tripleo-heat-templates/deployment/sshd/sshd-baremetal-ansible.yaml
rabi e174fd82cf Deprecate SshServerOptionsOverrides
It's very confusing to provide one parameter with a default and
then add another to override it. This would allow merging of the
SshServerOptions as expected.

Change-Id: I2e460c9f3e71c22c94ccb722db63ed31af73f450
2022-05-31 17:03:46 +05:30

106 lines
3.2 KiB
YAML

heat_template_version: wallaby
description: >
Configure sshd_config
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
BannerText:
default: ''
description: Configures Banner text in sshd_config
type: string
MessageOfTheDay:
default: ''
description: Configures /etc/motd text
type: string
SshServerOptions:
default: {}
description: Mapping of sshd_config values
type: json
PasswordAuthentication:
default: 'no'
description: Whether or not disable password authentication
type: string
SshFirewallAllowAll:
default: false
description: Set this to true to open up ssh access from all sources.
type: boolean
# DEPRECATED: the following options are deprecated and are currently maintained
# for backwards compatibility.
SshServerOptionsOverrides:
default: {}
description: Mapping of sshd_config values to override definitions in
SshServerOptions
type: json
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- SshServerOptionsOverrides
conditions:
ssh_banner_text_set:
not: {equals: [{get_param: BannerText}, '']}
ssh_motd_text_set:
not: {equals: [{get_param: MessageOfTheDay}, '']}
outputs:
role_data:
description: Role data for the ssh
value:
service_name: sshd
firewall_rules:
'003 accept ssh from all':
proto: 'tcp'
dport: 22
extras:
ensure: {if: [{get_param: SshFirewallAllowAll}, 'present', 'absent']}
host_prep_tasks:
- include_role:
name: tripleo_sshd
vars:
tripleo_sshd_server_options:
map_merge:
- {get_param: SshServerOptions}
- {get_param: SshServerOptionsOverrides}
tripleo_sshd_password_authentication: {get_param: PasswordAuthentication}
tripleo_sshd_banner_enabled:
if:
- ssh_banner_text_set
- true
- false
tripleo_sshd_banner_text: {get_param: BannerText}
tripleo_sshd_motd_enabled:
if:
- ssh_motd_text_set
- true
- false
tripleo_sshd_message_of_the_day: {get_param: MessageOfTheDay}