puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #82 from wolfspyre/parameterize_templates

Browse Source 
permit custom templates for ssh_config and sshd_config
This commit is contained in:
Garrett Honeycutt 2014-09-03 21:43:12 -04:00
commit c4aa7d6a9a
3 changed files with 86 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -95,6 +95,12 @@ Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on
- *Default*: false
ssh_config_template
--------------------
*string* The template used to generate ssh_config.
- *Default*: 'ssh/ssh_config.erb'
ssh_config_ciphers
------------------
Array of ciphers to be used with the Ciphers option in ssh_config.
@ -157,6 +163,12 @@ SyslogFacility option in sshd_config.
- *Default*: 'AUTH'
sshd_config_template
--------------------
*string* The template used to generate sshd_config.
- *Default*: 'ssh/sshd_config.erb'
sshd_config_login_grace_time
----------------------------
LoginGraceTime option in sshd_config.

13
manifests/init.pp
View File

@ -22,6 +22,7 @@ class ssh (
$ssh_config_sendenv_xmodifiers = false,
$ssh_config_ciphers = undef,
$ssh_config_macs = undef,
$ssh_config_template = 'ssh/ssh_config.erb',
$ssh_sendenv = 'USE_DEFAULTS',
$sshd_config_path = '/etc/ssh/sshd_config',
$sshd_config_owner = 'root',
@ -30,6 +31,7 @@ class ssh (
$sshd_config_mode = 'USE_DEFAULTS',
$sshd_config_port = '22',
$sshd_config_syslog_facility = 'AUTH',
$sshd_config_template = 'ssh/sshd_config.erb',
$sshd_config_login_grace_time = '120',
$sshd_config_challenge_resp_auth = 'yes',
$sshd_config_print_motd = 'yes',
@ -479,6 +481,13 @@ class ssh (
}
}
#ssh_config template
validate_string($ssh_config_template)
#sshd_config template
validate_string($sshd_config_template)
#loglevel
$supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
validate_re($sshd_config_loglevel, $supported_loglevel_vals)
@ -524,7 +533,7 @@ class ssh (
owner => $ssh_config_owner,
group => $ssh_config_group,
mode => $ssh_config_mode,
content => template('ssh/ssh_config.erb'),
content => template($ssh_config_template),
require => Package[$packages_real],
}
@ -534,7 +543,7 @@ class ssh (
mode => $sshd_config_mode_real,
owner => $sshd_config_owner,
group => $sshd_config_group,
content => template('ssh/sshd_config.erb'),
content => template($sshd_config_template),
require => Package[$packages_real],
}

63
spec/classes/init_spec.rb
View File

@ -967,6 +967,69 @@ describe 'ssh' do
end
end
context 'when ssh_config_template has a nonstandard value' do
context 'and that value is not valid' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let (:params) {{'ssh_config_template' => false}}
it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /is not a string/)
end
end
context 'and that value is valid' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}}
it 'should lay down the ssh_config file from the specified template' do
should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/)
end
end
end
context 'when sshd_config_template has a nonstandard value' do
context 'and that value is not valid' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let (:params) {{'sshd_config_template' => false}}
it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /is not a string/)
end
end
context 'and that value is valid' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}}
it 'should lay down the sshd_config file from the specified template' do
should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/)
end
end
end
context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do
let :facts do
{