e174fd82cf
It's very confusing to provide one parameter with a default and then add another to override it. This would allow merging of the SshServerOptions as expected. Change-Id: I2e460c9f3e71c22c94ccb722db63ed31af73f450
106 lines
3.2 KiB
YAML
106 lines
3.2 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Configure sshd_config
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
BannerText:
|
|
default: ''
|
|
description: Configures Banner text in sshd_config
|
|
type: string
|
|
MessageOfTheDay:
|
|
default: ''
|
|
description: Configures /etc/motd text
|
|
type: string
|
|
SshServerOptions:
|
|
default: {}
|
|
description: Mapping of sshd_config values
|
|
type: json
|
|
PasswordAuthentication:
|
|
default: 'no'
|
|
description: Whether or not disable password authentication
|
|
type: string
|
|
SshFirewallAllowAll:
|
|
default: false
|
|
description: Set this to true to open up ssh access from all sources.
|
|
type: boolean
|
|
# DEPRECATED: the following options are deprecated and are currently maintained
|
|
# for backwards compatibility.
|
|
SshServerOptionsOverrides:
|
|
default: {}
|
|
description: Mapping of sshd_config values to override definitions in
|
|
SshServerOptions
|
|
type: json
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: |
|
|
The following parameters are deprecated and will be removed. They should not
|
|
be relied on for new deployments. If you have concerns regarding deprecated
|
|
parameters, please contact the TripleO development team on IRC or the
|
|
OpenStack mailing list.
|
|
parameters:
|
|
- SshServerOptionsOverrides
|
|
|
|
conditions:
|
|
ssh_banner_text_set:
|
|
not: {equals: [{get_param: BannerText}, '']}
|
|
ssh_motd_text_set:
|
|
not: {equals: [{get_param: MessageOfTheDay}, '']}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the ssh
|
|
value:
|
|
service_name: sshd
|
|
firewall_rules:
|
|
'003 accept ssh from all':
|
|
proto: 'tcp'
|
|
dport: 22
|
|
extras:
|
|
ensure: {if: [{get_param: SshFirewallAllowAll}, 'present', 'absent']}
|
|
host_prep_tasks:
|
|
- include_role:
|
|
name: tripleo_sshd
|
|
vars:
|
|
tripleo_sshd_server_options:
|
|
map_merge:
|
|
- {get_param: SshServerOptions}
|
|
- {get_param: SshServerOptionsOverrides}
|
|
tripleo_sshd_password_authentication: {get_param: PasswordAuthentication}
|
|
tripleo_sshd_banner_enabled:
|
|
if:
|
|
- ssh_banner_text_set
|
|
- true
|
|
- false
|
|
tripleo_sshd_banner_text: {get_param: BannerText}
|
|
tripleo_sshd_motd_enabled:
|
|
if:
|
|
- ssh_motd_text_set
|
|
- true
|
|
- false
|
|
tripleo_sshd_message_of_the_day: {get_param: MessageOfTheDay}
|