Browse Source

Add sshd_config to map.jinja and check if dig command is available before installing 'dig' package.

master
Simon Lloyd 8 years ago
parent
commit
daed52de19
4 changed files with 35 additions and 4 deletions
  1. +2
    -0
      openssh/defaults.yaml
  2. +1
    -1
      openssh/files/sshd_config
  3. +7
    -1
      openssh/known_hosts.sls
  4. +25
    -2
      openssh/map.jinja

+ 2
- 0
openssh/defaults.yaml View File

@@ -8,6 +8,8 @@ openssh:
ssh_known_hosts: /etc/ssh/ssh_known_hosts
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root
sshd_config: {}
ssh_config:
Hosts:
'*':

+ 1
- 1
openssh/files/sshd_config View File

@@ -1,4 +1,4 @@
{%- set sshd_config = pillar.get('sshd_config', {}) -%}
{% from "openssh/map.jinja" import sshd_config with context %}
{#- present in sshd_config and known in actual file options -#}
{%- set processed_options = [] -%}


+ 7
- 1
openssh/known_hosts.sls View File

@@ -1,8 +1,14 @@
{% from "openssh/map.jinja" import openssh with context %}

check for existing dig:
cmd.run:
- name: which dig

ensure dig is available:
pkg.installed:
- name: {{ openssh.dig_pkg }}
- onfail:
- cmd: check for existing dig

manage ssh_known_hosts file:
file.managed:
@@ -10,7 +16,7 @@ manage ssh_known_hosts file:
- source: salt://openssh/files/ssh_known_hosts
- template: jinja
- user: root
- group: root
- group: {{ openssh.root_group }}
- mode: 644
- require:
- pkg: ensure dig is available

+ 25
- 2
openssh/map.jinja View File

@@ -19,7 +19,7 @@ that differ from whats in defaults.yaml
'FreeBSD': {
'service': 'sshd',
'dig_pkg': 'bind-tools',
'Subsystem': 'sftp /usr/libexec/sftp-server',
'root_group': 'wheel',
},
'Gentoo': {
'server': 'net-misc/openssh',
@@ -38,7 +38,6 @@ that differ from whats in defaults.yaml
'client': 'openssh',
'service': 'sshd',
'dig_pkg': 'bind-utils',
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
}
, grain="os_family"
@@ -56,3 +55,27 @@ that differ from whats in defaults.yaml
)
%}

{% set os_family_map = salt['grains.filter_by']({
'FreeBSD': {
'Subsystem': 'sftp /usr/libexec/sftp-server',
},
'Suse': {
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
'default': {}
}
, grain="os_family"
, merge=salt['pillar.get']('sshd_config:lookup'))
%}


{## Merge the flavor_map to the default settings ##}
{% do default_settings.sshd_config.update(os_family_map) %}

{## Merge in sshd_config:lookup pillar ##}
{% set sshd_config = salt['pillar.get'](
'sshd_config',
default=default_settings.sshd_config,
merge=True
)
%}

Loading…
Cancel
Save