Browse Source

Use augeas instead of echo / sed to edit ssh/sshd configuration

Implements: blueprint merge-dib-hadoop-elements
Change-Id: I1f2f8c3d69d879660aabf6f72560e6d22012a0a5
tags/0.2.1.rc1
Matthew Farrellee 5 years ago
parent
commit
0092ac37df

+ 1
- 1
elements/hadoop_fedora/post-install.d/12-setup-hadoop View File

@@ -2,7 +2,7 @@
2 2
 echo "Hadoop setup begins"
3 3
 tmp_dir=/tmp/hadoop
4 4
 
5
-install-packages openssh-server wget
5
+install-packages wget
6 6
 echo "Creating hadoop user & group"
7 7
 adduser -G adm,wheel hadoop
8 8
 

+ 22
- 15
elements/hadoop_fedora/post-install.d/13-connection-setup View File

@@ -1,21 +1,28 @@
1 1
 #!/bin/bash
2
+
2 3
 echo "Adjusting ssh configuration"
3 4
 
4
-sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
5
-echo "UseDNS no" >> /etc/ssh/sshd_config
6
-echo "PermitTunnel yes" >> /etc/ssh/sshd_config
7
-echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
8
-echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
9
-echo "StrictModes yes" >> /etc/ssh/sshd_config
10
-echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
11
-echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
12
-echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
5
+# /etc/ssh/sshd_config is provided by openssh-server
6
+# /etc/ssh/ssh_config is provided by openssh-clients
7
+# Note0: augtool is provided by augeas-tools on Ubuntu
8
+# Note1: augtool on Ubuntu does not auto-save, pass -s
9
+install-packages augeas openssh-server openssh-clients
10
+
11
+augtool set /files/etc/ssh/sshd_config/PasswordAuthentication yes
12
+augtool set /files/etc/ssh/sshd_config/UseDNS no
13
+augtool set /files/etc/ssh/sshd_config/PermitTunnel yes
14
+augtool set /files/etc/ssh/sshd_config/SyslogFacility AUTH
15
+augtool set /files/etc/ssh/sshd_config/PermitRootLogin yes
16
+augtool set /files/etc/ssh/sshd_config/StrictModes yes
17
+augtool set /files/etc/ssh/sshd_config/RSAAuthentication yes
18
+augtool set /files/etc/ssh/sshd_config/PubkeyAuthentication yes
19
+augtool set /files/etc/ssh/sshd_config/IgnoreRhosts yes
13 20
 
14
-echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
15
-echo "GSSAPIDelegateCredentials no" >> /etc/ssh/ssh_config
16
-sed -i 's/        GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
21
+augtool set /files/etc/ssh/ssh_config/Host/StrictHostKeyChecking no
22
+augtool set /files/etc/ssh/ssh_config/Host/GSSAPIDelegateCredentials no
23
+augtool set /files/etc/ssh/ssh_config/Host/GSSAPIAuthentication no
17 24
 
25
+# No known augeas lense for cloud-init config
18 26
 sed -i 's/ssh_pwauth:   0/ssh_pwauth:   1/' /etc/cloud/cloud.cfg
19
-chmod 640 /etc/sudoers
20
-sed -i 's/Defaults    requiretty/#Defaults    requiretty/' /etc/sudoers
21
-chmod 0440 /etc/sudoers
27
+
28
+augtool clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate

Loading…
Cancel
Save