication = 'yes'
$default_ssh_sendenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = '/etc/ssh/ssh_config.d/*.conf'
$default_sshd_acceptenv = true
$default_sshd_addressfamily = 'any'
#$default_sshd_config_challenge_resp_auth = 'no'
$default_sshd_config_hostkey = []
$default_sshd_config_mode = '0600'
$default_sshd_config_permittunnel = undef
$default_sshd_config_print_motd = 'no'
$default_sshd_config_serverkeybits = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_tcp_keepalive = undef
$default_sshd_config_use_dns = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_config_xauth_location = undef
$default_sshd_gssapiauthentication = 'yes'
$default_sshd_gssapicleanupcredentials = 'yes'
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes'
$default_sshd_acceptenv = true
$default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024'
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_x11_forwarding = 'yes'
$default_sshd_config_include = '/etc/ssh/sshd_config.d/*.conf'
}
/^10.*/: {
$default_sshd_config_hostkey = [
@ -288,6 +301,7 @@ class ssh (
$default_sshd_config_mode = '0600'
$default_sshd_use_pam = 'yes'
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = undef
$default_sshd_acceptenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_hash_known_hosts = 'yes'
@ -304,6 +318,7 @@ class ssh (
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_service_hasstatus = true
$default_sshd_config_include = undef
}
/^9.*/: {
$default_sshd_config_hostkey = [
@ -318,6 +333,7 @@ class ssh (
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_hash_known_hosts = 'yes'
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_addressfamily = undef
$default_sshd_config_serverkeybits = undef
$default_sshd_gssapicleanupcredentials = undef
@ -329,6 +345,7 @@ class ssh (
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_config_include = undef
$default_service_hasstatus = true
}
/^7.*/: {
@ -339,6 +356,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -352,6 +370,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
/^8.*/: {
@ -360,6 +379,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
@ -380,6 +400,7 @@ class ssh (
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_service_hasstatus = true
$default_sshd_config_include = undef
}
default: { fail ("Operating System : ${::operatingsystemrelease} not supported") }
}
@ -388,6 +409,7 @@ class ssh (
$default_ssh_config_hash_known_hosts = undef
$default_ssh_sendenv = false
$default_ssh_config_forward_x11_trusted = undef
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
$default_sshd_config_mode = '0644'
$default_sshd_config_use_dns = undef
@ -403,6 +425,7 @@ class ssh (
$default_sshd_addressfamily = undef
$default_sshd_config_tcp_keepalive = undef
$default_sshd_config_permittunnel = undef
$default_sshd_config_include = undef
case $::kernelrelease {
'5.11': {
$default_packages = ['network/ssh',
@ -568,6 +591,12 @@ class ssh (
$ssh_config_use_roaming_real = $ssh_config_use_roaming
}
if $ssh_config_include == 'USE_DEFAULTS' {
$ssh_config_include_real = $default_ssh_config_include
} else {
$ssh_config_include_real = $ssh_config_include
}
if $ssh_sendenv == 'USE_DEFAULTS' {
$ssh_sendenv_real = $default_ssh_sendenv
} else {
@ -637,6 +666,12 @@ class ssh (
$sshd_addressfamily_real = $sshd_addressfamily
}
if $sshd_config_include == 'USE_DEFAULTS' {
$sshd_config_include_real = $default_sshd_config_include
} else {
$sshd_config_include_real = $sshd_config_include
}
case $sshd_config_maxsessions {
'unset', undef: { $sshd_config_maxsessions_integer = undef }
default: { $sshd_config_maxsessions_integer = floor($sshd_config_maxsessions) }

2
spec/fixtures/ssh_config_ubuntu2004 vendored
View File

@ -20,6 +20,8 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Include /etc/ssh/ssh_config.d/*.conf
# Host *
# ForwardAgent no
# ForwardX11 no

9
spec/fixtures/sshd_config_ubuntu2004 vendored
View File

@ -13,6 +13,8 @@
# possible, but leave them commented. Uncommented options change a
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
Port 22
#Protocol 2,1
@ -25,15 +27,10 @@ AddressFamily any
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
@ -115,7 +112,6 @@ X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
@ -131,7 +127,6 @@ UseDNS yes
#MaxSessions 10
#PermitTunnel no
PermitTunnel no
#ChrootDirectory none
# no default banner path

10
templates/ssh_config.erb
View File

@ -20,6 +20,14 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
<% if defined?(@ssh_config_include_real) -%>
<% if @ssh_config_include_real.is_a? Array -%>
Include <%= @ssh_config_include_real.join(' ') %>
<% else -%>
Include <%= @ssh_config_include_real %>
<% end -%>
<% end -%>
# Host *
# ForwardAgent no
# ForwardX11 no
@ -75,7 +83,7 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
<% if @ssh_config_forward_x11_trusted_real != nil -%>
<% if defined?(@ssh_config_forward_x11_trusted_real) -%>
ForwardX11Trusted <%= @ssh_config_forward_x11_trusted_real %>
<% end -%>
<% if @ssh_config_forward_agent != nil -%>

10
templates/sshd_config.erb
View File

@ -13,13 +13,21 @@
# possible, but leave them commented. Uncommented options change a
# default value.
<% if defined?(@sshd_config_include_real) -%>
<% if @sshd_config_include_real.is_a? Array -%>
Include <%= @sshd_config_include_real.join(' ') %>
<% else -%>
Include <%= @sshd_config_include_real %>
<% end -%>
<% end -%>
#Port 22
<% @sshd_config_port_array.each do |p| -%>
<%= "Port #{p}" %>
<% end -%>
#Protocol 2,1
Protocol 2
<% if @sshd_addressfamily_real != nil -%>
<% if defined?(@sshd_addressfamily_real) -%>
#AddressFamily any
AddressFamily <%= @sshd_addressfamily_real %>
<% end -%>

5
types/include.pp Normal file
View File

@ -0,0 +1,5 @@
# config files to be includes
# @summary
# directory of array of directories to be included
#
type Ssh::Include = Variant[String[1],Array[String[1]]]