Browse Source
Merge pull request #8 from carlosperello/master
Allow to manage ssh certificates from pillar definitionstags/v0.41.0
Joseph Hall
11 years ago
4 changed files with 70 additions and 8 deletions
+ 1
- 1
LICENSE
View File
| @@ -1,4 +1,4 @@ | |||
| Copyright (c) 2013 Salt Stack Formulas | |||
| Copyright (c) 2013-2014 Salt Stack Formulas | |||
| Licensed under the Apache License, Version 2.0 (the "License"); | |||
| you may not use this file except in compliance with the License. | |||
+ 13
- 7
README.rst
View File
| @@ -18,20 +18,26 @@ Available states | |||
| Installs the ``openssh`` server package and service. | |||
| ``openssh.config`` | |||
| ``openssh.auth`` | |||
| ----------- | |||
| Manages SSH certificates for users. | |||
| ``openssh.banner`` | |||
| ------------------ | |||
| Installs the ssh daemon configuration file included in this formula | |||
| (under "openssh/files"). This configuration file is populated | |||
| by values from pillar. ``pillar.example`` results in the generation | |||
| of the default ``sshd_config`` file on Debian Wheezy. | |||
| Installs a banner that users see when SSH-ing in. | |||
| ``openssh.client`` | |||
| ------------------ | |||
| Installs the openssh client package. | |||
| ``openssh.banner`` | |||
| ``openssh.config`` | |||
| ------------------ | |||
| Installs a banner that users see when SSH-ing in. | |||
| Installs the ssh daemon configuration file included in this formula | |||
| (under "openssh/files"). This configuration file is populated | |||
| by values from pillar. ``pillar.example`` results in the generation | |||
| of the default ``sshd_config`` file on Debian Wheezy. | |||
+ 43
- 0
openssh/auth.sls
View File
| @@ -0,0 +1,43 @@ | |||
| include: | |||
| - openssh | |||
| {% from "openssh/map.jinja" import openssh with context %} | |||
| {% set openssh_pillar = pillar.get('openssh', {}) %} | |||
| {% set auth = openssh_pillar.get('auth', {}) %} | |||
| {% for user,keys in auth.items() -%} | |||
| {% for key in keys -%} | |||
| {% if 'present' in key and key['present'] %} | |||
| {{ key['name'] }}: | |||
| ssh_auth.present: | |||
| - user: {{ user }} | |||
| {% if 'source' in key %} | |||
| - source: {{ key['source'] }} | |||
| {% else %} | |||
| {% if 'enc' in key %} | |||
| - enc: {{ key['enc'] }} | |||
| {% endif %} | |||
| {% if 'comment' in key %} | |||
| - comment: {{ key['comment'] }} | |||
| {% endif %} | |||
| {% if 'options' in key %} | |||
| - options: {{ key['options'] }} | |||
| {% endif %} | |||
| {% endif %} | |||
| - require: | |||
| - service: {{ openssh.service }} | |||
| {% else %} | |||
| {{ key['name'] }}: | |||
| ssh_auth.absent: | |||
| - user: {{ user }} | |||
| {% if 'enc' in key %} | |||
| - enc: {{ key['enc'] }} | |||
| {% endif %} | |||
| {% if 'comment' in key %} | |||
| - comment: {{ key['comment'] }} | |||
| {% endif %} | |||
| {% if 'options' in key %} | |||
| - options: {{ key['options'] }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {% endfor %} | |||
| {% endfor %} | |||
+ 13
- 0
pillar.example
View File
| @@ -28,3 +28,16 @@ sshd_config: | |||
| AcceptEnv: "LANG LC_*" | |||
| Subsystem: "sftp /usr/lib/openssh/sftp-server" | |||
| UsePAM: yes | |||
| openssh: | |||
| auth: | |||
| joe: | |||
| - name: JOE_VALID_SSH_PUBLIC_KEY | |||
| present: True | |||
| enc: ssh-rsa | |||
| comment: main key | |||
| - name: JOE_NON_VALID_SSH_PUBLIC_KEY | |||
| present: False | |||
| enc: ssh-rsa | |||
| comment: obsolete key - removed | |||
Loading…