saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #151 from alxwr/issue-98

Browse Source 
CentOS does not support ed25519; fixes #98
This commit is contained in:
Imran Iqbal 2019-02-18 20:49:38 +00:00 committed by GitHub
commit 3715cd601c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 121 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssh/config.sls
View File

@ -36,7 +36,7 @@ ssh_config:
{%- endif %} {%- endif %}
{% endif %} {% endif %}
{%- for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %} {%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %} {%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
{%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %} {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
{%- if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %} {%- if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}

51
openssh/defaults.yaml
View File

@ -1,24 +1,29 @@
openssh: default:
sshd_enable: True openssh:
sshd_binary: /usr/sbin/sshd sshd_enable: True
sshd_config: /etc/ssh/sshd_config sshd_binary: /usr/sbin/sshd
sshd_config_src: salt://openssh/files/sshd_config sshd_config: /etc/ssh/sshd_config
sshd_config_user: root sshd_config_src: salt://openssh/files/sshd_config
sshd_config_group: root sshd_config_user: root
sshd_config_mode: '644' sshd_config_group: root
sshd_config_backup: True sshd_config_mode: '644'
ssh_config: /etc/ssh/ssh_config sshd_config_backup: True
ssh_config_src: salt://openssh/files/ssh_config ssh_config: /etc/ssh/ssh_config
ssh_config_user: root ssh_config_src: salt://openssh/files/ssh_config
ssh_config_group: root ssh_config_user: root
ssh_config_mode: '644' ssh_config_group: root
ssh_config_backup: True ssh_config_mode: '644'
banner: /etc/ssh/banner ssh_config_backup: True
banner_src: salt://openssh/files/banner banner: /etc/ssh/banner
ssh_known_hosts: /etc/ssh/ssh_known_hosts banner_src: salt://openssh/files/banner
dig_pkg: dnsutils ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_moduli: /etc/ssh/moduli dig_pkg: dnsutils
root_group: root ssh_moduli: /etc/ssh/moduli
root_group: root
# Prevent merge of array; always override values
host_key_algos: ecdsa,ed25519,rsa
# To manage/remove DSA:
#host_key_algos: dsa,ecdsa,ed25519,rsa
sshd_config: {} sshd_config: {}
ssh_config: {} ssh_config: {}

136
openssh/map.jinja
View File

@ -1,120 +1,22 @@
{## Start with defaults from defaults.yaml ##} # -*- coding: utf-8 -*-
{% import_yaml "openssh/defaults.yaml" as default_settings %} # vim: ft=jinja
{## {## Start imports as ##}
Setup variable using grains['os_family'] based logic, only add key:values here {% import_yaml 'openssh/defaults.yaml' as default_settings %}
that differ from whats in defaults.yaml {% import_yaml 'openssh/osfamilymap.yaml' as osfamilymap %}
##} {% import_yaml 'openssh/osmap.yaml' as osmap %}
{% set os_family_map = salt['grains.filter_by']({ {% import_yaml 'openssh/osfingermap.yaml' as osfingermap %}
'Arch': {
'server': 'openssh',
'client': 'openssh',
'service': 'sshd',
'dig_pkg': 'bind-tools',
},
'Debian': {
'server': 'openssh-server',
'client': 'openssh-client',
'service': 'ssh',
},
'FreeBSD': {
'service': 'sshd',
'dig_pkg': 'bind-tools',
'sshd_config_group': 'wheel',
'ssh_config_group': 'wheel',
},
'OpenBSD': {
'service': 'sshd',
'sshd_config_group': 'wheel',
'ssh_config_group': 'wheel',
},
'Gentoo': {
'server': 'net-misc/openssh',
'client': 'net-misc/openssh',
'service': 'sshd',
'dig_pkg': 'net-dns/bind-tools',
},
'RedHat': {
'server': 'openssh-server',
'client': 'openssh-clients',
'service': 'sshd',
'dig_pkg': 'bind-utils',
},
'Suse': {
'server': 'openssh',
'client': 'openssh',
'service': 'sshd',
'dig_pkg': 'bind-utils',
},
'Solaris': {
'service': 'network/ssh',
'sshd_config_group': 'root',
'ssh_config_group': 'root',
'dig_pkg': 'bind',
'sshd_binary': '/usr/lib/ssh/sshd',
},
}
, grain="os_family"
, merge=salt['pillar.get']('openssh:lookup'))
%}
{## Merge the flavor_map to the default settings ##} {% set defaults = salt['grains.filter_by'](default_settings,
{% do default_settings.openssh.update(os_family_map) %} default='default',
merge=salt['grains.filter_by'](osfamilymap, grain='os_family',
merge=salt['grains.filter_by'](osmap, grain='os',
merge=salt['grains.filter_by'](osfingermap, grain='osfinger')
)
)
) %}
{## Merge in openssh:lookup pillar ##} {## merge the openssh pillar ##}
{% set openssh = salt['pillar.get']( {% set openssh = salt['pillar.get']('openssh', default=defaults['openssh'], merge=True) %}
'openssh', {% set ssh_config = salt['pillar.get']('ssh_config', default=defaults['ssh_config'], merge=True) %}
default=default_settings.openssh, {% set sshd_config = salt['pillar.get']('sshd_config', default=defaults['sshd_config'], merge=True) %}
merge=True
)
%}
{% set os_family_map = salt['grains.filter_by']({
'FreeBSD': {
'Subsystem': 'sftp /usr/libexec/sftp-server',
},
'OpenBSD': {
'Subsystem': 'sftp /usr/libexec/sftp-server',
},
'Suse': {
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
'Arch': {
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
'Debian': {
'Subsystem': 'sftp /usr/lib/openssh/sftp-server',
},
'RedHat': {
'Subsystem': 'sftp /usr/libexec/openssh/sftp-server',
},
'Solaris': {
'Subsystem': 'sftp internal-sftp',
},
'default': {}
}
, grain="os_family"
, merge=salt['pillar.get']('sshd_config:lookup'))
%}
{% set os_finger_map = salt['grains.filter_by']({
'CentOS-6': {
},
'default': {}
}
, grain="osfinger"
, merge=salt['pillar.get']('sshd_config:lookup'))
%}
{## Merge the flavor_map to the default settings ##}
{% do default_settings.sshd_config.update(os_family_map) %}
{% do default_settings.sshd_config.update(os_finger_map) %}
{## Merge in sshd_config:lookup pillar ##}
{% set sshd_config = salt['pillar.get'](
'sshd_config',
default=default_settings.sshd_config,
merge=True
)
%}

68
openssh/osfamilymap.yaml Normal file
View File

@ -0,0 +1,68 @@
Arch:
openssh:
server: openssh
client: openssh
service: sshd
dig_pkg: bind-tools
sshd_config:
Subsystem: sftp /usr/lib/ssh/sftp-server
Debian:
openssh:
server: openssh-server
client: openssh-client
service: ssh
sshd_config:
Subsystem: sftp /usr/lib/openssh/sftp-server
FreeBSD:
openssh:
service: sshd
dig_pkg: bind-tools
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:
Subsystem: sftp /usr/libexec/sftp-server
Gentoo:
openssh:
server: net-misc/openssh
client: net-misc/openssh
service: sshd
dig_pkg: net-dns/bind-tools
OpenBSD:
openssh:
service: sshd
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:
Subsystem: sftp /usr/libexec/sftp-server
RedHat:
openssh:
server: openssh-server
client: openssh-clients
service: sshd
dig_pkg: bind-utils
sshd_config:
Subsystem: sftp /usr/libexec/openssh/sftp-server
Solaris:
openssh:
service: network/ssh
sshd_config_group: root
ssh_config_group: root
dig_pkg: bind
sshd_binary: /usr/lib/ssh/sshd
sshd_config:
Subsystem: sftp internal-sftp
Suse:
openssh:
server: openssh
client: openssh
service: sshd
dig_pkg: bind-utils
sshd_config:
Subsystem: sftp /usr/lib/ssh/sftp-server

4
openssh/osfingermap.yaml Normal file
View File

@ -0,0 +1,4 @@
Ubuntu-18.04: {}
CentOS-6:
openssh:
host_key_algos: ecdsa,rsa

1
openssh/osmap.yaml Normal file
View File

@ -0,0 +1 @@
FreeBSD: {}