Merge pull request #55 from nigelsim/default-host

Allow Host: * options to be overridden in the pillar
2016-01-13 22:18:47 -08:00 · 2016-01-13 22:18:47 -08:00 · d5db2a6e89
commit d5db2a6e89
parent a2408d5e1e 1e515b0f5d
2 changed files with 36 additions and 29 deletions
--- a/openssh/defaults.yaml
+++ b/openssh/defaults.yaml
@ -8,3 +8,27 @@ openssh:
  ssh_known_hosts: /etc/ssh/ssh_known_hosts
  dig_pkg: dnsutils
  ssh_moduli: /etc/ssh/moduli
+ssh_config:
+  Hosts:
+    '*':
+      ForwardAgent: no
+      ForwardX11: no
+      RhostsRSAAuthentication: no
+      RSAAuthentication: yes
+      PasswordAuthentication: yes
+      HostbasedAuthentication: no
+      GSSAPIAuthentication: no
+      GSSAPIDelegateCredentials: no
+      BatchMode: no
+      CheckHostIP: yes
+      AddressFamily: any
+      ConnectTimeout: 0
+      StrictHostKeyChecking: ask
+      IdentityFile: "~/.ssh/id_rsa"
+      Port: 22
+      Protocol: 2
+      Cipher: 3des
+      Tunnel: no
+      TunnelDevice: "any:any"
+      PermitLocalCommand: no
+      VisualHostKey: no
--- a/openssh/files/ssh_config
+++ b/openssh/files/ssh_config
@ -1,11 +1,9 @@
-{%- set ssh_config = pillar.get('ssh_config', {}) -%}
+{%- import_yaml "openssh/defaults.yaml" as default_settings -%}
+{%- set ssh_config = salt['pillar.get']('ssh_config', default=default_settings.ssh_config, merge=True) -%}
 {#- present in ssh_config and known in actual file options -#}
 {%- set processed_options = [] -%}

-{#- generic renderer used for ssh matches, known options, -#}
-{#- and unknown options -#}
-{%- macro render_option(keyword, default, config_dict=ssh_config) -%}
-  {%- set value = config_dict.get(keyword, default) -%}
+{%- macro render_raw_option(keyword, value) -%}
  {%- if value is sameas true -%}
 {{ keyword }} yes
  {%- elif value is sameas false -%}
@ -19,6 +17,13 @@
  {%- endif -%}
 {%- endmacro -%}

+{#- generic renderer used for ssh matches, known options, -#}
+{#- and unknown options -#}
+{%- macro render_option(keyword, default, config_dict=ssh_config) -%}
+  {%- set value = config_dict.get(keyword, default) -%}
+{{ render_raw_option(keyword, value) }}
+{%- endmacro -%}
+
 {#- macros for render option according to present -#}
 {%- macro option_impl(keyword, default, present) -%}
  {%- if present -%}
@ -45,35 +50,13 @@
 # Do not edit this file manually!
 # It will be overwritten by salt!

-{{ option_default_uncommented('Host', '*') }}
-{{ option('   ForwardAgent', 'no') }}
-{{ option('   ForwardX11', 'no') }}
-{{ option('   RhostsRSAAuthentication', 'no') }}
-{{ option('   RSAAuthentication', 'yes') }}
-{{ option('   PasswordAuthentication', 'yes') }}
-{{ option('   HostbasedAuthentication', 'no') }}
-{{ option('   GSSAPIAuthentication', 'no') }}
-{{ option('   GSSAPIDelegateCredentials', 'no') }}
-{{ option('   BatchMode', 'no') }}
-{{ option('   CheckHostIP', 'yes') }}
-{{ option('   AddressFamily', 'any') }}
-{{ option('   ConnectTimeout', 0) }}
-{{ option('   StrictHostKeyChecking', 'ask') }}
-{{ option('   IdentityFile', '~/.ssh/id_rsa') }}
-{{ option('   Port', 22) }}
-{{ option('   Protocol', 2) }}
-{{ option('   Cipher', '3des') }}
-{{ option('   Tunnel', 'no') }}
-{{ option('   TunnelDevice', 'any:any') }}
-{{ option('   PermitLocalCommand', 'no') }}
-{{ option('   VisualHostKey', 'no') }}
-
 {%- if 'Hosts' in ssh_config %}
 {%- do processed_options.append('Hosts') %}
 {%  for host, conf in ssh_config['Hosts'].items() %}
 Host {{ host }}
  {%- for key, val in conf.items() %}
-    {{ key }} {{ val }}{%- endfor %}
+    {{ render_raw_option(key, val) }}
+  {%- endfor %}
 {%- endfor %}
 {%- endif %}