From 4692bb30fcf39a98d36c35b3b24ae8ca72b4cacb Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Thu, 8 Dec 2016 13:12:53 +0000 Subject: [PATCH] Adds SSH Banner text into sshd_config Allow use of ooo template to populate banner text into /etc/issue Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640 Closes-Bug: #1640306 (cherry picked from commit 73f58792f90942be1e2dc0ef67eac0a47d9aba18) --- ci/environments/scenario001-multinode.yaml | 10 +++++++ environments/sshd-banner.yaml | 13 +++++++++ overcloud-resource-registry-puppet.j2.yaml | 1 + puppet/services/sshd.yaml | 34 ++++++++++++++++++++++ roles_data.yaml | 5 ++++ 5 files changed, 63 insertions(+) create mode 100644 environments/sshd-banner.yaml create mode 100644 puppet/services/sshd.yaml diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index cc3f8c2361..f2c05b4cab 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -46,6 +46,7 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt @@ -94,3 +95,12 @@ parameter_defaults: CinderEnableRbdBackend: true CinderBackupBackend: ceph CinderEnableIscsiBackend: false + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml new file mode 100644 index 0000000000..041c099024 --- /dev/null +++ b/environments/sshd-banner.yaml @@ -0,0 +1,13 @@ +resource_registry: + OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml + +parameter_defaults: + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 3237a50bc2..4faf3a7a9a 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -156,6 +156,7 @@ resource_registry: OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None + OS::TripleO::Services::Sshd: OS::Heat::None OS::TripleO::Services::Redis: puppet/services/database/redis.yaml OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml new file mode 100644 index 0000000000..41e144a0e2 --- /dev/null +++ b/puppet/services/sshd.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + Configure sshd_config + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + BannerText: + default: '' + description: Configures Banner text in sshd_config + type: string + +outputs: + role_data: + description: Role data for the ssh + value: + service_name: sshd + config_settings: + BannerText: {get_param: BannerText} + step_config: | + include ::tripleo::profile::base::sshd diff --git a/roles_data.yaml b/roles_data.yaml index 62134a04c7..7450a95dcd 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -63,6 +63,7 @@ - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::CeilometerApi - OS::TripleO::Services::CeilometerCollector @@ -106,6 +107,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -130,6 +132,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient @@ -144,6 +147,7 @@ - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -158,6 +162,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall