Add variables for file owner and mode
This commit is contained in:
Adam Mendlik
parent
b0afda98ed
commit
613bea2cac
@ -21,7 +21,9 @@ provisioner:
|
|||||||
'*':
|
'*':
|
||||||
- openssl
|
- openssl
|
||||||
openssl.sls:
|
openssl.sls:
|
||||||
sshd_enable: true
|
openssh:
|
||||||
|
sshd_config_mode: '600'
|
||||||
|
ssh_config_mode: '600'
|
||||||
|
|
||||||
suites:
|
suites:
|
||||||
- name: default
|
- name: default
|
||||||
|
|||||||
@ -8,8 +8,9 @@ sshd_config:
|
|||||||
- name: {{ openssh.sshd_config }}
|
- name: {{ openssh.sshd_config }}
|
||||||
- source: {{ openssh.sshd_config_src }}
|
- source: {{ openssh.sshd_config_src }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: root
|
- user: {{ openssh.sshd_config_user }}
|
||||||
- mode: 644
|
- group: {{ openssh.sshd_config_group }}
|
||||||
|
- mode: {{ openssh.sshd_config_mode }}
|
||||||
- watch_in:
|
- watch_in:
|
||||||
- service: openssh
|
- service: openssh
|
||||||
|
|
||||||
@ -18,8 +19,9 @@ ssh_config:
|
|||||||
- name: {{ openssh.ssh_config }}
|
- name: {{ openssh.ssh_config }}
|
||||||
- source: {{ openssh.ssh_config_src }}
|
- source: {{ openssh.ssh_config_src }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: root
|
- user: {{ openssh.ssh_config_user }}
|
||||||
- mode: 644
|
- group: {{ openssh.ssh_config_group }}
|
||||||
|
- mode: {{ openssh.ssh_config_mode }}
|
||||||
|
|
||||||
{% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
|
{% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
|
||||||
{% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
|
{% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
|
||||||
|
|||||||
@ -2,8 +2,14 @@ openssh:
|
|||||||
sshd_enable: True
|
sshd_enable: True
|
||||||
sshd_config: /etc/ssh/sshd_config
|
sshd_config: /etc/ssh/sshd_config
|
||||||
sshd_config_src: salt://openssh/files/sshd_config
|
sshd_config_src: salt://openssh/files/sshd_config
|
||||||
|
sshd_config_user: root
|
||||||
|
sshd_config_group: root
|
||||||
|
sshd_config_mode: '644'
|
||||||
ssh_config: /etc/ssh/ssh_config
|
ssh_config: /etc/ssh/ssh_config
|
||||||
ssh_config_src: salt://openssh/files/ssh_config
|
ssh_config_src: salt://openssh/files/ssh_config
|
||||||
|
ssh_config_user: root
|
||||||
|
ssh_config_group: root
|
||||||
|
ssh_config_mode: '644'
|
||||||
banner: /etc/ssh/banner
|
banner: /etc/ssh/banner
|
||||||
banner_src: salt://openssh/files/banner
|
banner_src: salt://openssh/files/banner
|
||||||
ssh_known_hosts: /etc/ssh/ssh_known_hosts
|
ssh_known_hosts: /etc/ssh/ssh_known_hosts
|
||||||
|
|||||||
@ -14,4 +14,16 @@ describe 'openssl/config.sls' do
|
|||||||
it { should be_running }
|
it { should be_running }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe file('/etc/ssh/sshd_config') do
|
||||||
|
it { should be_mode 600 }
|
||||||
|
it { should be_owned_by 'root' }
|
||||||
|
it { should be_grouped_into 'root' }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe file('/etc/ssh/ssh_config') do
|
||||||
|
it { should be_mode 600 }
|
||||||
|
it { should be_owned_by 'root' }
|
||||||
|
it { should be_grouped_into 'root' }
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user