summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-01 20:14:14 +0000
committerGerrit Code Review <review@openstack.org>2017-06-01 20:14:14 +0000
commita1d685bec5e3fe17f2952512e2706a65a10aa872 (patch)
tree355bb515c55d03579cec00957c52ed5c0ed4e46c
parent798ac59f63816d7c0171d194c37790a909051bee (diff)
parent0c8703811340f2acd00a515c8bf214c71bb4c4a3 (diff)
Merge "Refactor SSHD config to allow both SSHD options and banner/motd to be set" into stable/newton
-rw-r--r--manifests/profile/base/sshd.pp34
-rw-r--r--spec/classes/tripleo_profile_base_sshd_spec.rb118
2 files changed, 147 insertions, 5 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index 2b86032..3f0245d 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -27,14 +27,19 @@
27# The text used within SSH Banner 27# The text used within SSH Banner
28# Defaults to hiera('MOTD') 28# Defaults to hiera('MOTD')
29# 29#
30# [*options*]
31# Hash of SSHD options to set. See the puppet-ssh module documentation for
32# details.
33# Defaults to {}
34
30class tripleo::profile::base::sshd ( 35class tripleo::profile::base::sshd (
31 $bannertext = hiera('BannerText', undef), 36 $bannertext = hiera('BannerText', undef),
32 $motd = hiera('MOTD', undef), 37 $motd = hiera('MOTD', undef),
38 $options = {}
33) { 39) {
34 40
35 include ::ssh::server 41 if $bannertext and $bannertext != '' {
36 42 $sshd_options_banner = {'Banner' => '/etc/issue.net'}
37 if $bannertext {
38 $filelist = [ '/etc/issue', '/etc/issue.net', ] 43 $filelist = [ '/etc/issue', '/etc/issue.net', ]
39 file { $filelist: 44 file { $filelist:
40 ensure => file, 45 ensure => file,
@@ -44,9 +49,12 @@ class tripleo::profile::base::sshd (
44 group => 'root', 49 group => 'root',
45 mode => '0644' 50 mode => '0644'
46 } 51 }
52 } else {
53 $sshd_options_banner = {}
47 } 54 }
48 55
49 if $motd { 56 if $motd and $motd != '' {
57 $sshd_options_motd = {'PrintMotd' => 'yes'}
50 file { '/etc/motd': 58 file { '/etc/motd':
51 ensure => file, 59 ensure => file,
52 backup => false, 60 backup => false,
@@ -55,5 +63,23 @@ class tripleo::profile::base::sshd (
55 group => 'root', 63 group => 'root',
56 mode => '0644' 64 mode => '0644'
57 } 65 }
66 } else {
67 $sshd_options_motd = {}
68 }
69
70 $sshd_options = merge(
71 $options,
72 $sshd_options_banner,
73 $sshd_options_motd
74 )
75
76 # NB (owalsh) in puppet-ssh hiera takes precedence over the class param
77 # we need to control this, so error if it's set in hiera
78 if hiera('ssh:server::options', undef) {
79 err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options')
80 }
81 class { '::ssh::server':
82 storeconfigs_enabled => false,
83 options => $sshd_options
58 } 84 }
59} 85}
diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb
index e84a1f5..58b271f 100644
--- a/spec/classes/tripleo_profile_base_sshd_spec.rb
+++ b/spec/classes/tripleo_profile_base_sshd_spec.rb
@@ -24,7 +24,23 @@ describe 'tripleo::profile::base::sshd' do
24 24
25 context 'it should do nothing' do 25 context 'it should do nothing' do
26 it do 26 it do
27 is_expected.to contain_class('ssh::server') 27 is_expected.to contain_class('ssh::server').with({
28 'storeconfigs_enabled' => false,
29 'options' => {}
30 })
31 is_expected.to_not contain_file('/etc/issue')
32 is_expected.to_not contain_file('/etc/issue.net')
33 is_expected.to_not contain_file('/etc/motd')
34 end
35 end
36
37 context 'it should do nothing with empty strings' do
38 let(:params) {{ :bannertext => '', :motd => '' }}
39 it do
40 is_expected.to contain_class('ssh::server').with({
41 'storeconfigs_enabled' => false,
42 'options' => {}
43 })
28 is_expected.to_not contain_file('/etc/issue') 44 is_expected.to_not contain_file('/etc/issue')
29 is_expected.to_not contain_file('/etc/issue.net') 45 is_expected.to_not contain_file('/etc/issue.net')
30 is_expected.to_not contain_file('/etc/motd') 46 is_expected.to_not contain_file('/etc/motd')
@@ -34,6 +50,12 @@ describe 'tripleo::profile::base::sshd' do
34 context 'with issue and issue.net configured' do 50 context 'with issue and issue.net configured' do
35 let(:params) {{ :bannertext => 'foo' }} 51 let(:params) {{ :bannertext => 'foo' }}
36 it do 52 it do
53 is_expected.to contain_class('ssh::server').with({
54 'storeconfigs_enabled' => false,
55 'options' => {
56 'Banner' => '/etc/issue.net'
57 }
58 })
37 is_expected.to contain_file('/etc/issue').with({ 59 is_expected.to contain_file('/etc/issue').with({
38 'content' => 'foo', 60 'content' => 'foo',
39 'owner' => 'root', 61 'owner' => 'root',
@@ -53,6 +75,12 @@ describe 'tripleo::profile::base::sshd' do
53 context 'with motd configured' do 75 context 'with motd configured' do
54 let(:params) {{ :motd => 'foo' }} 76 let(:params) {{ :motd => 'foo' }}
55 it do 77 it do
78 is_expected.to contain_class('ssh::server').with({
79 'storeconfigs_enabled' => false,
80 'options' => {
81 'PrintMotd' => 'yes'
82 }
83 })
56 is_expected.to contain_file('/etc/motd').with({ 84 is_expected.to contain_file('/etc/motd').with({
57 'content' => 'foo', 85 'content' => 'foo',
58 'owner' => 'root', 86 'owner' => 'root',
@@ -63,6 +91,94 @@ describe 'tripleo::profile::base::sshd' do
63 is_expected.to_not contain_file('/etc/issue.net') 91 is_expected.to_not contain_file('/etc/issue.net')
64 end 92 end
65 end 93 end
94
95 context 'with options configured' do
96 let(:params) {{ :options => {'X11Forwarding' => 'no'} }}
97 it do
98 is_expected.to contain_class('ssh::server').with({
99 'storeconfigs_enabled' => false,
100 'options' => {
101 'X11Forwarding' => 'no'
102 }
103 })
104 is_expected.to_not contain_file('/etc/motd')
105 is_expected.to_not contain_file('/etc/issue')
106 is_expected.to_not contain_file('/etc/issue.net')
107 end
108 end
109
110 context 'with motd and issue configured' do
111 let(:params) {{
112 :bannertext => 'foo',
113 :motd => 'foo'
114 }}
115 it do
116 is_expected.to contain_class('ssh::server').with({
117 'storeconfigs_enabled' => false,
118 'options' => {
119 'Banner' => '/etc/issue.net',
120 'PrintMotd' => 'yes'
121 }
122 })
123 is_expected.to contain_file('/etc/motd').with({
124 'content' => 'foo',
125 'owner' => 'root',
126 'group' => 'root',
127 'mode' => '0644',
128 })
129 is_expected.to contain_file('/etc/issue').with({
130 'content' => 'foo',
131 'owner' => 'root',
132 'group' => 'root',
133 'mode' => '0644',
134 })
135 is_expected.to contain_file('/etc/issue.net').with({
136 'content' => 'foo',
137 'owner' => 'root',
138 'group' => 'root',
139 'mode' => '0644',
140 })
141 end
142 end
143
144 context 'with motd and issue and options configured' do
145 let(:params) {{
146 :bannertext => 'foo',
147 :motd => 'foo',
148 :options => {
149 'PrintMotd' => 'no', # this should be overridden
150 'X11Forwarding' => 'no'
151 }
152 }}
153 it do
154 is_expected.to contain_class('ssh::server').with({
155 'storeconfigs_enabled' => false,
156 'options' => {
157 'Banner' => '/etc/issue.net',
158 'PrintMotd' => 'yes',
159 'X11Forwarding' => 'no'
160 }
161 })
162 is_expected.to contain_file('/etc/motd').with({
163 'content' => 'foo',
164 'owner' => 'root',
165 'group' => 'root',
166 'mode' => '0644',
167 })
168 is_expected.to contain_file('/etc/issue').with({
169 'content' => 'foo',
170 'owner' => 'root',
171 'group' => 'root',
172 'mode' => '0644',
173 })
174 is_expected.to contain_file('/etc/issue.net').with({
175 'content' => 'foo',
176 'owner' => 'root',
177 'group' => 'root',
178 'mode' => '0644',
179 })
180 end
181 end
66 end 182 end
67 183
68 on_supported_os.each do |os, facts| 184 on_supported_os.each do |os, facts|