Browse Source
Merge pull request #58 from smlloyd/master
Add sshd_config to map.jinja, and only install dig package if dig command not found.tags/v0.41.0
Forrest
8 years ago
4 changed files with 35 additions and 4 deletions
+ 2
- 0
openssh/defaults.yaml
View File
| @@ -8,6 +8,8 @@ openssh: | |||
| ssh_known_hosts: /etc/ssh/ssh_known_hosts | |||
| dig_pkg: dnsutils | |||
| ssh_moduli: /etc/ssh/moduli | |||
| root_group: root | |||
| sshd_config: {} | |||
| ssh_config: | |||
| Hosts: | |||
| '*': | |||
+ 1
- 1
openssh/files/sshd_config
View File
| @@ -1,4 +1,4 @@ | |||
| {%- set sshd_config = pillar.get('sshd_config', {}) -%} | |||
| {% from "openssh/map.jinja" import sshd_config with context %} | |||
| {#- present in sshd_config and known in actual file options -#} | |||
| {%- set processed_options = [] -%} | |||
+ 7
- 1
openssh/known_hosts.sls
View File
| @@ -1,8 +1,14 @@ | |||
| {% from "openssh/map.jinja" import openssh with context %} | |||
| check for existing dig: | |||
| cmd.run: | |||
| - name: which dig | |||
| ensure dig is available: | |||
| pkg.installed: | |||
| - name: {{ openssh.dig_pkg }} | |||
| - onfail: | |||
| - cmd: check for existing dig | |||
| manage ssh_known_hosts file: | |||
| file.managed: | |||
| @@ -10,7 +16,7 @@ manage ssh_known_hosts file: | |||
| - source: salt://openssh/files/ssh_known_hosts | |||
| - template: jinja | |||
| - user: root | |||
| - group: root | |||
| - group: {{ openssh.root_group }} | |||
| - mode: 644 | |||
| - require: | |||
| - pkg: ensure dig is available | |||
+ 25
- 2
openssh/map.jinja
View File
| @@ -19,7 +19,7 @@ that differ from whats in defaults.yaml | |||
| 'FreeBSD': { | |||
| 'service': 'sshd', | |||
| 'dig_pkg': 'bind-tools', | |||
| 'Subsystem': 'sftp /usr/libexec/sftp-server', | |||
| 'root_group': 'wheel', | |||
| }, | |||
| 'Gentoo': { | |||
| 'server': 'net-misc/openssh', | |||
| @@ -38,7 +38,6 @@ that differ from whats in defaults.yaml | |||
| 'client': 'openssh', | |||
| 'service': 'sshd', | |||
| 'dig_pkg': 'bind-utils', | |||
| 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', | |||
| }, | |||
| } | |||
| , grain="os_family" | |||
| @@ -56,3 +55,27 @@ that differ from whats in defaults.yaml | |||
| ) | |||
| %} | |||
| {% set os_family_map = salt['grains.filter_by']({ | |||
| 'FreeBSD': { | |||
| 'Subsystem': 'sftp /usr/libexec/sftp-server', | |||
| }, | |||
| 'Suse': { | |||
| 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', | |||
| }, | |||
| 'default': {} | |||
| } | |||
| , grain="os_family" | |||
| , merge=salt['pillar.get']('sshd_config:lookup')) | |||
| %} | |||
| {## Merge the flavor_map to the default settings ##} | |||
| {% do default_settings.sshd_config.update(os_family_map) %} | |||
| {## Merge in sshd_config:lookup pillar ##} | |||
| {% set sshd_config = salt['pillar.get']( | |||
| 'sshd_config', | |||
| default=default_settings.sshd_config, | |||
| merge=True | |||
| ) | |||
| %} | |||
Loading…