From fc640d8c0ebe8ca415fee4ec0a973d6bc55b06b8 Mon Sep 17 00:00:00 2001 From: lhinds Date: Wed, 8 Mar 2017 12:32:57 +0000 Subject: [PATCH] SSHD Service extensions This change adds an `include` statement to bring in the extra functionality available from the existing puppet-ssh module in already available in RDO. By using puppet-ssh it provides a framework to allow the passing in of server options using just hiera values under ssh::server_options. For example, sshd_config banner can now be passed a server option, as well as all the new parameters outlined in the launchpad issue that the patch references for Closing. For this reason, the former augeas setting for `Banner /etc/issue` is now managed by the main puppet-ssh module instead. The change also allows population of MOTD text to `/etc/motd` as well as `issue.net`. $bannertext is refactored in accordance with patch [1] [1] https://review.openstack.org/#/c/442406/ Depends-On: Idefe9f0de47c5b0f29b7326642d697ed179e2eb8 Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c Related-Bug: 1668543 (cherry picked from commit b35bc80ac2acf18463e4c18c8360862749aa0964) (cherry picked from commit 0e991f99b4b239838b5f775468f25025b3ad170b) --- Puppetfile_extras | 4 + manifests/profile/base/sshd.pp | 59 ++++++++++++++ releasenotes/notes/sshd-437c531301f458bb.yaml | 5 ++ .../classes/tripleo_profile_base_sshd_spec.rb | 76 +++++++++++++++++++ 4 files changed, 144 insertions(+) create mode 100644 manifests/profile/base/sshd.pp create mode 100644 releasenotes/notes/sshd-437c531301f458bb.yaml create mode 100644 spec/classes/tripleo_profile_base_sshd_spec.rb diff --git a/Puppetfile_extras b/Puppetfile_extras index 42134f07e..f6e9d702c 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -36,3 +36,7 @@ mod 'ntp', mod 'systemd', :git => 'https://github.com/camptocamp/puppet-systemd', :ref => 'master' + +mod 'ssh', + :git => 'https://github.com/saz/puppet-ssh', + :ref => 'v3.0.1' diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp new file mode 100644 index 000000000..f43089c38 --- /dev/null +++ b/manifests/profile/base/sshd.pp @@ -0,0 +1,59 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::sshd +# +# SSH composable service for TripleO +# +# === Parameters +# +# [*bannertext*] +# The text used within /etc/issue and /etc/issue.net +# Defaults to hiera('BannerText') +# +# [*motd*] +# The text used within SSH Banner +# Defaults to hiera('MOTD') +# +class tripleo::profile::base::sshd ( + $bannertext = hiera('BannerText', undef), + $motd = hiera('MOTD', undef), +) { + + include ::ssh + + if $bannertext { + $filelist = [ '/etc/issue', '/etc/issue.net', ] + file { $filelist: + ensure => file, + backup => false, + content => $bannertext, + owner => 'root', + group => 'root', + mode => '0644' + } + } + + if $motd { + file { '/etc/motd': + ensure => file, + backup => false, + content => $motd, + owner => 'root', + group => 'root', + mode => '0644' + } + } +} diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml new file mode 100644 index 000000000..5997289f3 --- /dev/null +++ b/releasenotes/notes/sshd-437c531301f458bb.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added /etc/issue & /etc/issue.net parameters + - Added MOTD banner parameters + - Added external module saz-ssh to allow management of sshd_config diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb new file mode 100644 index 000000000..c611fe992 --- /dev/null +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -0,0 +1,76 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for tripleo::profile::base::sshd +# + +require 'spec_helper' + +describe 'tripleo::profile::base::sshd' do + + shared_examples_for 'tripleo::profile::base::sshd' do + + context 'it should do nothing' do + it do + is_expected.to contain_class('ssh') + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'with issue and issue.net configured' do + let(:params) {{ :bannertext => 'foo' }} + it do + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'with motd configured' do + let(:params) {{ :motd => 'foo' }} + it do + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let (:facts) { + facts + } + it_behaves_like 'tripleo::profile::base::sshd' + end + end +end