Saltstack Official OpenSSH Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. {## Start with defaults from defaults.yaml ##}
  2. {% import_yaml "openssh/defaults.yaml" as default_settings %}
  3. {##
  4. Setup variable using grains['os_family'] based logic, only add key:values here
  5. that differ from whats in defaults.yaml
  6. ##}
  7. {% set os_family_map = salt['grains.filter_by']({
  8. 'Arch': {
  9. 'server': 'openssh',
  10. 'client': 'openssh',
  11. 'service': 'sshd',
  12. 'dig_pkg': 'bind-tools',
  13. },
  14. 'Debian': {
  15. 'server': 'openssh-server',
  16. 'client': 'openssh-client',
  17. 'service': 'ssh',
  18. },
  19. 'FreeBSD': {
  20. 'service': 'sshd',
  21. 'dig_pkg': 'bind-tools',
  22. 'sshd_config_group': 'wheel',
  23. 'ssh_config_group': 'wheel',
  24. },
  25. 'OpenBSD': {
  26. 'service': 'sshd',
  27. 'sshd_config_group': 'wheel',
  28. 'ssh_config_group': 'wheel',
  29. },
  30. 'Gentoo': {
  31. 'server': 'net-misc/openssh',
  32. 'client': 'net-misc/openssh',
  33. 'service': 'sshd',
  34. 'dig_pkg': 'net-dns/bind-tools',
  35. },
  36. 'RedHat': {
  37. 'server': 'openssh-server',
  38. 'client': 'openssh-clients',
  39. 'service': 'sshd',
  40. 'dig_pkg': 'bind-utils',
  41. },
  42. 'Suse': {
  43. 'server': 'openssh',
  44. 'client': 'openssh',
  45. 'service': 'sshd',
  46. 'dig_pkg': 'bind-utils',
  47. },
  48. }
  49. , grain="os_family"
  50. , merge=salt['pillar.get']('openssh:lookup'))
  51. %}
  52. {## Merge the flavor_map to the default settings ##}
  53. {% do default_settings.openssh.update(os_family_map) %}
  54. {## Merge in openssh:lookup pillar ##}
  55. {% set openssh = salt['pillar.get'](
  56. 'openssh',
  57. default=default_settings.openssh,
  58. merge=True
  59. )
  60. %}
  61. {% set os_family_map = salt['grains.filter_by']({
  62. 'FreeBSD': {
  63. 'Subsystem': 'sftp /usr/libexec/sftp-server',
  64. },
  65. 'OpenBSD': {
  66. 'Subsystem': 'sftp /usr/libexec/sftp-server',
  67. },
  68. 'Suse': {
  69. 'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
  70. },
  71. 'Arch': {
  72. 'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
  73. },
  74. 'RedHat': {
  75. 'Subsystem': 'sftp /usr/libexec/openssh/sftp-server',
  76. },
  77. 'default': {}
  78. }
  79. , grain="os_family"
  80. , merge=salt['pillar.get']('sshd_config:lookup'))
  81. %}
  82. {% set os_finger_map = salt['grains.filter_by']({
  83. 'CentOS-6': {
  84. 'UsePrivilegeSeparation': 'yes',
  85. },
  86. 'default': {}
  87. }
  88. , grain="osfinger"
  89. , merge=salt['pillar.get']('sshd_config:lookup'))
  90. %}
  91. {## Merge the flavor_map to the default settings ##}
  92. {% do default_settings.sshd_config.update(os_family_map) %}
  93. {% do default_settings.sshd_config.update(os_finger_map) %}
  94. {## Merge in sshd_config:lookup pillar ##}
  95. {% set sshd_config = salt['pillar.get'](
  96. 'sshd_config',
  97. default=default_settings.sshd_config,
  98. merge=True
  99. )
  100. %}