Browse Source

Changed expr_form to tgt_type for deprecation reasons. (#122)

tags/v0.41.0
Mario Fritschen 7 years ago
parent
commit
e665450ed4
3 changed files with 13 additions and 13 deletions
  1. +1
    -1
      README.rst
  2. +5
    -5
      openssh/files/ssh_known_hosts
  3. +7
    -7
      pillar.example

+ 1
- 1
README.rst View File

@@ -57,7 +57,7 @@ so root login will be disabled.
Manages the site-wide ssh_known_hosts file and fills it with the
public SSH host keys of all minions. You can restrict the set of minions
whose keys are listed by using the pillar data ``openssh:known_hosts:target``
and ``openssh:known_hosts:expr_form`` (those fields map directly to the
and ``openssh:known_hosts:tgt_type`` (those fields map directly to the
corresponding attributes of the ``mine.get`` function).

The Salt mine is used to share the public SSH host keys, you must thus

+ 5
- 5
openssh/files/ssh_known_hosts View File

@@ -16,7 +16,7 @@
{#- Extract the hostname from the FQDN and add it to the names. #}
{%- if use_hostnames is iterable -%}
{%- for name in names | sort -%}
{%- if salt["match.{}".format(hostnames_expr_form)](hostnames_target, minion_id=name) -%}
{%- if salt["match.{}".format(hostnames_tgt_type)](hostnames_target, minion_id=name) -%}
{%- set hostname = name.split('.')|first -%}
{%- if hostname not in names -%}
{%- do names.append(hostname) -%}
@@ -45,13 +45,13 @@

{#- Pre-fetch pillar data #}
{%- set target = salt['pillar.get']('openssh:known_hosts:target', '*') -%}
{%- set expr_form = salt['pillar.get']('openssh:known_hosts:expr_form', 'glob') -%}
{%- set tgt_type = salt['pillar.get']('openssh:known_hosts:tgt_type', 'glob') -%}
{%- set keys_function = salt['pillar.get']('openssh:known_hosts:mine_keys_function', 'public_ssh_host_keys') -%}
{%- set hostname_function = salt['pillar.get']('openssh:known_hosts:mine_hostname_function', 'public_ssh_hostname') -%}
{%- set use_hostnames = salt['pillar.get']('openssh:known_hosts:hostnames', False) -%}
{%- set hostnames_target_default = '*' if grains['domain'] == '' else "*.{}".format(grains['domain']) -%}
{%- set hostnames_target = salt['pillar.get']('openssh:known_hosts:hostnames:target', hostnames_target_default) -%}
{%- set hostnames_expr_form = salt['pillar.get']('openssh:known_hosts:hostnames:expr_form', 'glob') -%}
{%- set hostnames_tgt_type = salt['pillar.get']('openssh:known_hosts:hostnames:tgt_type', 'glob') -%}

{#- Lookup IP of all aliases so that when we have a matching IP, we inject the alias name
in the SSH known_hosts entry -#}
@@ -64,8 +64,8 @@
{%- endfor -%}

{#- Loop over targetted minions -#}
{%- set host_keys = salt['mine.get'](target, keys_function, expr_form=expr_form) -%}
{%- set host_names = salt['mine.get'](target, hostname_function, expr_form=expr_form) -%}
{%- set host_keys = salt['mine.get'](target, keys_function, tgt_type=tgt_type) -%}
{%- set host_names = salt['mine.get'](target, hostname_function, tgt_type=tgt_type) -%}
{%- for host, keys in host_keys|dictsort -%}
{{ known_host_entry(host, host_names, keys) }}
{%- endfor -%}

+ 7
- 7
pillar.example View File

@@ -47,12 +47,12 @@ sshd_config:
# set as string
AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'
# or set as list
AllowUsers:
- vader@10.0.0.1
- maul@evil.com
- sidious
AllowUsers:
- vader@10.0.0.1
- maul@evil.com
- sidious
- luke
# set as string
# set as string
DenyUsers: 'yoda chewbaca@112.10.21.1'
# or set as list
DenyUsers:
@@ -286,7 +286,7 @@ openssh:
# The next 2 settings restrict the set of minions that will be added in
# the generated ssh_known_hosts files (the default is to match all minions)
target: '*'
expr_form: 'glob'
tgt_type: 'glob'
# Name of mining functions used to gather public keys and hostnames
# (the default values are shown here)
mine_keys_function: public_ssh_host_keys
@@ -304,7 +304,7 @@ openssh:
# Restrict wich hosts you want to use via their hostname
# (i.e. ssh user@host instead of ssh user@host.example.com)
# target: '*' # Defaults to "*.{}".format(grains['domain']) with a fallback to '*'
# expr_form: 'glob'
# tgt_type: 'glob'
# To activate the defaults you can just set an empty dict.
#hostnames: {}


Loading…
Cancel
Save