From 0092ac37dfb00cc344eed64e3f2ae424475a7303 Mon Sep 17 00:00:00 2001
From: Matthew Farrellee <matt@redhat.com>
Date: Wed, 10 Jul 2013 14:14:50 -0400
Subject: [PATCH] Use augeas instead of echo / sed to edit ssh/sshd
 configuration

Implements: blueprint merge-dib-hadoop-elements
Change-Id: I1f2f8c3d69d879660aabf6f72560e6d22012a0a5
---
 .../post-install.d/12-setup-hadoop            |  2 +-
 .../post-install.d/13-connection-setup        | 37 +++++++++++--------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/elements/hadoop_fedora/post-install.d/12-setup-hadoop b/elements/hadoop_fedora/post-install.d/12-setup-hadoop
index 62ef2c5..b0f80d1 100755
--- a/elements/hadoop_fedora/post-install.d/12-setup-hadoop
+++ b/elements/hadoop_fedora/post-install.d/12-setup-hadoop
@@ -2,7 +2,7 @@
 echo "Hadoop setup begins"
 tmp_dir=/tmp/hadoop
 
-install-packages openssh-server wget
+install-packages wget
 echo "Creating hadoop user & group"
 adduser -G adm,wheel hadoop
 
diff --git a/elements/hadoop_fedora/post-install.d/13-connection-setup b/elements/hadoop_fedora/post-install.d/13-connection-setup
index af0af49..8f02245 100755
--- a/elements/hadoop_fedora/post-install.d/13-connection-setup
+++ b/elements/hadoop_fedora/post-install.d/13-connection-setup
@@ -1,21 +1,28 @@
 #!/bin/bash
+
 echo "Adjusting ssh configuration"
 
-sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
-echo "UseDNS no" >> /etc/ssh/sshd_config
-echo "PermitTunnel yes" >> /etc/ssh/sshd_config
-echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
-echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
-echo "StrictModes yes" >> /etc/ssh/sshd_config
-echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
-echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
-echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
+# /etc/ssh/sshd_config is provided by openssh-server
+# /etc/ssh/ssh_config is provided by openssh-clients
+# Note0: augtool is provided by augeas-tools on Ubuntu
+# Note1: augtool on Ubuntu does not auto-save, pass -s
+install-packages augeas openssh-server openssh-clients
 
-echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
-echo "GSSAPIDelegateCredentials no" >> /etc/ssh/ssh_config
-sed -i 's/        GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
+augtool set /files/etc/ssh/sshd_config/PasswordAuthentication yes
+augtool set /files/etc/ssh/sshd_config/UseDNS no
+augtool set /files/etc/ssh/sshd_config/PermitTunnel yes
+augtool set /files/etc/ssh/sshd_config/SyslogFacility AUTH
+augtool set /files/etc/ssh/sshd_config/PermitRootLogin yes
+augtool set /files/etc/ssh/sshd_config/StrictModes yes
+augtool set /files/etc/ssh/sshd_config/RSAAuthentication yes
+augtool set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
+augtool set /files/etc/ssh/sshd_config/IgnoreRhosts yes
 
+augtool set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
+augtool set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no
+augtool set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no
+
+# No known augeas lense for cloud-init config
 sed -i 's/ssh_pwauth:   0/ssh_pwauth:   1/' /etc/cloud/cloud.cfg
-chmod 640 /etc/sudoers
-sed -i 's/Defaults    requiretty/#Defaults    requiretty/' /etc/sudoers
-chmod 0440 /etc/sudoers
+
+augtool clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate