ExternalMirrors
/
openssh-formula
mirror da https://github.com/saltstack-formulas/openssh-formula
Segui 1
Vota 0
Forka 1
Codice Problemi 0 Rilasci 27 Wiki Attività
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
281 Commit
3 Rami (Branch)
Albero (Tree): a47596f15a
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'a47596f15a'
${ noResults }
openssh-formula/openssh/config.sls

138 lines
4.1KB
Originale Blame Cronologia 

  1. {% set tplroot = tpldir.split('/')[0] %}

  2. {% from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}

  3. {% from tplroot ~ "/libtofs.jinja" import files_switch %}

  4. 

  5. 

  6. include:

  7.   - openssh

  8. 

  9. {% if sshd_config %}

  10. sshd_config:

  11.   file.managed:

  12.     - name: {{ openssh.sshd_config }}

  13.                   # Preserve backward compatibility

  14.     - source: {{ openssh.sshd_config_src

  15.                  if '://' in openssh.sshd_config_src

  16.                  else files_switch( [openssh.sshd_config_src],

  17.                                     'sshd_config_file_managed'

  18.               ) }}

  19.     - template: jinja

  20.     - user: {{ openssh.sshd_config_user }}

  21.     - group: {{ openssh.sshd_config_group }}

  22.     - mode: {{ openssh.sshd_config_mode }}

  23.     - check_cmd: {{ openssh.sshd_binary }} -t -f

  24.     {%- if openssh.sshd_config_backup  %}

  25.     - backup: minion

  26.     {%- endif %}

  27.     - watch_in:

  28.       - service: {{ openssh.service }}

  29. {% endif %}

  30. 

  31. {% if ssh_config %}

  32. ssh_config:

  33.   file.managed:

  34.     - name: {{ openssh.ssh_config }}

  35.               # Preserve backward compatibility

  36.     - source: {{ openssh.ssh_config_src

  37.                  if '://' in openssh.ssh_config_src

  38.                  else files_switch( [openssh.ssh_config_src],

  39.                                     'ssh_config_file_managed'

  40.               ) }}

  41.     - template: jinja

  42.     - user: {{ openssh.ssh_config_user }}

  43.     - group: {{ openssh.ssh_config_group }}

  44.     - mode: {{ openssh.ssh_config_mode }}

  45.     {%- if openssh.ssh_config_backup  %}

  46.     - backup: minion

  47.     {%- endif %}

  48. {% endif %}

  49. 

  50. {%- for keyType in openssh['host_key_algos'].split(',') %}

  51. {%-   set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}

  52. {%-   set keySize = openssh.get('generate_' ~ keyType ~ '_size', False) %}

  53. {%-   if openssh.get('provide_' ~ keyType ~ '_keys', False) %}

  54. ssh_host_{{ keyType }}_key:

  55.   file.managed:

  56.     - name: {{ keyFile }}

  57.     - contents_pillar: 'openssh:{{ keyType }}:private_key'

  58.     - user: root

  59.     - mode: 600

  60.     {%- if sshd_config %}

  61.     - require_in:

  62.       - file: sshd_config

  63.     {%- endif %}

  64.     - watch_in:

  65.       - service: {{ openssh.service }}

  66. 

  67. ssh_host_{{ keyType }}_key.pub:

  68.   file.managed:

  69.     - name: {{ keyFile }}.pub

  70.     - contents_pillar: 'openssh:{{ keyType }}:public_key'

  71.     - user: root

  72.     - mode: 600

  73.     {%- if sshd_config %}

  74.     - require_in:

  75.       - file: sshd_config

  76.     {%- endif %}

  77.     - watch_in:

  78.       - service: {{ openssh.service }}

  79. {%-   elif openssh.get('generate_' ~ keyType ~ '_keys', False) %}

  80. {%-     if keySize and openssh.get('enforce_' ~ keyType ~ '_size', False) %}

  81. ssh_remove_short_{{ keyType }}_key:

  82.   cmd.run:

  83.     - name: "rm -f {{ keyFile }} {{ keyFile }}.pub"

  84.     - onlyif: "test -f {{ keyFile }}.pub && test `ssh-keygen -l -f {{ keyFile }}.pub 2>/dev/null | awk '{print $1}'` -lt {{ keySize }}"

  85.     - require_in:

  86.         - cmd: ssh_generate_host_{{ keyType }}_key

  87. {%-     endif %}

  88. ssh_generate_host_{{ keyType }}_key:

  89.   cmd.run:

  90.     {%- set keySizePart = "-b {}".format(keySize) if keySize else "" %}

  91.     - name: "rm {{ keyFile }}*; ssh-keygen -t {{ keyType }} {{ keySizePart }} -N '' -f {{ keyFile }}"

  92.     - unless: "test -s {{ keyFile }}"

  93.     - runas: root

  94.     {%- if sshd_config %}

  95.     - require_in:

  96.       - file: sshd_config

  97.     {%- endif %}

  98.     - watch_in:

  99.       - service: {{ openssh.service }}

  100. 

  101. ssh_host_{{ keyType }}_key:  # set permissions

  102.   file.managed:

  103.     - name: {{ keyFile }}

  104.     - replace: false

  105.     - mode: 0600

  106.     - require:

  107.       - cmd: ssh_generate_host_{{ keyType }}_key

  108.     {%- if sshd_config %}

  109.     - require_in:

  110.       - file: sshd_config

  111.     {%- endif %}

  112. 

  113. {%-   elif openssh.get('absent_' ~ keyType ~ '_keys', False) %}

  114. ssh_host_{{ keyType }}_key:

  115.   file.absent:

  116.     - name: {{ keyFile }}

  117.     - watch_in:

  118.       - service: {{ openssh.service }}

  119. 

  120. ssh_host_{{ keyType }}_key.pub:

  121.   file.absent:

  122.     - name: {{ keyFile }}.pub

  123.     - watch_in:

  124.       - service: {{ openssh.service }}

  125. {%-   endif %}

  126. {%- endfor %}

  127. 

  128. {%- if sshd_config.get('UsePrivilegeSeparation', '')|lower == 'yes' %}

  129. /var/run/sshd:

  130.   file.directory:

  131.     - user: root

  132.     - mode: 755

  133.     - require_in:

  134.       - file: sshd_config

  135.     - watch_in:

  136.       - service: {{ openssh.service }}

  137. {% endif %}