puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #101 from ghoneycutt/known_hosts

Browse Source 
Known hosts
This commit is contained in:
Garrett Honeycutt 2014-11-16 17:31:56 -08:00
commit a9d1b75867
4 changed files with 411 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -503,6 +503,30 @@ Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-r
- *Default*: 'ssh-rsa' - *Default*: 'ssh-rsa'
ssh_config_global_known_hosts_file
----------------------------------
File of the global known_hosts file
- *Default*: '/etc/ssh/ssh_known_hosts'
ssh_config_global_known_hosts_owner
----------------------------------
Owner of the global known_hosts file
- *Default*: 'root'
ssh_config_global_known_hosts_group
----------------------------------
Group of the global known_hosts file
- *Default*: 'root'
ssh_config_global_known_hosts_mode
----------------------------------
File mode of the global known_hosts file
- *Default*: '0644'
manage_root_ssh_config manage_root_ssh_config
---------------------- ----------------------
Manage SSH config of root. Valid values are 'true' and 'false'. Manage SSH config of root. Valid values are 'true' and 'false'.

177
manifests/init.pp
View File

@ -3,82 +3,86 @@
# Manage ssh client and server # Manage ssh client and server
# #
class ssh ( class ssh (
$hiera_merge = false, $hiera_merge = false,
$packages = 'USE_DEFAULTS', $packages = 'USE_DEFAULTS',
$permit_root_login = 'yes', $permit_root_login = 'yes',
$purge_keys = 'true', $purge_keys = 'true',
$manage_firewall = false, $manage_firewall = false,
$ssh_package_source = 'USE_DEFAULTS', $ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS', $ssh_package_adminfile = 'USE_DEFAULTS',
$ssh_config_hash_known_hosts = 'USE_DEFAULTS', $ssh_config_hash_known_hosts = 'USE_DEFAULTS',
$ssh_config_path = '/etc/ssh/ssh_config', $ssh_config_path = '/etc/ssh/ssh_config',
$ssh_config_owner = 'root', $ssh_config_owner = 'root',
$ssh_config_group = 'root', $ssh_config_group = 'root',
$ssh_config_mode = '0644', $ssh_config_mode = '0644',
$ssh_config_forward_x11 = undef, $ssh_config_forward_x11 = undef,
$ssh_config_forward_x11_trusted = 'USE_DEFAULTS', $ssh_config_forward_x11_trusted = 'USE_DEFAULTS',
$ssh_config_forward_agent = undef, $ssh_config_forward_agent = undef,
$ssh_config_server_alive_interval = undef, $ssh_config_server_alive_interval = undef,
$ssh_config_sendenv_xmodifiers = false, $ssh_config_sendenv_xmodifiers = false,
$ssh_config_ciphers = undef, $ssh_config_ciphers = undef,
$ssh_config_macs = undef, $ssh_config_macs = undef,
$ssh_config_template = 'ssh/ssh_config.erb', $ssh_config_template = 'ssh/ssh_config.erb',
$ssh_sendenv = 'USE_DEFAULTS', $ssh_sendenv = 'USE_DEFAULTS',
$ssh_gssapidelegatecredentials = undef, $ssh_gssapidelegatecredentials = undef,
$sshd_config_path = '/etc/ssh/sshd_config', $sshd_config_path = '/etc/ssh/sshd_config',
$sshd_config_owner = 'root', $sshd_config_owner = 'root',
$sshd_config_group = 'root', $sshd_config_group = 'root',
$sshd_config_loglevel = 'INFO', $sshd_config_loglevel = 'INFO',
$sshd_config_mode = 'USE_DEFAULTS', $sshd_config_mode = 'USE_DEFAULTS',
$sshd_config_port = '22', $sshd_config_port = '22',
$sshd_config_syslog_facility = 'AUTH', $sshd_config_syslog_facility = 'AUTH',
$sshd_config_template = 'ssh/sshd_config.erb', $sshd_config_template = 'ssh/sshd_config.erb',
$sshd_config_login_grace_time = '120', $sshd_config_login_grace_time = '120',
$sshd_config_challenge_resp_auth = 'yes', $sshd_config_challenge_resp_auth = 'yes',
$sshd_config_print_motd = 'yes', $sshd_config_print_motd = 'yes',
$sshd_config_use_dns = 'USE_DEFAULTS', $sshd_config_use_dns = 'USE_DEFAULTS',
$sshd_config_authkey_location = undef, $sshd_config_authkey_location = undef,
$sshd_config_strictmodes = undef, $sshd_config_strictmodes = undef,
$sshd_config_serverkeybits = 'USE_DEFAULTS', $sshd_config_serverkeybits = 'USE_DEFAULTS',
$sshd_config_banner = 'none', $sshd_config_banner = 'none',
$sshd_config_ciphers = undef, $sshd_config_ciphers = undef,
$sshd_config_macs = undef, $sshd_config_macs = undef,
$sshd_config_denyusers = undef, $sshd_config_denyusers = undef,
$sshd_config_denygroups = undef, $sshd_config_denygroups = undef,
$sshd_config_allowusers = undef, $sshd_config_allowusers = undef,
$sshd_config_allowgroups = undef, $sshd_config_allowgroups = undef,
$sshd_config_maxstartups = undef, $sshd_config_maxstartups = undef,
$sshd_config_maxsessions = undef, $sshd_config_maxsessions = undef,
$sshd_banner_content = undef, $sshd_banner_content = undef,
$sshd_banner_owner = 'root', $sshd_banner_owner = 'root',
$sshd_banner_group = 'root', $sshd_banner_group = 'root',
$sshd_banner_mode = '0644', $sshd_banner_mode = '0644',
$sshd_config_xauth_location = 'USE_DEFAULTS', $sshd_config_xauth_location = 'USE_DEFAULTS',
$sshd_config_subsystem_sftp = 'USE_DEFAULTS', $sshd_config_subsystem_sftp = 'USE_DEFAULTS',
$sshd_password_authentication = 'yes', $sshd_password_authentication = 'yes',
$sshd_allow_tcp_forwarding = 'yes', $sshd_allow_tcp_forwarding = 'yes',
$sshd_x11_forwarding = 'yes', $sshd_x11_forwarding = 'yes',
$sshd_use_pam = 'USE_DEFAULTS', $sshd_use_pam = 'USE_DEFAULTS',
$sshd_client_alive_count_max = '3', $sshd_client_alive_count_max = '3',
$sshd_client_alive_interval = '0', $sshd_client_alive_interval = '0',
$sshd_gssapiauthentication = 'yes', $sshd_gssapiauthentication = 'yes',
$sshd_gssapikeyexchange = 'USE_DEFAULTS', $sshd_gssapikeyexchange = 'USE_DEFAULTS',
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS', $sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS', $sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$sshd_acceptenv = 'USE_DEFAULTS', $sshd_acceptenv = 'USE_DEFAULTS',
$sshd_config_hostkey = 'USE_DEFAULTS', $sshd_config_hostkey = 'USE_DEFAULTS',
$sshd_listen_address = undef, $sshd_listen_address = undef,
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = 'true', $service_enable = 'true',
$service_hasrestart = 'true', $service_hasrestart = 'true',
$service_hasstatus = 'USE_DEFAULTS', $service_hasstatus = 'USE_DEFAULTS',
$ssh_key_ensure = 'present', $ssh_key_ensure = 'present',
$ssh_key_import = 'true', $ssh_key_import = 'true',
$ssh_key_type = 'ssh-rsa', $ssh_key_type = 'ssh-rsa',
$keys = undef, $ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
$manage_root_ssh_config = 'false', $ssh_config_global_known_hosts_owner = 'root',
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n", $ssh_config_global_known_hosts_group = 'root',
$ssh_config_global_known_hosts_mode = '0644',
$keys = undef,
$manage_root_ssh_config = 'false',
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
) { ) {
case $::osfamily { case $::osfamily {
@ -511,6 +515,12 @@ class ssh (
} }
} }
validate_absolute_path($ssh_config_global_known_hosts_file)
validate_string($ssh_config_global_known_hosts_owner)
validate_string($ssh_config_global_known_hosts_group)
validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',
"ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.")
case $purge_keys { case $purge_keys {
'true','false': { 'true','false': {
# noop # noop
@ -526,7 +536,6 @@ class ssh (
#sshd_config template #sshd_config template
validate_string($sshd_config_template) validate_string($sshd_config_template)
#loglevel #loglevel
$supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'] $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
validate_re($sshd_config_loglevel, $supported_loglevel_vals) validate_re($sshd_config_loglevel, $supported_loglevel_vals)
@ -655,9 +664,19 @@ class ssh (
key => $key, key => $key,
} }
file { 'ssh_known_hosts':
ensure => file,
path => $ssh_config_global_known_hosts_file,
owner => $ssh_config_global_known_hosts_owner,
group => $ssh_config_global_known_hosts_group,
mode => $ssh_config_global_known_hosts_mode,
}
# import all nodes' ssh keys
if $ssh_key_import_real == true { if $ssh_key_import_real == true {
# import all nodes' ssh keys Sshkey <<||>> {
Sshkey <<||>> target => $ssh_config_global_known_hosts_file,
}
} }
# remove ssh key's not managed by puppet # remove ssh key's not managed by puppet

300
spec/classes/init_spec.rb
View File

@ -26,6 +26,16 @@ describe 'ssh' do
} }
end end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -44,6 +54,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
it { should contain_file('ssh_config').without_content(/^\s*MACs/) } it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -156,6 +167,16 @@ describe 'ssh' do
} }
end end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -260,6 +281,16 @@ describe 'ssh' do
} }
end end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -363,6 +394,16 @@ describe 'ssh' do
} }
end end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -465,6 +506,16 @@ describe 'ssh' do
} }
end end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -575,6 +626,16 @@ describe 'ssh' do
}) })
} }
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -685,6 +746,16 @@ describe 'ssh' do
}) })
} }
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
@ -803,22 +874,23 @@ describe 'ssh' do
end end
let :params do let :params do
{ {
:ssh_config_hash_known_hosts => 'yes', :ssh_config_hash_known_hosts => 'yes',
:ssh_config_forward_agent => 'yes', :ssh_config_forward_agent => 'yes',
:ssh_config_forward_x11 => 'yes', :ssh_config_forward_x11 => 'yes',
:ssh_config_server_alive_interval => '300', :ssh_config_server_alive_interval => '300',
:ssh_config_sendenv_xmodifiers => true, :ssh_config_sendenv_xmodifiers => true,
:ssh_config_ciphers => [ 'aes128-cbc', :ssh_config_ciphers => [ 'aes128-cbc',
'3des-cbc', '3des-cbc',
'blowfish-cbc', 'blowfish-cbc',
'cast128-cbc', 'cast128-cbc',
'arcfour', 'arcfour',
'aes192-cbc', 'aes192-cbc',
'aes256-cbc', 'aes256-cbc',
], ],
:ssh_config_macs => [ 'hmac-md5-etm@openssh.com', :ssh_config_macs => [ 'hmac-md5-etm@openssh.com',
'hmac-sha1-etm@openssh.com', 'hmac-sha1-etm@openssh.com',
], ],
:ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
} }
end end
@ -845,6 +917,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^ SendEnv XMODIFIERS$/) } it { should contain_file('ssh_config').with_content(/^ SendEnv XMODIFIERS$/) }
it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) } it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) } it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
end end
context 'with params used in sshd_config set on valid osfamily' do context 'with params used in sshd_config set on valid osfamily' do
@ -2419,6 +2492,194 @@ describe 'ssh' do
end end
end end
describe 'with parameter ssh_config_global_known_hosts_file' do
context 'specified as a valid path' do
let(:params) { { :ssh_config_global_known_hosts_file => '/valid/path' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/valid/path',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/valid\/path$/) }
end
context 'specified as an invalid path' do
let(:params) { { :ssh_config_global_known_hosts_file => 'invalid/path' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\"invalid\/path\" is not an absolute path./)
end
end
context 'specified as an invalid type' do
let(:params) { { :ssh_config_global_known_hosts_file => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not an absolute path./)
end
end
end
describe 'with parameter ssh_config_global_known_hosts_owner' do
context 'specified as a valid string' do
let(:params) { { :ssh_config_global_known_hosts_owner => 'gh' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'gh',
'group' => 'root',
'mode' => '0644',
})
}
end
context 'specified as an invalid type [non-string]' do
let(:params) { { :ssh_config_global_known_hosts_owner => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/)
end
end
end
describe 'with parameter ssh_config_global_known_hosts_group' do
context 'specified as a valid string' do
let(:params) { { :ssh_config_global_known_hosts_group => 'gh' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'gh',
'mode' => '0644',
})
}
end
context 'specified as an invalid type [non-string]' do
let(:params) { { :ssh_config_global_known_hosts_group => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/)
end
end
end
describe 'with parameter ssh_config_global_known_hosts_mode' do
context 'specified as a valid mode' do
let(:params) { { :ssh_config_global_known_hosts_mode => '0666' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0666',
})
}
end
['666','0842','06666'].each do |value|
context "specified as invalid mode - #{value}" do
let(:params) { { :ssh_config_global_known_hosts_mode => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <#{value}>./)
end
end
end
context 'specified as an invalid type [non-string]' do
let(:params) { { :ssh_config_global_known_hosts_mode => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <invalidtype>./)
end
end
end
describe 'with ssh_key_import parameter specified' do describe 'with ssh_key_import parameter specified' do
context 'as a non-boolean or non-string' do context 'as a non-boolean or non-string' do
let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } }
@ -2453,6 +2714,17 @@ describe 'ssh' do
it { should compile.with_all_deps } it { should compile.with_all_deps }
it { should contain_class('ssh') } it { should contain_class('ssh') }
it {
should contain_file('ssh_known_hosts').with({
'ensure' => 'file',
'path' => '/etc/ssh/ssh_known_hosts',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
}
end end
end end

3
templates/ssh_config.erb
View File

@ -51,6 +51,9 @@
<% if @ssh_config_hash_known_hosts_real != nil -%> <% if @ssh_config_hash_known_hosts_real != nil -%>
HashKnownHosts <%= @ssh_config_hash_known_hosts_real %> HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
<% end -%> <% end -%>
<% if @ssh_config_global_known_hosts_file -%>
GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_file %>
<% end -%>
Host * Host *
GSSAPIAuthentication yes GSSAPIAuthentication yes
<% if @ssh_gssapidelegatecredentials != nil -%> <% if @ssh_gssapidelegatecredentials != nil -%>