ExternalMirrors
/
openssh-formula
镜像来自 https://github.com/saltstack-formulas/openssh-formula
關注 1
收藏 0
複製 1
程式碼 問題 0 版本發佈 27 Wiki 活動
瀏覽代碼

fix: complete PR #164 

* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
tags/v0.41.0^2
Imran Iqbal 5 年之前
父節點
a47596f15a
當前提交
f6dbca3352
沒有連結到貢獻者的電子郵件帳戶。
共有 5 個檔案被更改,包括 35 行新增42 行删除
分割檢視 顯示文件統計
  1. +9
    -10
      openssh/banner.sls
  2. +14
    -16
      openssh/config.sls
  3. +1
    -0
      openssh/defaults.yaml
  4. +5
    -5
      openssh/known_hosts.sls
  5. +6
    -11
      pillar.example

+ 9
- 10
openssh/banner.sls 查看文件

@@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}

include:
- openssh
@@ -8,14 +8,13 @@ include:
sshd_banner:
file.managed:
- name: {{ openssh.banner }}
{% if openssh.banner_string is defined %}
{%- if openssh.banner_string is defined %}
- contents: {{ openssh.banner_string | yaml }}
{% else %}
# Preserve backward compatibility
- source: {{ openssh.banner_src
if '://' in openssh.banner_src
{%- else %}
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.banner_src if '://' in openssh.banner_src
else files_switch( [openssh.banner_src],
'sshd_banner_file_managed'
'sshd_banner'
) }}
- template: jinja
{% endif %}
{%- endif %}

+ 14
- 16
openssh/config.sls 查看文件

@@ -1,20 +1,19 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}


include:
- openssh

{% if sshd_config %}
{%- if sshd_config %}
sshd_config:
file.managed:
- name: {{ openssh.sshd_config }}
# Preserve backward compatibility
- source: {{ openssh.sshd_config_src
if '://' in openssh.sshd_config_src
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.sshd_config_src if '://' in openssh.sshd_config_src
else files_switch( [openssh.sshd_config_src],
'sshd_config_file_managed'
'sshd_config'
) }}
- template: jinja
- user: {{ openssh.sshd_config_user }}
@@ -26,17 +25,16 @@ sshd_config:
{%- endif %}
- watch_in:
- service: {{ openssh.service }}
{% endif %}
{%- endif %}

{% if ssh_config %}
{%- if ssh_config %}
ssh_config:
file.managed:
- name: {{ openssh.ssh_config }}
# Preserve backward compatibility
- source: {{ openssh.ssh_config_src
if '://' in openssh.ssh_config_src
{#- Preserve backward compatibility using the `if` below #}
- source: {{ openssh.ssh_config_src if '://' in openssh.ssh_config_src
else files_switch( [openssh.ssh_config_src],
'ssh_config_file_managed'
'ssh_config'
) }}
- template: jinja
- user: {{ openssh.ssh_config_user }}
@@ -45,7 +43,7 @@ ssh_config:
{%- if openssh.ssh_config_backup %}
- backup: minion
{%- endif %}
{% endif %}
{%- endif %}

{%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
@@ -134,4 +132,4 @@ ssh_host_{{ keyType }}_key.pub:
- file: sshd_config
- watch_in:
- service: {{ openssh.service }}
{% endif %}
{%- endif %}

+ 1
- 0
openssh/defaults.yaml 查看文件

@@ -17,6 +17,7 @@ default:
banner: /etc/ssh/banner
banner_src: banner # Default TOFS source filename
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts # Default TOFS source filename
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root

+ 5
- 5
openssh/known_hosts.sls 查看文件

@@ -1,6 +1,6 @@
{% set tplroot = tpldir.split('/')[0] %}
{% from tplroot ~ "/map.jinja" import openssh with context %}
{% from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import openssh with context %}
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}

ensure dig is available:
pkg.installed:
@@ -10,8 +10,8 @@ ensure dig is available:
manage ssh_known_hosts file:
file.managed:
- name: {{ openssh.ssh_known_hosts }}
- source: {{ files_switch( ['ssh_known_hosts'],
'ssh_known_hosts_file_managed'
- source: {{ files_switch( [openssh.ssh_known_hosts_src],
'manage ssh_known_hosts file'
) }}
- template: jinja
- user: root

+ 6
- 11
pillar.example 查看文件

@@ -194,10 +194,6 @@ ssh_config:


openssh:
# Banner file can be retrieved either by TOFS or by url
banner_src: banner_fire
# banner_src: salt://ssh/files/banner_src # <- old style

# Instead of adding a custom banner file you can set it in pillar
banner_string: |
Welcome to {{ grains['id'] }}!
@@ -333,7 +329,6 @@ openssh:
static:
github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]'
# The template of ssh_know_host file can be overriden thanks to TOFS

# specify DH parameters (see /etc/ssh/moduli)
moduli: |
@@ -381,11 +376,11 @@ mine_functions:
# files: files_alt
# default: default_alt
source_files:
ssh_known_hosts_file_managed:
- alt_known_hosts
sshd_config_file_managed:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
sshd_config:
- alt_sshd_config
ssh_config_file_managed:
ssh_config:
- alt_ssh_config
sshd_banner_file_managed:
- alt_banner_src
sshd_banner:
- fire_banner

Write Preview
Loading…
取消
儲存