saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: complete PR #164

Browse Source 
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
This commit is contained in:
Imran Iqbal 2019-07-04 00:07:34 +01:00
parent a47596f15a
commit f6dbca3352
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
5 changed files with 35 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
openssh/banner.sls
View File

@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
include:
- openssh
@ -8,14 +8,13 @@ include:
sshd_banner:
file.managed:
- name: {{ openssh.banner }}
{% if openssh.banner_string is defined %}
{%- if openssh.banner_string is defined %}
- contents: {{ openssh.banner_string | yaml }}
{% else %}
# Preserve backward compatibility
- source: {{ openssh.banner_src
if '://' in openssh.banner_src
{%- else %}
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.banner_src if '://' in openssh.banner_src
else files_switch( [openssh.banner_src],
'sshd_banner_file_managed'
'sshd_banner'
) }}
- template: jinja
{% endif %}
{%- endif %}

30
openssh/config.sls
View File

@ -1,20 +1,19 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
include:
- openssh
{% if sshd_config %}
{%- if sshd_config %}
sshd_config:
file.managed:
- name: {{ openssh.sshd_config }}
# Preserve backward compatibility
- source: {{ openssh.sshd_config_src
if '://' in openssh.sshd_config_src
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.sshd_config_src if '://' in openssh.sshd_config_src
else files_switch( [openssh.sshd_config_src],
'sshd_config_file_managed'
'sshd_config'
) }}
- template: jinja
- user: {{ openssh.sshd_config_user }}
@ -26,17 +25,16 @@ sshd_config:
{%- endif %}
- watch_in:
- service: {{ openssh.service }}
{% endif %}
{%- endif %}
{% if ssh_config %}
{%- if ssh_config %}
ssh_config:
file.managed:
- name: {{ openssh.ssh_config }}
# Preserve backward compatibility
- source: {{ openssh.ssh_config_src
if '://' in openssh.ssh_config_src
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.ssh_config_src if '://' in openssh.ssh_config_src
else files_switch( [openssh.ssh_config_src],
'ssh_config_file_managed'
'ssh_config'
) }}
- template: jinja
- user: {{ openssh.ssh_config_user }}
@ -45,7 +43,7 @@ ssh_config:
{%- if openssh.ssh_config_backup %}
- backup: minion
{%- endif %}
{% endif %}
{%- endif %}
{%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
@ -134,4 +132,4 @@ ssh_host_{{ keyType }}_key.pub:
- file: sshd_config
- watch_in:
- service: {{ openssh.service }}
{% endif %}
{%- endif %}

1
openssh/defaults.yaml
View File

@ -17,6 +17,7 @@ default:
banner: /etc/ssh/banner
banner_src: banner # Default TOFS source filename
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts # Default TOFS source filename
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root

10
openssh/known_hosts.sls
View File

@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
ensure dig is available:
pkg.installed:
@ -10,8 +10,8 @@ ensure dig is available:
manage ssh_known_hosts file:
file.managed:
- name: {{ openssh.ssh_known_hosts }}
- source: {{ files_switch( ['ssh_known_hosts'],
'ssh_known_hosts_file_managed'
- source: {{ files_switch( [openssh.ssh_known_hosts_src],
'manage ssh_known_hosts file'
) }}
- template: jinja
- user: root

17
pillar.example
View File

@ -194,10 +194,6 @@ ssh_config:
openssh:
# Banner file can be retrieved either by TOFS or by url
banner_src: banner_fire
# banner_src: salt://ssh/files/banner_src # <- old style
# Instead of adding a custom banner file you can set it in pillar
banner_string: |
Welcome to {{ grains['id'] }}!
@ -333,7 +329,6 @@ openssh:
static:
github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]'
# The template of ssh_know_host file can be overriden thanks to TOFS
# specify DH parameters (see /etc/ssh/moduli)
moduli: |
@ -381,11 +376,11 @@ mine_functions:
# files: files_alt
# default: default_alt
source_files:
ssh_known_hosts_file_managed:
- alt_known_hosts
sshd_config_file_managed:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
sshd_config:
- alt_sshd_config
ssh_config_file_managed:
ssh_config:
- alt_ssh_config
sshd_banner_file_managed:
- alt_banner_src
sshd_banner:
- fire_banner