Add sshd_config to map.jinja and check if dig command is available before installing 'dig' package.
This commit is contained in:
Simon Lloyd
parent
a85c19c256
commit
daed52de19
@ -8,6 +8,8 @@ openssh:
|
|||||||
ssh_known_hosts: /etc/ssh/ssh_known_hosts
|
ssh_known_hosts: /etc/ssh/ssh_known_hosts
|
||||||
dig_pkg: dnsutils
|
dig_pkg: dnsutils
|
||||||
ssh_moduli: /etc/ssh/moduli
|
ssh_moduli: /etc/ssh/moduli
|
||||||
|
root_group: root
|
||||||
|
sshd_config: {}
|
||||||
ssh_config:
|
ssh_config:
|
||||||
Hosts:
|
Hosts:
|
||||||
'*':
|
'*':
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
{%- set sshd_config = pillar.get('sshd_config', {}) -%}
|
{% from "openssh/map.jinja" import sshd_config with context %}
|
||||||
{#- present in sshd_config and known in actual file options -#}
|
{#- present in sshd_config and known in actual file options -#}
|
||||||
{%- set processed_options = [] -%}
|
{%- set processed_options = [] -%}
|
||||||
|
|
||||||
|
|||||||
@ -1,8 +1,14 @@
|
|||||||
{% from "openssh/map.jinja" import openssh with context %}
|
{% from "openssh/map.jinja" import openssh with context %}
|
||||||
|
|
||||||
|
check for existing dig:
|
||||||
|
cmd.run:
|
||||||
|
- name: which dig
|
||||||
|
|
||||||
ensure dig is available:
|
ensure dig is available:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- name: {{ openssh.dig_pkg }}
|
- name: {{ openssh.dig_pkg }}
|
||||||
|
- onfail:
|
||||||
|
- cmd: check for existing dig
|
||||||
|
|
||||||
manage ssh_known_hosts file:
|
manage ssh_known_hosts file:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -10,7 +16,7 @@ manage ssh_known_hosts file:
|
|||||||
- source: salt://openssh/files/ssh_known_hosts
|
- source: salt://openssh/files/ssh_known_hosts
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: root
|
- user: root
|
||||||
- group: root
|
- group: {{ openssh.root_group }}
|
||||||
- mode: 644
|
- mode: 644
|
||||||
- require:
|
- require:
|
||||||
- pkg: ensure dig is available
|
- pkg: ensure dig is available
|
||||||
|
|||||||
@ -19,7 +19,7 @@ that differ from whats in defaults.yaml
|
|||||||
'FreeBSD': {
|
'FreeBSD': {
|
||||||
'service': 'sshd',
|
'service': 'sshd',
|
||||||
'dig_pkg': 'bind-tools',
|
'dig_pkg': 'bind-tools',
|
||||||
'Subsystem': 'sftp /usr/libexec/sftp-server',
|
'root_group': 'wheel',
|
||||||
},
|
},
|
||||||
'Gentoo': {
|
'Gentoo': {
|
||||||
'server': 'net-misc/openssh',
|
'server': 'net-misc/openssh',
|
||||||
@ -38,7 +38,6 @@ that differ from whats in defaults.yaml
|
|||||||
'client': 'openssh',
|
'client': 'openssh',
|
||||||
'service': 'sshd',
|
'service': 'sshd',
|
||||||
'dig_pkg': 'bind-utils',
|
'dig_pkg': 'bind-utils',
|
||||||
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
, grain="os_family"
|
, grain="os_family"
|
||||||
@ -56,3 +55,27 @@ that differ from whats in defaults.yaml
|
|||||||
)
|
)
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
{% set os_family_map = salt['grains.filter_by']({
|
||||||
|
'FreeBSD': {
|
||||||
|
'Subsystem': 'sftp /usr/libexec/sftp-server',
|
||||||
|
},
|
||||||
|
'Suse': {
|
||||||
|
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
|
||||||
|
},
|
||||||
|
'default': {}
|
||||||
|
}
|
||||||
|
, grain="os_family"
|
||||||
|
, merge=salt['pillar.get']('sshd_config:lookup'))
|
||||||
|
%}
|
||||||
|
|
||||||
|
|
||||||
|
{## Merge the flavor_map to the default settings ##}
|
||||||
|
{% do default_settings.sshd_config.update(os_family_map) %}
|
||||||
|
|
||||||
|
{## Merge in sshd_config:lookup pillar ##}
|
||||||
|
{% set sshd_config = salt['pillar.get'](
|
||||||
|
'sshd_config',
|
||||||
|
default=default_settings.sshd_config,
|
||||||
|
merge=True
|
||||||
|
)
|
||||||
|
%}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user