From 345e07c85e725ac3de6e81c075bcee89d22720d5 Mon Sep 17 00:00:00 2001 From: Michael Mol Date: Fri, 9 Jun 2017 15:51:13 -0400 Subject: [PATCH 1/3] Support Match prioritization OpenSSH's Match declarations are applied first-match-wins. However, we can't safely define two Matches that might overlap unless we first sort the keys, as Python (and Jinja) dicts don't guarantee the order of dict keys, We also won't scramble the match sequence every time the user adds, removes or renames a match, and so we give the user clearer, more concise diffs as when they apply changes. Finally, we leave a comment on the Match line identifying where the Match rule came from, to assist in troubleshooting. --- openssh/files/sshd_config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 9a75fe3..816fd78 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -215,8 +215,8 @@ {# Handle matches last as they need to go at the bottom #} {%- if 'matches' in sshd_config %} - {%- for match in sshd_config['matches'].values() %} -Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }} + {%- for name, match in sshd_config['matches']|dictsort(true) %} +Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }} # {{ name }} {%- for keyword in match['options'].keys() %} {{ render_option(keyword, '', config_dict=match['options']) }} {%- endfor %} From 8594cd90ba9f1a586c2bcbf2eafb13ba28a2d8d5 Mon Sep 17 00:00:00 2001 From: Florian Ermisch Date: Thu, 22 Jun 2017 00:03:28 +0200 Subject: [PATCH 2/3] add optional `{{source}} to ssh_config --- openssh/files/ssh_config | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openssh/files/ssh_config b/openssh/files/ssh_config index 4773791..ef07c9b 100644 --- a/openssh/files/ssh_config +++ b/openssh/files/ssh_config @@ -73,6 +73,13 @@ # Do not edit this file manually! # It will be overwritten by salt! {%- endif %} +{%- set global_src_url = salt ['pillar.get']('__formulas:print_template_url', None) %} +{%- set local_src_url = salt ['pillar.get']('openssh-formula:print_template_url', None) %} +{%- if (global_src_url and local_src_url is none) or local_src_url %} +# +# Template used to generate this file: +# {{ source }} +{%- endif %} {%- if 'Hosts' in ssh_config %} {%- do processed_options.append('Hosts') %} From add969822c605a422fe0061c640b1b2a0034242a Mon Sep 17 00:00:00 2001 From: Florian Ermisch Date: Thu, 22 Jun 2017 00:03:35 +0200 Subject: [PATCH 3/3] add optional `{{source}} to sshd_config --- openssh/files/sshd_config | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 816fd78..2d2d5c8 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -66,6 +66,14 @@ {%- else -%} # This file is managed by salt. Manual changes risk being overwritten. {%- endif %} +{%- set global_src_url = salt ['pillar.get']('__formulas:print_template_url', None) %} +{%- set local_src_url = salt ['pillar.get']('openssh-formula:print_template_url', None) %} +{%- if (global_src_url and local_src_url is none) or local_src_url %} +# +# Template used to generate this file: +# {{ source }} +# +{%- endif %} # The contents of the original sshd_config are kept on the bottom for # quick reference. # See the sshd_config(5) manpage for details