saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: complete PR #164

Browse Source 
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
This commit is contained in:
Imran Iqbal 2019-07-04 00:07:34 +01:00
parent a47596f15a
commit f6dbca3352
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
5 changed files with 35 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
openssh/banner.sls
View File

@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %} {%- set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %} {%- from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %} {%- from tplroot ~ "/libtofs.jinja" import files_switch %}
include: include:
- openssh - openssh
@ -8,14 +8,13 @@ include:
sshd_banner: sshd_banner:
file.managed: file.managed:
- name: {{ openssh.banner }} - name: {{ openssh.banner }}
{% if openssh.banner_string is defined %} {%- if openssh.banner_string is defined %}
- contents: {{ openssh.banner_string | yaml }} - contents: {{ openssh.banner_string | yaml }}
{% else %} {%- else %}
# Preserve backward compatibility {#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.banner_src - source: {{ openssh.banner_src if '://' in openssh.banner_src
if '://' in openssh.banner_src
else files_switch( [openssh.banner_src], else files_switch( [openssh.banner_src],
'sshd_banner_file_managed' 'sshd_banner'
) }} ) }}
- template: jinja - template: jinja
{% endif %} {%- endif %}

30
openssh/config.sls
View File

@ -1,20 +1,19 @@
{% set tplroot = tpldir.split('/')[0] %} {%- set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %} {%- from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %} {%- from tplroot ~ "/libtofs.jinja" import files_switch %}
include: include:
- openssh - openssh
{% if sshd_config %} {%- if sshd_config %}
sshd_config: sshd_config:
file.managed: file.managed:
- name: {{ openssh.sshd_config }} - name: {{ openssh.sshd_config }}
# Preserve backward compatibility {#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.sshd_config_src - source: {{ openssh.sshd_config_src if '://' in openssh.sshd_config_src
if '://' in openssh.sshd_config_src
else files_switch( [openssh.sshd_config_src], else files_switch( [openssh.sshd_config_src],
'sshd_config_file_managed' 'sshd_config'
) }} ) }}
- template: jinja - template: jinja
- user: {{ openssh.sshd_config_user }} - user: {{ openssh.sshd_config_user }}
@ -26,17 +25,16 @@ sshd_config:
{%- endif %} {%- endif %}
- watch_in: - watch_in:
- service: {{ openssh.service }} - service: {{ openssh.service }}
{% endif %} {%- endif %}
{% if ssh_config %} {%- if ssh_config %}
ssh_config: ssh_config:
file.managed: file.managed:
- name: {{ openssh.ssh_config }} - name: {{ openssh.ssh_config }}
# Preserve backward compatibility {#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.ssh_config_src - source: {{ openssh.ssh_config_src if '://' in openssh.ssh_config_src
if '://' in openssh.ssh_config_src
else files_switch( [openssh.ssh_config_src], else files_switch( [openssh.ssh_config_src],
'ssh_config_file_managed' 'ssh_config'
) }} ) }}
- template: jinja - template: jinja
- user: {{ openssh.ssh_config_user }} - user: {{ openssh.ssh_config_user }}
@ -45,7 +43,7 @@ ssh_config:
{%- if openssh.ssh_config_backup %} {%- if openssh.ssh_config_backup %}
- backup: minion - backup: minion
{%- endif %} {%- endif %}
{% endif %} {%- endif %}
{%- for keyType in openssh['host_key_algos'].split(',') %} {%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %} {%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
@ -134,4 +132,4 @@ ssh_host_{{ keyType }}_key.pub:
- file: sshd_config - file: sshd_config
- watch_in: - watch_in:
- service: {{ openssh.service }} - service: {{ openssh.service }}
{% endif %} {%- endif %}

1
openssh/defaults.yaml
View File

@ -17,6 +17,7 @@ default:
banner: /etc/ssh/banner banner: /etc/ssh/banner
banner_src: banner # Default TOFS source filename banner_src: banner # Default TOFS source filename
ssh_known_hosts: /etc/ssh/ssh_known_hosts ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts # Default TOFS source filename
dig_pkg: dnsutils dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli ssh_moduli: /etc/ssh/moduli
root_group: root root_group: root

10
openssh/known_hosts.sls
View File

@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %} {%- set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %} {%- from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %} {%- from tplroot ~ "/libtofs.jinja" import files_switch %}
ensure dig is available: ensure dig is available:
pkg.installed: pkg.installed:
@ -10,8 +10,8 @@ ensure dig is available:
manage ssh_known_hosts file: manage ssh_known_hosts file:
file.managed: file.managed:
- name: {{ openssh.ssh_known_hosts }} - name: {{ openssh.ssh_known_hosts }}
- source: {{ files_switch( ['ssh_known_hosts'], - source: {{ files_switch( [openssh.ssh_known_hosts_src],
'ssh_known_hosts_file_managed' 'manage ssh_known_hosts file'
) }} ) }}
- template: jinja - template: jinja
- user: root - user: root

17
pillar.example
View File

@ -194,10 +194,6 @@ ssh_config:
openssh: openssh:
# Banner file can be retrieved either by TOFS or by url
banner_src: banner_fire
# banner_src: salt://ssh/files/banner_src # <- old style
# Instead of adding a custom banner file you can set it in pillar # Instead of adding a custom banner file you can set it in pillar
banner_string: | banner_string: |
Welcome to {{ grains['id'] }}! Welcome to {{ grains['id'] }}!
@ -333,7 +329,6 @@ openssh:
static: static:
github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]' github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]' gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]'
# The template of ssh_know_host file can be overriden thanks to TOFS
# specify DH parameters (see /etc/ssh/moduli) # specify DH parameters (see /etc/ssh/moduli)
moduli: | moduli: |
@ -381,11 +376,11 @@ mine_functions:
# files: files_alt # files: files_alt
# default: default_alt # default: default_alt
source_files: source_files:
ssh_known_hosts_file_managed: manage ssh_known_hosts file:
- alt_known_hosts - alt_ssh_known_hosts
sshd_config_file_managed: sshd_config:
- alt_sshd_config - alt_sshd_config
ssh_config_file_managed: ssh_config:
- alt_ssh_config - alt_ssh_config
sshd_banner_file_managed: sshd_banner:
- alt_banner_src - fire_banner