ExternalMirrors
/
openssh-formula
镜像自地址 https://github.com/saltstack-formulas/openssh-formula
关注 1
点赞 0
派生 1
代码 工单 0 版本发布 27 百科 动态
浏览代码

Merge pull request #199 from myii/ci/add-vagrant-testing-via-github-actions 

ci: enable Vagrant-based testing using GitHub Actions
tags/v3.0.1
Imran Iqbal 3 年前
父节点
35a2124a43 2f8c31c66c
当前提交
7abe9c9d92
没有帐户链接到提交者的电子邮件
共有 12 个文件被更改,包括 678 次插入13 次删除
分列视图 显示文件统计
  1. +35
    -0
      .github/workflows/kitchen.vagrant.yml
  2. +1
    -0
      .yamllint
  3. +62
    -1
      docs/README.rst
  4. +19
    -8
      kitchen.vagrant.yml
  5. +1
    -0
      kitchen.yml
  6. +4
    -2
      openssh/known_hosts.sls
  7. +2
    -0
      openssh/parameters/os_family/OpenBSD.yaml
  8. +4
    -2
      test/integration/default/controls/config_spec.rb
  9. +183
    -0
      test/integration/default/files/_mapdata/freebsd-11.yaml
  10. +183
    -0
      test/integration/default/files/_mapdata/freebsd-12.yaml
  11. +182
    -0
      test/integration/default/files/_mapdata/openbsd-6.yaml
  12. +2
    -0
      test/salt/pillar/default.sls

+ 35
- 0
.github/workflows/kitchen.vagrant.yml 查看文件

@@ -0,0 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: 'Kitchen Vagrant (FreeBSD & OpenBSD)'
'on': ['push', 'pull_request']

env:
KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'

jobs:
test:
runs-on: 'macos-10.15'
strategy:
fail-fast: false
matrix:
instance:
- default-freebsd-122-latest-py3
- default-freebsd-114-latest-py3
- default-openbsd-68-latest-py3
steps:
- name: 'Check out code'
uses: 'actions/checkout@v2'
- name: 'Set up Bundler cache'
uses: 'actions/cache@v1'
with:
path: 'vendor/bundle'
key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
restore-keys: "${{ runner.os }}-gems-"
- name: 'Run Bundler'
run: |
ruby --version
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: 'Run Test Kitchen'
run: 'bundle exec kitchen verify ${{ matrix.instance }}'

+ 1
- 0
.yamllint 查看文件

@@ -16,6 +16,7 @@ ignore: |
node_modules/
test/**/states/**/*.sls
.kitchen/
test/salt/pillar/default.sls

yaml-files:
# Default settings

+ 62
- 1
docs/README.rst 查看文件

@@ -266,7 +266,7 @@ e.g. ``debian-9-2019-2-py3``.
``bin/kitchen converge``
^^^^^^^^^^^^^^^^^^^^^^^^

Creates the docker instance and runs the ``template`` main state, ready for testing.
Creates the docker instance and runs the ``openssh`` main states, ready for testing.

``bin/kitchen verify``
^^^^^^^^^^^^^^^^^^^^^^
@@ -288,3 +288,64 @@ Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``veri

Gives you SSH access to the instance for manual testing.

Testing with Vagrant
--------------------

Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.

Requirements
^^^^^^^^^^^^

* Ruby
* Virtualbox
* Vagrant

Setup
^^^^^

.. code-block:: bash

$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]

Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
e.g. ``windows-81-latest-py3``.

Note
^^^^

When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example:

.. code-block:: bash

$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen test

Then run the following commands as needed.

``bin/kitchen converge``
^^^^^^^^^^^^^^^^^^^^^^^^

Creates the Vagrant instance and runs the ``openssh`` main states, ready for testing.

``bin/kitchen verify``
^^^^^^^^^^^^^^^^^^^^^^

Runs the ``inspec`` tests on the actual instance.

``bin/kitchen destroy``
^^^^^^^^^^^^^^^^^^^^^^^

Removes the Vagrant instance.

``bin/kitchen test``
^^^^^^^^^^^^^^^^^^^^

Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.

``bin/kitchen login``
^^^^^^^^^^^^^^^^^^^^^

Gives you RDP/SSH access to the instance for manual testing.

+ 19
- 8
kitchen.vagrant.yml 查看文件

@@ -3,15 +3,26 @@
---
driver:
name: vagrant
cache_directory: false
customize:
usbxhci: 'off'
gui: false
linked_clone: true
ssh:
shell: /bin/sh

platforms:
- name: freebsd-120-2019-2-py3
- name: freebsd-122-latest-py3
driver:
box_url: https://freebsd.z.vstack.com/FreeBSD-12.0.box
cache_directory: false
customize:
usbxhci: 'off'
gui: false
linked_clone: true
box: bento/freebsd-12.2
- name: freebsd-114-latest-py3
driver:
box: bento/freebsd-11.4
- name: openbsd-68-latest-py3
driver:
box: generic/openbsd6
ssh:
shell: '/bin/sh'
shell: /bin/ksh

provisioner:
salt_install: bootstrap

+ 1
- 0
kitchen.yml 查看文件

@@ -310,6 +310,7 @@ suites:
- name: default
driver:
hostname: example.net
vm_hostname: example.net
provisioner:
state_top:
base:

+ 4
- 2
openssh/known_hosts.sls 查看文件

@@ -3,9 +3,13 @@
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set openssh = mapdata.openssh %}

{%- if openssh.dig_pkg %}
ensure dig is available:
pkg.installed:
- name: {{ openssh.dig_pkg }}
- require_in:
- file: manage ssh_known_hosts file
{%- endif %}

manage ssh_known_hosts file:
file.managed:
@@ -19,5 +23,3 @@ manage ssh_known_hosts file:
- user: root
- group: {{ openssh.ssh_config_group }}
- mode: 644
- require:
- pkg: ensure dig is available

+ 2
- 0
openssh/parameters/os_family/OpenBSD.yaml 查看文件

@@ -12,6 +12,8 @@
values:
openssh:
service: sshd
# Already installed: `base68:/usr/bin/dig`
dig_pkg: ~
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:

+ 4
- 2
test/integration/default/controls/config_spec.rb 查看文件

@@ -27,7 +27,9 @@ control 'openssh configuration' do
its('content') { should include 'PrintMotd no' }
its('content') { should include 'AcceptEnv LANG LC_*' }
its('content') { should include 'Subsystem sftp /usr/lib/openssh/sftp-server' }
its('content') { should include 'UsePAM yes' }
unless %w[openbsd].include?(platform[:name])
its('content') { should include 'UsePAM yes' }
end
end

describe file('/etc/ssh/ssh_config') do
@@ -45,7 +47,7 @@ control 'openssh configuration' do
it { should be_file }
its('mode') { should cmp '0644' }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_grouped_into root_group }
its('content') { should include github_known_host }
its('content') { should match(gitlab_known_host_re) }
its('content') { should include minion_rsa_known_host }

+ 183
- 0
test/integration/default/files/_mapdata/freebsd-11.yaml 查看文件

@@ -0,0 +1,183 @@
# yamllint disable rule:indentation rule:line-length
# FreeBSD-12
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: bind-tools
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----

NOT_DEFINED

-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----

NOT_DEFINED

-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----

NOT_DEFINED

-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]

ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus

20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63

20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB

20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53

20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----

NOT_DEFINED

-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
UsePAM: 'yes'
X11Forwarding: 'yes'

+ 183
- 0
test/integration/default/files/_mapdata/freebsd-12.yaml 查看文件

@@ -0,0 +1,183 @@
# yamllint disable rule:indentation rule:line-length
# FreeBSD-12
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: bind-tools
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----

NOT_DEFINED

-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----

NOT_DEFINED

-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----

NOT_DEFINED

-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]

ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus

20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63

20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB

20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53

20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----

NOT_DEFINED

-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
UsePAM: 'yes'
X11Forwarding: 'yes'

+ 182
- 0
test/integration/default/files/_mapdata/openbsd-6.yaml 查看文件

@@ -0,0 +1,182 @@
# yamllint disable rule:indentation rule:line-length
# OpenBSD-6
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: ~
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----

NOT_DEFINED

-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----

NOT_DEFINED

-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----

NOT_DEFINED

-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]

ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus

20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63

20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB

20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53

20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----

NOT_DEFINED

-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
X11Forwarding: 'yes'

+ 2
- 0
test/salt/pillar/default.sls 查看文件

@@ -22,7 +22,9 @@ sshd_config:
PrintMotd: 'no'
AcceptEnv: "LANG LC_*"
Subsystem: "sftp /usr/lib/openssh/sftp-server"
{%- if grains.os != "OpenBSD" %}
UsePAM: 'yes'
{%- endif %}

ssh_config:
Hosts:

撰写 预览
正在加载...
取消
保存