Merge "SSHD Service extensions" into stable/newton
This commit is contained in:
commit
5dc1e03244
|
@ -55,6 +55,7 @@
|
|||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::NovaCompute
|
||||
- OS::TripleO::Services::NovaLibvirt
|
||||
- OS::TripleO::Services::Sshd
|
||||
|
||||
- name: Controller
|
||||
CountDefault: 1
|
||||
|
@ -75,3 +76,4 @@
|
|||
- OS::TripleO::Services::Timezone
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::Sshd
|
||||
|
|
|
@ -53,6 +53,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::Timezone
|
||||
- OS::TripleO::Services::NovaCompute
|
||||
- OS::TripleO::Services::NovaLibvirt
|
||||
- OS::TripleO::Services::Sshd
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||
|
|
|
@ -52,6 +52,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::NovaCompute
|
||||
- OS::TripleO::Services::NovaLibvirt
|
||||
- OS::TripleO::Services::Pacemaker
|
||||
- OS::TripleO::Services::Sshd
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||
|
|
|
@ -55,6 +55,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::SwiftRingBuilder
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::Sshd
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||
|
|
|
@ -50,6 +50,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::SaharaEngine
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::Sshd
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||
|
|
|
@ -66,6 +66,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::NovaLibvirt
|
||||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::TripleoFirewall
|
||||
- OS::TripleO::Services::Sshd
|
||||
ControllerExtraConfig:
|
||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
resource_registry:
|
||||
OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
|
||||
|
||||
parameter_defaults:
|
||||
BannerText: |
|
||||
******************************************************************
|
||||
|
@ -11,3 +8,6 @@ parameter_defaults:
|
|||
* evidence of criminal activity, system personnel may provide *
|
||||
* the evidence from such monitoring to law enforcement officials.*
|
||||
******************************************************************
|
||||
MessageOfTheDay: |
|
||||
ALERT! You are entering into a secured area!
|
||||
This service is restricted to authorized users only.
|
||||
|
|
|
@ -156,7 +156,7 @@ resource_registry:
|
|||
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
|
||||
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
||||
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
||||
OS::TripleO::Services::Sshd: OS::Heat::None
|
||||
OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
|
||||
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
|
||||
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
|
||||
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
heat_template_version: ocata
|
||||
heat_template_version: newton
|
||||
|
||||
description: >
|
||||
Configure sshd_config
|
||||
|
@ -22,6 +22,33 @@ parameters:
|
|||
default: ''
|
||||
description: Configures Banner text in sshd_config
|
||||
type: string
|
||||
MessageOfTheDay:
|
||||
default: ''
|
||||
description: Configures /etc/motd text
|
||||
type: string
|
||||
SshServerOptions:
|
||||
default:
|
||||
HostKey:
|
||||
- '/etc/ssh/ssh_host_rsa_key'
|
||||
- '/etc/ssh/ssh_host_ecdsa_key'
|
||||
- '/etc/ssh/ssh_host_ed25519_key'
|
||||
SyslogFacility: 'AUTHPRIV'
|
||||
AuthorizedKeysFile: '.ssh/authorized_keys'
|
||||
PasswordAuthentication: 'no'
|
||||
ChallengeResponseAuthentication: 'no'
|
||||
GSSAPIAuthentication: 'yes'
|
||||
GSSAPICleanupCredentials: 'no'
|
||||
UsePAM: 'yes'
|
||||
X11Forwarding: 'yes'
|
||||
UsePrivilegeSeparation: 'sandbox'
|
||||
AcceptEnv:
|
||||
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
|
||||
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
|
||||
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
|
||||
- 'XMODIFIERS'
|
||||
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
||||
description: Mapping of sshd_config values
|
||||
type: json
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -29,6 +56,8 @@ outputs:
|
|||
value:
|
||||
service_name: sshd
|
||||
config_settings:
|
||||
BannerText: {get_param: BannerText}
|
||||
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
||||
tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
|
||||
tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::sshd
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added ability to manage MOTD Banner
|
||||
Enabled SSHD composible service by default. Puppet-ssh manages the sshd config.
|
Loading…
Reference in New Issue