puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Solaris ssh issue - AddressFamily not supported

Browse Source
This commit is contained in:
Nasredine Bentoumi 2016-04-29 16:06:40 -04:00
parent e29c06349d
commit c04c0cca92
6 changed files with 171 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
git Normal file
View File

22
manifests/init.pp
View File

@ -83,7 +83,7 @@ class ssh (
$sshd_ignoreuserknownhosts = 'no', $sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes', $sshd_ignorerhosts = 'yes',
$manage_service = true, $manage_service = true,
$sshd_addressfamily = 'any', $sshd_addressfamily = 'USE_DEFAULTS',
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = true, $service_enable = true,
@ -123,6 +123,7 @@ class ssh (
$default_service_hasstatus = true $default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024' $default_sshd_config_serverkeybits = '1024'
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
$default_sshd_addressfamily = 'any'
} }
'Suse': { 'Suse': {
$default_packages = 'openssh' $default_packages = 'openssh'
@ -143,6 +144,7 @@ class ssh (
$default_service_hasstatus = true $default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024' $default_sshd_config_serverkeybits = '1024'
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
$default_sshd_addressfamily = 'any'
case $::architecture { case $::architecture {
'x86_64': { 'x86_64': {
if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) { if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) {
@ -180,6 +182,7 @@ class ssh (
$default_service_hasstatus = true $default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024' $default_sshd_config_serverkeybits = '1024'
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
$default_sshd_addressfamily = 'any'
} }
'Solaris': { 'Solaris': {
$default_ssh_config_hash_known_hosts = undef $default_ssh_config_hash_known_hosts = undef
@ -197,6 +200,7 @@ class ssh (
$default_sshd_config_serverkeybits = '768' $default_sshd_config_serverkeybits = '768'
$default_ssh_package_adminfile = undef $default_ssh_package_adminfile = undef
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
$default_sshd_addressfamily = undef
case $::kernelrelease { case $::kernelrelease {
'5.11': { '5.11': {
$default_packages = ['network/ssh', $default_packages = ['network/ssh',
@ -425,6 +429,12 @@ class ssh (
} }
} }
if $sshd_addressfamily == 'USE_DEFAULTS' {
$sshd_addressfamily_real = $default_sshd_addressfamily
} else {
$sshd_addressfamily_real = $sshd_addressfamily
}
# validate params # validate params
if $ssh_config_ciphers != undef { if $ssh_config_ciphers != undef {
validate_array($ssh_config_ciphers) validate_array($ssh_config_ciphers)
@ -809,8 +819,12 @@ class ssh (
create_resources('ssh_authorized_key', $keys_real) create_resources('ssh_authorized_key', $keys_real)
} }
if $sshd_addressfamily != undef { if $sshd_addressfamily_real != undef {
validate_re($sshd_addressfamily, '^(any|inet|inet6)$', if $::osfamily == 'Solaris' {
"ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to ${sshd_addressfamily}.") fail("ssh::sshd_addressfamily is not supported on Solaris and is set to <${sshd_addressfamily}>.")
} else {
validate_re($sshd_addressfamily_real, '^(any|inet|inet6)$',
"ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to ${sshd_addressfamily_real}.")
}
} }
} }

21
spec/classes/init_spec.rb
View File

@ -74,7 +74,7 @@ describe 'ssh' do
'Suse-10-x86_64' => { 'Suse-10-x86_64' => {
:architecture => 'x86_64', :architecture => 'x86_64',
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLED', :operatingsystem => 'SLES',
:operatingsystemrelease => '10.4', :operatingsystemrelease => '10.4',
:ssh_version => 'OpenSSH_5.1p1', :ssh_version => 'OpenSSH_5.1p1',
:ssh_version_numeric => '5.1', :ssh_version_numeric => '5.1',
@ -88,6 +88,7 @@ describe 'ssh' do
'Suse-10-i386' => { 'Suse-10-i386' => {
:architecture => 'i386', :architecture => 'i386',
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLES',
:operatingsystemrelease => '10.4', :operatingsystemrelease => '10.4',
:ssh_version => 'OpenSSH_5.1p1', :ssh_version => 'OpenSSH_5.1p1',
:ssh_version_numeric => '5.1', :ssh_version_numeric => '5.1',
@ -101,7 +102,7 @@ describe 'ssh' do
'Suse-11-x86_64' => { 'Suse-11-x86_64' => {
:architecture => 'x86_64', :architecture => 'x86_64',
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLED', :operatingsystem => 'SLES',
:operatingsystemrelease => '11.4', :operatingsystemrelease => '11.4',
:ssh_version => 'OpenSSH_6.6.1p1', :ssh_version => 'OpenSSH_6.6.1p1',
:ssh_version_numeric => '6.6', :ssh_version_numeric => '6.6',
@ -115,6 +116,7 @@ describe 'ssh' do
'Suse-11-i386' => { 'Suse-11-i386' => {
:architecture => 'i386', :architecture => 'i386',
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLES',
:operatingsystemrelease => '11.4', :operatingsystemrelease => '11.4',
:ssh_version => 'OpenSSH_6.6.1p1', :ssh_version => 'OpenSSH_6.6.1p1',
:ssh_version_numeric => '6.6', :ssh_version_numeric => '6.6',
@ -128,7 +130,7 @@ describe 'ssh' do
'Suse-12-x86_64' => { 'Suse-12-x86_64' => {
:architecture => 'x86_64', :architecture => 'x86_64',
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLED', :operatingsystem => 'SLES',
:operatingsystemrelease => '12.0', :operatingsystemrelease => '12.0',
:ssh_version => 'OpenSSH_6.6.1p1', :ssh_version => 'OpenSSH_6.6.1p1',
:ssh_version_numeric => '6.6', :ssh_version_numeric => '6.6',
@ -136,7 +138,7 @@ describe 'ssh' do
:sshd_config_mode => '0600', :sshd_config_mode => '0600',
:sshd_service_name => 'sshd', :sshd_service_name => 'sshd',
:sshd_service_hasstatus => true, :sshd_service_hasstatus => true,
:sshd_config_fixture => 'sshd_config_suse_x86_64', :sshd_config_fixture => 'sshd_config_sles_12_x86_64',
:ssh_config_fixture => 'ssh_config_suse', :ssh_config_fixture => 'ssh_config_suse',
}, },
'Solaris-5.11' => { 'Solaris-5.11' => {
@ -1473,11 +1475,12 @@ describe 'ssh' do
let :facts do let :facts do
default_facts.merge( default_facts.merge(
{ {
:osfamily => 'Suse', :osfamily => 'Suse',
:operatingsystem => 'SLED', :operatingsystem => 'SLES',
:fqdn => 'notinhiera.example.com', :fqdn => 'notinhiera.example.com',
:lsbmajdistrelease => '11', :lsbmajdistrelease => '11',
:architecture => 'x86_64', :operatingsystemrelease => '11.4',
:architecture => 'x86_64',
} }
) )
end end

139
spec/fixtures/sshd_config_sles_12_x86_64 vendored Normal file
View File

@ -0,0 +1,139 @@
# This file is being maintained by Puppet.
# DO NOT EDIT
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
AddressFamily any
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTH
#LogLevel INFO
LogLevel INFO
# Authentication:
#LoginGraceTime 120
LoginGraceTime 120
#PermitRootLogin yes
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes
# Kerberos options
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
ClientAliveInterval 0
ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#MaxSessions 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
Banner none
#XAuthLocation /usr/bin/xauth
XAuthLocation /usr/bin/xauth
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server

2
spec/fixtures/sshd_config_solaris vendored
View File

@ -17,8 +17,6 @@
Port 22 Port 22
#Protocol 2,1 #Protocol 2,1
Protocol 2 Protocol 2
#AddressFamily any
AddressFamily any
# HostKey for protocol version 1 # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key #HostKey /etc/ssh/ssh_host_key

4
templates/sshd_config.erb
View File

@ -17,9 +17,9 @@
Port <%= @sshd_config_port %> Port <%= @sshd_config_port %>
#Protocol 2,1 #Protocol 2,1
Protocol 2 Protocol 2
<% if @sshd_addressfamily_real != nil -%>
#AddressFamily any #AddressFamily any
<% if @sshd_addressfamily != nil -%> AddressFamily <%= @sshd_addressfamily_real %>
AddressFamily <%= @sshd_addressfamily %>
<% end -%> <% end -%>
<% if @sshd_listen_address.class == Array -%> <% if @sshd_listen_address.class == Array -%>
<% @sshd_listen_address.each do |val| -%> <% @sshd_listen_address.each do |val| -%>