Merge pull request #55 from nigelsim/default-host

Allow Host: * options to be overridden in the pillar
This commit is contained in:
Forrest 2016-01-13 22:18:47 -08:00
commit d5db2a6e89
2 changed files with 36 additions and 29 deletions

View File

@ -8,3 +8,27 @@ openssh:
ssh_known_hosts: /etc/ssh/ssh_known_hosts ssh_known_hosts: /etc/ssh/ssh_known_hosts
dig_pkg: dnsutils dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli ssh_moduli: /etc/ssh/moduli
ssh_config:
Hosts:
'*':
ForwardAgent: no
ForwardX11: no
RhostsRSAAuthentication: no
RSAAuthentication: yes
PasswordAuthentication: yes
HostbasedAuthentication: no
GSSAPIAuthentication: no
GSSAPIDelegateCredentials: no
BatchMode: no
CheckHostIP: yes
AddressFamily: any
ConnectTimeout: 0
StrictHostKeyChecking: ask
IdentityFile: "~/.ssh/id_rsa"
Port: 22
Protocol: 2
Cipher: 3des
Tunnel: no
TunnelDevice: "any:any"
PermitLocalCommand: no
VisualHostKey: no

View File

@ -1,11 +1,9 @@
{%- set ssh_config = pillar.get('ssh_config', {}) -%} {%- import_yaml "openssh/defaults.yaml" as default_settings -%}
{%- set ssh_config = salt['pillar.get']('ssh_config', default=default_settings.ssh_config, merge=True) -%}
{#- present in ssh_config and known in actual file options -#} {#- present in ssh_config and known in actual file options -#}
{%- set processed_options = [] -%} {%- set processed_options = [] -%}
{#- generic renderer used for ssh matches, known options, -#} {%- macro render_raw_option(keyword, value) -%}
{#- and unknown options -#}
{%- macro render_option(keyword, default, config_dict=ssh_config) -%}
{%- set value = config_dict.get(keyword, default) -%}
{%- if value is sameas true -%} {%- if value is sameas true -%}
{{ keyword }} yes {{ keyword }} yes
{%- elif value is sameas false -%} {%- elif value is sameas false -%}
@ -19,6 +17,13 @@
{%- endif -%} {%- endif -%}
{%- endmacro -%} {%- endmacro -%}
{#- generic renderer used for ssh matches, known options, -#}
{#- and unknown options -#}
{%- macro render_option(keyword, default, config_dict=ssh_config) -%}
{%- set value = config_dict.get(keyword, default) -%}
{{ render_raw_option(keyword, value) }}
{%- endmacro -%}
{#- macros for render option according to present -#} {#- macros for render option according to present -#}
{%- macro option_impl(keyword, default, present) -%} {%- macro option_impl(keyword, default, present) -%}
{%- if present -%} {%- if present -%}
@ -45,35 +50,13 @@
# Do not edit this file manually! # Do not edit this file manually!
# It will be overwritten by salt! # It will be overwritten by salt!
{{ option_default_uncommented('Host', '*') }}
{{ option(' ForwardAgent', 'no') }}
{{ option(' ForwardX11', 'no') }}
{{ option(' RhostsRSAAuthentication', 'no') }}
{{ option(' RSAAuthentication', 'yes') }}
{{ option(' PasswordAuthentication', 'yes') }}
{{ option(' HostbasedAuthentication', 'no') }}
{{ option(' GSSAPIAuthentication', 'no') }}
{{ option(' GSSAPIDelegateCredentials', 'no') }}
{{ option(' BatchMode', 'no') }}
{{ option(' CheckHostIP', 'yes') }}
{{ option(' AddressFamily', 'any') }}
{{ option(' ConnectTimeout', 0) }}
{{ option(' StrictHostKeyChecking', 'ask') }}
{{ option(' IdentityFile', '~/.ssh/id_rsa') }}
{{ option(' Port', 22) }}
{{ option(' Protocol', 2) }}
{{ option(' Cipher', '3des') }}
{{ option(' Tunnel', 'no') }}
{{ option(' TunnelDevice', 'any:any') }}
{{ option(' PermitLocalCommand', 'no') }}
{{ option(' VisualHostKey', 'no') }}
{%- if 'Hosts' in ssh_config %} {%- if 'Hosts' in ssh_config %}
{%- do processed_options.append('Hosts') %} {%- do processed_options.append('Hosts') %}
{% for host, conf in ssh_config['Hosts'].items() %} {% for host, conf in ssh_config['Hosts'].items() %}
Host {{ host }} Host {{ host }}
{%- for key, val in conf.items() %} {%- for key, val in conf.items() %}
{{ key }} {{ val }}{%- endfor %} {{ render_raw_option(key, val) }}
{%- endfor %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}