SSHD Service extensions
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
This commit is contained in:
parent
56c8f12077
commit
5e14f95a4a
|
@ -56,6 +56,7 @@
|
||||||
- OS::TripleO::Services::NovaCompute
|
- OS::TripleO::Services::NovaCompute
|
||||||
- OS::TripleO::Services::NovaLibvirt
|
- OS::TripleO::Services::NovaLibvirt
|
||||||
- OS::TripleO::Services::MySQLClient
|
- OS::TripleO::Services::MySQLClient
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
|
|
||||||
- name: Controller
|
- name: Controller
|
||||||
CountDefault: 1
|
CountDefault: 1
|
||||||
|
@ -77,3 +78,4 @@
|
||||||
- OS::TripleO::Services::Timezone
|
- OS::TripleO::Services::Timezone
|
||||||
- OS::TripleO::Services::TripleoPackages
|
- OS::TripleO::Services::TripleoPackages
|
||||||
- OS::TripleO::Services::TripleoFirewall
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
|
|
|
@ -48,6 +48,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Timezone
|
- OS::TripleO::Services::Timezone
|
||||||
- OS::TripleO::Services::NovaCompute
|
- OS::TripleO::Services::NovaCompute
|
||||||
- OS::TripleO::Services::NovaLibvirt
|
- OS::TripleO::Services::NovaLibvirt
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -52,6 +52,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Timezone
|
- OS::TripleO::Services::Timezone
|
||||||
- OS::TripleO::Services::NovaCompute
|
- OS::TripleO::Services::NovaCompute
|
||||||
- OS::TripleO::Services::NovaLibvirt
|
- OS::TripleO::Services::NovaLibvirt
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -56,6 +56,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::NovaLibvirt
|
- OS::TripleO::Services::NovaLibvirt
|
||||||
- OS::TripleO::Services::Pacemaker
|
- OS::TripleO::Services::Pacemaker
|
||||||
- OS::TripleO::Services::Horizon
|
- OS::TripleO::Services::Horizon
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -61,6 +61,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::Ec2Api
|
- OS::TripleO::Services::Ec2Api
|
||||||
- OS::TripleO::Services::TripleoPackages
|
- OS::TripleO::Services::TripleoPackages
|
||||||
- OS::TripleO::Services::TripleoFirewall
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -55,6 +55,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::MistralExecutor
|
- OS::TripleO::Services::MistralExecutor
|
||||||
- OS::TripleO::Services::TripleoPackages
|
- OS::TripleO::Services::TripleoPackages
|
||||||
- OS::TripleO::Services::TripleoFirewall
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -69,6 +69,7 @@ parameter_defaults:
|
||||||
- OS::TripleO::Services::NovaLibvirt
|
- OS::TripleO::Services::NovaLibvirt
|
||||||
- OS::TripleO::Services::TripleoPackages
|
- OS::TripleO::Services::TripleoPackages
|
||||||
- OS::TripleO::Services::TripleoFirewall
|
- OS::TripleO::Services::TripleoFirewall
|
||||||
|
- OS::TripleO::Services::Sshd
|
||||||
ControllerExtraConfig:
|
ControllerExtraConfig:
|
||||||
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
nova::compute::libvirt::services::libvirt_virt_type: qemu
|
||||||
nova::compute::libvirt::libvirt_virt_type: qemu
|
nova::compute::libvirt::libvirt_virt_type: qemu
|
||||||
|
|
|
@ -1,6 +1,3 @@
|
||||||
resource_registry:
|
|
||||||
OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
|
|
||||||
|
|
||||||
parameter_defaults:
|
parameter_defaults:
|
||||||
BannerText: |
|
BannerText: |
|
||||||
******************************************************************
|
******************************************************************
|
||||||
|
@ -11,3 +8,6 @@ parameter_defaults:
|
||||||
* evidence of criminal activity, system personnel may provide *
|
* evidence of criminal activity, system personnel may provide *
|
||||||
* the evidence from such monitoring to law enforcement officials.*
|
* the evidence from such monitoring to law enforcement officials.*
|
||||||
******************************************************************
|
******************************************************************
|
||||||
|
MessageOfTheDay: |
|
||||||
|
ALERT! You are entering into a secured area!
|
||||||
|
This service is restricted to authorized users only.
|
||||||
|
|
|
@ -176,8 +176,8 @@ resource_registry:
|
||||||
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
|
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
|
||||||
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
||||||
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
||||||
OS::TripleO::Services::Sshd: OS::Heat::None
|
|
||||||
OS::TripleO::Services::Securetty: OS::Heat::None
|
OS::TripleO::Services::Securetty: OS::Heat::None
|
||||||
|
OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
|
||||||
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
|
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
|
||||||
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
|
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
|
||||||
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
|
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
|
||||||
|
|
|
@ -22,6 +22,33 @@ parameters:
|
||||||
default: ''
|
default: ''
|
||||||
description: Configures Banner text in sshd_config
|
description: Configures Banner text in sshd_config
|
||||||
type: string
|
type: string
|
||||||
|
MessageOfTheDay:
|
||||||
|
default: ''
|
||||||
|
description: Configures /etc/motd text
|
||||||
|
type: string
|
||||||
|
SshServerOptions:
|
||||||
|
default:
|
||||||
|
HostKey:
|
||||||
|
- '/etc/ssh/ssh_host_rsa_key'
|
||||||
|
- '/etc/ssh/ssh_host_ecdsa_key'
|
||||||
|
- '/etc/ssh/ssh_host_ed25519_key'
|
||||||
|
SyslogFacility: 'AUTHPRIV'
|
||||||
|
AuthorizedKeysFile: '.ssh/authorized_keys'
|
||||||
|
PasswordAuthentication: 'no'
|
||||||
|
ChallengeResponseAuthentication: 'no'
|
||||||
|
GSSAPIAuthentication: 'yes'
|
||||||
|
GSSAPICleanupCredentials: 'no'
|
||||||
|
UsePAM: 'yes'
|
||||||
|
X11Forwarding: 'yes'
|
||||||
|
UsePrivilegeSeparation: 'sandbox'
|
||||||
|
AcceptEnv:
|
||||||
|
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
|
||||||
|
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
|
||||||
|
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
|
||||||
|
- 'XMODIFIERS'
|
||||||
|
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
||||||
|
description: Mapping of sshd_config values
|
||||||
|
type: json
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
|
@ -30,5 +57,7 @@ outputs:
|
||||||
service_name: sshd
|
service_name: sshd
|
||||||
config_settings:
|
config_settings:
|
||||||
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
||||||
|
tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
|
||||||
|
tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::sshd
|
include ::tripleo::profile::base::sshd
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added ability to manage MOTD Banner
|
||||||
|
Enabled SSHD composible service by default. Puppet-ssh manages the sshd config.
|
Loading…
Reference in New Issue