Allow partial override about SshServerOptions
When operator needs to change any options described in sshd_config, he/she should use the parameter named SshServerOptions to define the updated configuration. However the problem here is that he/she should define the whole content instead of the actual lines to be overridden, otherwise some of the lines defined in its default can be missing from configuration. This makes it difficutlt to properly update the parameter during update or upgrade, since operators always need to check whetehr any change has been made about the default of SshServerOptions. This change introduces a new parameter, SshServerOptionsOverride, which can be used to override specific line in SshServerOptions. Note that SshServerOptions should still be used if any of the lines in SshServerOptions needs to be removed. Change-Id: I8a018c8c7435a753c8ed5b5fa211d91d053f8d67
This commit is contained in:
parent
619eda0663
commit
bfd97da0bf
deployment/sshd
releasenotes/notes
@ -60,6 +60,11 @@ parameters:
|
||||
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
||||
description: Mapping of sshd_config values
|
||||
type: json
|
||||
SshServerOptionsOverrides:
|
||||
default: {}
|
||||
description: Mapping of sshd_config values to override definitions in
|
||||
SshServerOptions
|
||||
type: json
|
||||
PasswordAuthentication:
|
||||
default: 'no'
|
||||
description: Whether or not disable password authentication
|
||||
@ -89,7 +94,10 @@ outputs:
|
||||
- include_role:
|
||||
name: tripleo_ssh
|
||||
vars:
|
||||
tripleo_sshd_server_options: {get_param: SshServerOptions}
|
||||
tripleo_sshd_server_options:
|
||||
map_merge:
|
||||
- {get_param: SshServerOptions}
|
||||
- {get_param: SshServerOptionsOverrides}
|
||||
tripleo_sshd_password_authentication: {get_param: PasswordAuthentication}
|
||||
tripleo_sshd_banner_enabled:
|
||||
if:
|
||||
|
@ -60,6 +60,11 @@ parameters:
|
||||
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
||||
description: Mapping of sshd_config values
|
||||
type: json
|
||||
SshServerOptionsOverrides:
|
||||
default: {}
|
||||
description: Mapping of sshd_config values to override definitions in
|
||||
SshServerOptions
|
||||
type: json
|
||||
PasswordAuthentication:
|
||||
default: 'no'
|
||||
description: Whether or not disable password authentication
|
||||
@ -86,7 +91,10 @@ outputs:
|
||||
config_settings:
|
||||
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
|
||||
tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
|
||||
tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
|
||||
tripleo::profile::base::sshd::options:
|
||||
map_merge:
|
||||
- {get_param: SshServerOptions}
|
||||
- {get_param: SshServerOptionsOverrides}
|
||||
tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
|
||||
step_config: |
|
||||
include tripleo::profile::base::sshd
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new ``SshServerOptionsOverrides`` parameter has been added. This
|
||||
parameter can be used to override a part of sshd_config, which is defined
|
||||
by the ``SshServerOptions``.
|
Loading…
x
Reference in New Issue
Block a user