diff --git a/README.md b/README.md index 4f67661..6876f9e 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,12 @@ The module uses exported resources to manage ssh keys and removes ssh keys that # Compatability # -This module has been tested to work on the following systems. +This module has been tested to work on the following systems with Puppet v3. * EL 5 * EL 6 * SLES 11 + * Ubuntu 12.04 LTS === diff --git a/manifests/init.pp b/manifests/init.pp index 6e3e153..b7d3fbb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,6 +27,7 @@ class ssh ( $sshd_config_xauth_location = '/usr/bin/xauth', $sshd_config_subsystem_sftp = 'USE_DEFAULTS', $service_ensure = 'running', + $service_name = 'USE_DEFAULTS', $service_enable = 'true', $service_hasrestart = 'true', $service_hasstatus = 'true', @@ -72,32 +73,38 @@ class ssh ( $default_packages = ['openssh-server', 'openssh-clients'] $default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server' - $service_name = 'sshd' + $default_service_name = 'sshd' } 'Suse': { - $default_packages = 'openssh' - $service_name = 'sshd' + $default_packages = 'openssh' + $default_service_name = 'sshd' case $::architecture { 'x86_64': { $default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server' } 'i386' : { $default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server' - } - + } default: { fail("ssh supports architectures x86_64 and i386 for Suse. Detected architecture is <${::architecture}>.") } } } 'Debian': { - $default_packages = [ 'openssh-server', - 'openssh-client'] - $default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server' - $service_name = 'ssh' + case $::operatingsystem { + 'Ubuntu': { + $default_packages = [ 'openssh-server', + 'openssh-client'] + $default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server' + $default_service_name = 'ssh' + } + default: { + fail("ssh supports Debian variant Ubuntu. Your osfamily is <${::osfamily}> and operatingsystem is <${::operatingsystem}>.") + } + } } default: { - fail("ssh supports osfamilies RedHat, Suse and Debian/Ubuntu. Detected osfamily is <${::osfamily}>.") + fail("ssh supports osfamilies RedHat, Suse and Debian. Detected osfamily is <${::osfamily}>.") } } @@ -107,6 +114,12 @@ class ssh ( $packages_real = $packages } + if $service_name == 'USE_DEFAULTS' { + $service_name_real = $default_service_name + } else { + $service_name_real = $service_name + } + if $sshd_config_subsystem_sftp == 'USE_DEFAULTS' { $sshd_config_subsystem_sftp_real = $default_sshd_config_subsystem_sftp } else { @@ -173,7 +186,7 @@ class ssh ( service { 'sshd_service' : ensure => $service_ensure, - name => $service_name, + name => $service_name_real, enable => $service_enable, hasrestart => $service_hasrestart, hasstatus => $service_hasstatus, diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 07ff346..d1e6c4e 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -16,7 +16,7 @@ describe 'ssh' do it { should contain_package('ssh_packages').with({ 'ensure' => 'installed', - 'name' => ['openssh-server','openssh-server','openssh-clients'], + 'name' => ['openssh-server','openssh-clients'], }) } @@ -76,6 +76,99 @@ describe 'ssh' do } end + context 'with default params on osfamily Debian operatingsystem Debian' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + + it 'should fail' do + expect { + should include_class('ssh') + }.to raise_error(Puppet::Error,/ssh supports Debian variant Ubuntu. Your osfamily is and operatingsystem is ./) + end + end + + context 'with default params on osfamily Debian operatingsystem Ubuntu' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + it { should include_class('ssh')} + + it { should_not include_class('common')} + + it { + should contain_package('ssh_packages').with({ + 'ensure' => 'installed', + 'name' => ['openssh-server','openssh-client'], + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => 'Package[ssh_packages]', + }) + } + + it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } + + it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } + it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } + it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[ssh_packages]', + }) + } + + it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } + it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } + it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) } + it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/) } + it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } + it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } + it { should contain_file('sshd_config').with_content(/^Banner none$/) } + it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } + it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/openssh\/sftp-server$/) } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'ssh', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + end + context 'with optional params used in ssh_config set on osfamily RedHat' do let :facts do {