From 3547fdcd8bc04560cca57ed01c35a0831b03abf5 Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Sun, 2 Mar 2014 01:35:22 +0100 Subject: [PATCH 01/29] make package 'ensure' variable, with 'present' as default --- manifests/client.pp | 3 ++- manifests/client/install.pp | 6 ++++-- manifests/server.pp | 3 ++- manifests/server/install.pp | 6 ++++-- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/manifests/client.pp b/manifests/client.pp index 1a18d1bd..dab88b46 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,5 +1,6 @@ class ssh::client( - $options = {} + $options = {}, + $ensure = present, ) inherits ssh::params { $merged_options = merge($ssh::params::ssh_default_options, $options) diff --git a/manifests/client/install.pp b/manifests/client/install.pp index 008a040b..6429f156 100644 --- a/manifests/client/install.pp +++ b/manifests/client/install.pp @@ -1,7 +1,9 @@ -class ssh::client::install { +class ssh::client::install ( + $ensure = present +) { if !defined(Package[$ssh::params::client_package_name]) { package { $ssh::params::client_package_name: - ensure => present, + ensure => $ensure, } } } diff --git a/manifests/server.pp b/manifests/server.pp index 65ca278a..37d87cd6 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,5 +1,6 @@ class ssh::server( - $options = {} + $options = {}, + $ensure = present ) inherits ssh::params { $merged_options = merge($ssh::params::sshd_default_options, $options) diff --git a/manifests/server/install.pp b/manifests/server/install.pp index e2d6669e..a4c725e7 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,8 +1,10 @@ -class ssh::server::install { +class ssh::server::install ( + $ensure = present +) { include ssh::params if !defined(Package[$ssh::params::server_package_name]) { package { $ssh::params::server_package_name: - ensure => present, + ensure => $ensure, } } } From 883f15be7e08bbec2f6cbef1b1d517181b5f1f9c Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Sun, 2 Mar 2014 03:10:46 +0100 Subject: [PATCH 02/29] sort hashes to prevent shuffling and restarting ssh unnecessarily --- templates/ssh_config.erb | 4 ++-- templates/sshd_config.erb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index cf4703bc..9bb8bc69 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -1,9 +1,9 @@ # File managed by Puppet -<%- scope.lookupvar('ssh::client::merged_options').each do |k, v| -%> +<%- scope.lookupvar('ssh::client::merged_options').sort.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> -<%- v.each do |key, value| -%> +<%- v.sort.each do |key, value| -%> <%- if value.is_a?(Array) -%> <%- value.each do |a| -%> <%= key %> <%= a %> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 1fcd2094..b1adfbee 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,9 +1,9 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::merged_options').each do |k, v| -%> +<%- scope.lookupvar('ssh::server::merged_options').sort.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> -<%- v.each do |key, value| -%> +<%- v.sort.each do |key, value| -%> <%- if value.is_a?(Array) -%> <%- value.each do |a| -%> <%= key %> <%= a %> From e622c64e127c48a9472b692705590ab930dc6b77 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sun, 2 Mar 2014 13:40:05 +0100 Subject: [PATCH 03/29] add freebsd support --- manifests/client/install.pp | 10 ++++++---- manifests/params.pp | 8 ++++++++ manifests/server/install.pp | 11 ++++++----- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/manifests/client/install.pp b/manifests/client/install.pp index 008a040b..94914a5c 100644 --- a/manifests/client/install.pp +++ b/manifests/client/install.pp @@ -1,7 +1,9 @@ -class ssh::client::install { - if !defined(Package[$ssh::params::client_package_name]) { - package { $ssh::params::client_package_name: - ensure => present, +class ssh::client::install inherits ssh::params { + if $ssh::params::client_package_name { + if !defined(Package[$ssh::params::client_package_name]) { + package { $ssh::params::client_package_name: + ensure => present, + } } } } diff --git a/manifests/params.pp b/manifests/params.pp index 90a1dae4..4898addf 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -16,6 +16,14 @@ $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' $service_name = 'sshd' } + freebsd: { + $server_package_name = undef + $client_package_name = undef + $sshd_config = '/etc/ssh/sshd_config' + $ssh_config = '/etc/ssh/ssh_config' + $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' + $service_name = 'sshd' + } default: { case $::operatingsystem { gentoo: { diff --git a/manifests/server/install.pp b/manifests/server/install.pp index e2d6669e..c0868752 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,8 +1,9 @@ -class ssh::server::install { - include ssh::params - if !defined(Package[$ssh::params::server_package_name]) { - package { $ssh::params::server_package_name: - ensure => present, +class ssh::server::install inherits ssh::params { + if $ssh::params::server_package_name { + if !defined(Package[$ssh::params::server_package_name]) { + package { $ssh::params::server_package_name: + ensure => present, + } } } } From 14d80d2ffcd06db32cebd2f48f3cb847e5a38dd5 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sun, 2 Mar 2014 13:59:41 +0100 Subject: [PATCH 04/29] new release v2.1.0 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index 9268adbf..87a4aa76 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.0.0' +version '2.1.0' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From b224323f7135e862c36ec6663e6af122bff016d8 Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Sun, 2 Mar 2014 14:57:58 +0100 Subject: [PATCH 05/29] change parameter order --- manifests/client.pp | 2 +- manifests/server.pp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/client.pp b/manifests/client.pp index dab88b46..7cd2458f 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,6 +1,6 @@ class ssh::client( - $options = {}, $ensure = present, + $options = {} ) inherits ssh::params { $merged_options = merge($ssh::params::ssh_default_options, $options) diff --git a/manifests/server.pp b/manifests/server.pp index 37d87cd6..30da5101 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,6 +1,6 @@ class ssh::server( - $options = {}, - $ensure = present + $ensure = present, + $options = {} ) inherits ssh::params { $merged_options = merge($ssh::params::sshd_default_options, $options) From 58c4944b5f207b48c5baf35a39d94ceca5e51b1a Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 3 Mar 2014 19:20:52 +0100 Subject: [PATCH 06/29] new release v2.2.0 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index 87a4aa76..fe3257dd 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.1.0' +version '2.2.0' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From bff4ad619ffb7aad26bc721b47206eef8927d187 Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Tue, 4 Mar 2014 16:11:09 +0100 Subject: [PATCH 07/29] fix $ensure to actually do what I expect. --- manifests/client/install.pp | 4 +--- manifests/server/install.pp | 8 ++++---- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/manifests/client/install.pp b/manifests/client/install.pp index 6429f156..7c21342a 100644 --- a/manifests/client/install.pp +++ b/manifests/client/install.pp @@ -1,6 +1,4 @@ -class ssh::client::install ( - $ensure = present -) { +class ssh::client::install if !defined(Package[$ssh::params::client_package_name]) { package { $ssh::params::client_package_name: ensure => $ensure, diff --git a/manifests/server/install.pp b/manifests/server/install.pp index a4c725e7..65ea9bdb 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,10 +1,10 @@ -class ssh::server::install ( - $ensure = present -) { +class ssh::server::install include ssh::params if !defined(Package[$ssh::params::server_package_name]) { package { $ssh::params::server_package_name: - ensure => $ensure, + ensure => $ensure, + blahblah => $ensure, + } } } From dbabc49c150abe8f532c2eebc865a3e131e81c85 Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Tue, 4 Mar 2014 16:34:22 +0100 Subject: [PATCH 08/29] fix syntax --- manifests/client/install.pp | 4 ++-- manifests/server/install.pp | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/client/install.pp b/manifests/client/install.pp index 7c21342a..6d7362dc 100644 --- a/manifests/client/install.pp +++ b/manifests/client/install.pp @@ -1,7 +1,7 @@ -class ssh::client::install +class ssh::client::install { if !defined(Package[$ssh::params::client_package_name]) { package { $ssh::params::client_package_name: - ensure => $ensure, + ensure => $ssh::client::ensure, } } } diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 65ea9bdb..6d88157b 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,10 +1,8 @@ -class ssh::server::install +class ssh::server::install { include ssh::params if !defined(Package[$ssh::params::server_package_name]) { package { $ssh::params::server_package_name: - ensure => $ensure, - blahblah => $ensure, - + ensure => $ssh::server::ensure, } } } From 93256508fad11df7e28fe551957ed843add71dde Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Tue, 4 Mar 2014 16:42:08 +0100 Subject: [PATCH 09/29] re-instate check for package name --- manifests/client/install.pp | 8 +++++--- manifests/server/install.pp | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/manifests/client/install.pp b/manifests/client/install.pp index 6d7362dc..86771d77 100644 --- a/manifests/client/install.pp +++ b/manifests/client/install.pp @@ -1,7 +1,9 @@ class ssh::client::install { - if !defined(Package[$ssh::params::client_package_name]) { - package { $ssh::params::client_package_name: - ensure => $ssh::client::ensure, + if $ssh::params::client_package_name { + if !defined(Package[$ssh::params::client_package_name]) { + package { $ssh::params::client_package_name: + ensure => $ssh::client::ensure, + } } } } diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 6d88157b..58b5ca1d 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -1,8 +1,10 @@ class ssh::server::install { include ssh::params - if !defined(Package[$ssh::params::server_package_name]) { - package { $ssh::params::server_package_name: - ensure => $ssh::server::ensure, + if $ssh::params::server_package_name { + if !defined(Package[$ssh::params::server_package_name]) { + package { $ssh::params::server_package_name: + ensure => $ssh::server::ensure, + } } } } From 2d3c573139786393a6a79a359c1fc41af5f43a47 Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Tue, 4 Mar 2014 17:30:42 +0100 Subject: [PATCH 10/29] Set up a few simple tests --- spec/spec_helper.rb | 20 ++------------------ tests/init.pp | 2 +- 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a4aeeae2..6e1d9681 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,18 +1,2 @@ -require 'pathname' -dir = Pathname.new(__FILE__).parent -$LOAD_PATH.unshift(dir, dir + 'lib', dir + '../lib') - -require 'mocha' -require 'puppet' -gem 'rspec', '=1.2.9' -require 'spec/autorun' - -Spec::Runner.configure do |config| - config.mock_with :mocha -end - -# We need this because the RAL uses 'should' as a method. This -# allows us the same behaviour but with a different method name. -class Object - alias :must :should -end +require 'rspec-puppet' +require 'puppetlabs_spec_helper/module_spec_helper' diff --git a/tests/init.pp b/tests/init.pp index 13a46380..1c7d29f1 100644 --- a/tests/init.pp +++ b/tests/init.pp @@ -1 +1 @@ -include ssh +class {"::ssh::server": } From 5ff3d28e77ebbc58e7d38c2760f2689de389561d Mon Sep 17 00:00:00 2001 From: Marco Wessel Date: Tue, 4 Mar 2014 17:31:53 +0100 Subject: [PATCH 11/29] Add testing files --- .fixtures.yml | 3 +++ .gemfile | 16 ++++++++++++++ .travis.yml | 14 ++++++++++++ Rakefile | 2 ++ manifests/site.pp | 0 spec/classes/client_spec.rb | 33 +++++++++++++++++++++++++++++ spec/classes/server_spec.rb | 33 +++++++++++++++++++++++++++++ spec/fixtures/modules/ssh/files | 1 + spec/fixtures/modules/ssh/lib | 1 + spec/fixtures/modules/ssh/manifests | 1 + spec/fixtures/modules/ssh/templates | 1 + tests/server.pp | 1 + 12 files changed, 106 insertions(+) create mode 100644 .fixtures.yml create mode 100644 .gemfile create mode 100644 .travis.yml create mode 100644 Rakefile create mode 100644 manifests/site.pp create mode 100644 spec/classes/client_spec.rb create mode 100644 spec/classes/server_spec.rb create mode 120000 spec/fixtures/modules/ssh/files create mode 120000 spec/fixtures/modules/ssh/lib create mode 120000 spec/fixtures/modules/ssh/manifests create mode 120000 spec/fixtures/modules/ssh/templates create mode 100644 tests/server.pp diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 00000000..74ce67fb --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,3 @@ +fixtures: + repositories: + stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib" diff --git a/.gemfile b/.gemfile new file mode 100644 index 00000000..b17ef437 --- /dev/null +++ b/.gemfile @@ -0,0 +1,16 @@ +source 'https://rubygems.org' + +gem 'puppetlabs_spec_helper', '>= 0.1.0', :require => false + +if puppetversion = ENV['PUPPET_VERSION'] + gem 'puppet', puppetversion, :require => false + + if puppetversion[0].chr.to_i < 3 + gem 'hiera-puppet', :require => false + end + +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..ed76831d --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +language: ruby +rvm: + - 1.8.7 + - 1.9.3 +script: 'rake spec' +env: + - PUPPET_VERSION="~> 2.7.0" + - PUPPET_VERSION="3.3" +gemfile: .gemfile +branches: + only: + - master +notifications: + email: false diff --git a/Rakefile b/Rakefile new file mode 100644 index 00000000..e47b27c5 --- /dev/null +++ b/Rakefile @@ -0,0 +1,2 @@ +require 'rake' +require 'puppetlabs_spec_helper/rake_tasks' diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 00000000..e69de29b diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb new file mode 100644 index 00000000..cabe803d --- /dev/null +++ b/spec/classes/client_spec.rb @@ -0,0 +1,33 @@ +require 'spec_helper' + +describe 'ssh::client', :type => 'class' do + context "On Debian with no other parameters" do + let :facts do + { + :osfamily => 'Debian', + :interfaces => 'eth0', + :ipaddress_eth0 => '192.168.1.1' + } + end + it { + should contain_package('openssh-client').with(:ensure => 'present') + } + end + context "On Debian with custom ensure" do + let :facts do + { + :osfamily => 'Debian', + :interfaces => 'eth0', + :ipaddress_eth0 => '192.168.1.1' + } + end + let :params do + { + :ensure => 'latest' + } + end + it { + should contain_package('openssh-client').with(:ensure => 'latest') + } + end +end diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb new file mode 100644 index 00000000..fb0a16f0 --- /dev/null +++ b/spec/classes/server_spec.rb @@ -0,0 +1,33 @@ +require 'spec_helper' + +describe 'ssh::server', :type => 'class' do + context "On Debian with no other parameters" do + let :facts do + { + :osfamily => 'Debian', + :interfaces => 'eth0', + :ipaddress_eth0 => '192.168.1.1' + } + end + it { + should contain_package('openssh-server').with(:ensure => 'present') + } + end + context "On Debian with custom ensure" do + let :facts do + { + :osfamily => 'Debian', + :interfaces => 'eth0', + :ipaddress_eth0 => '192.168.1.1' + } + end + let :params do + { + :ensure => 'latest' + } + end + it { + should contain_package('openssh-server').with(:ensure => 'latest') + } + end +end diff --git a/spec/fixtures/modules/ssh/files b/spec/fixtures/modules/ssh/files new file mode 120000 index 00000000..84dafe8d --- /dev/null +++ b/spec/fixtures/modules/ssh/files @@ -0,0 +1 @@ +../../../../files \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/lib b/spec/fixtures/modules/ssh/lib new file mode 120000 index 00000000..42892ea0 --- /dev/null +++ b/spec/fixtures/modules/ssh/lib @@ -0,0 +1 @@ +../../../../lib \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/manifests b/spec/fixtures/modules/ssh/manifests new file mode 120000 index 00000000..373b9920 --- /dev/null +++ b/spec/fixtures/modules/ssh/manifests @@ -0,0 +1 @@ +../../../../manifests \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/templates b/spec/fixtures/modules/ssh/templates new file mode 120000 index 00000000..f8a06d1d --- /dev/null +++ b/spec/fixtures/modules/ssh/templates @@ -0,0 +1 @@ +../../../../templates \ No newline at end of file diff --git a/tests/server.pp b/tests/server.pp new file mode 100644 index 00000000..112640ec --- /dev/null +++ b/tests/server.pp @@ -0,0 +1 @@ +include ssh::server From 1e597d73487438f8502d95a7e6293f5f788a15df Mon Sep 17 00:00:00 2001 From: Randy Fay Date: Fri, 7 Mar 2014 10:48:53 -0700 Subject: [PATCH 12/29] Allow turning off storeconfigs/hostkey managment --- README.markdown | 4 +++- manifests/server.pp | 31 ++++++++++++++++++++++--------- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/README.markdown b/README.markdown index 13125dad..ede196e2 100644 --- a/README.markdown +++ b/README.markdown @@ -79,7 +79,8 @@ or ``` ### Server only -Host keys will be collected for client distribution +Host keys will be collected for client distribution unless + storeconfigs_enabled => false ``` include ssh::server @@ -89,6 +90,7 @@ or ``` class { 'ssh::server': + storeconfigs_enabled => false, options => { 'Match User www-data' => { 'ChrootDirectory' => '%h', diff --git a/manifests/server.pp b/manifests/server.pp index 30da5101..9f1fb7f9 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,5 +1,6 @@ class ssh::server( $ensure = present, + $storeconfigs_enabled = true, $options = {} ) inherits ssh::params { $merged_options = merge($ssh::params::sshd_default_options, $options) @@ -7,17 +8,29 @@ include ssh::server::install include ssh::server::config include ssh::server::service - include ssh::hostkeys - include ssh::knownhosts anchor { 'ssh::server::start': } anchor { 'ssh::server::end': } - Anchor['ssh::server::start'] -> - Class['ssh::server::install'] -> - Class['ssh::server::config'] ~> - Class['ssh::server::service'] -> - Class['ssh::hostkeys'] -> - Class['ssh::knownhosts'] -> - Anchor['ssh::server::end'] + # Provide option to *not* use storeconfigs/puppetdb, which means not managing + # hostkeys and knownhosts + if ($storeconfigs_enabled) { + include ssh::hostkeys + include ssh::knownhosts + + Anchor['ssh::server::start'] -> + Class['ssh::server::install'] -> + Class['ssh::server::config'] ~> + Class['ssh::server::service'] -> + Class['ssh::hostkeys'] -> + Class['ssh::knownhosts'] -> + Anchor['ssh::server::end'] + } + else { + Anchor['ssh::server::start'] -> + Class['ssh::server::install'] -> + Class['ssh::server::config'] ~> + Class['ssh::server::service'] -> + Anchor['ssh::server::end'] + } } From b01984ce0d197551a7ad392571e754b59b1aaa14 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sat, 8 Mar 2014 18:32:40 +0100 Subject: [PATCH 13/29] fix module on gentoo linux --- manifests/params.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 553ff26d..df5ff3ac 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -8,6 +8,7 @@ $ssh_config = '/etc/ssh/ssh_config' $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' $service_name = 'ssh' + $sftp_server_path = '/usr/lib/openssh/sftp-server' } redhat: { $server_package_name = 'openssh-server' @@ -17,6 +18,7 @@ $ssh_config = '/etc/ssh/ssh_config' $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' $service_name = 'sshd' + $sftp_server_path = '/usr/lib/openssh/sftp-server' } freebsd: { $server_package_name = undef @@ -25,6 +27,7 @@ $ssh_config = '/etc/ssh/ssh_config' $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' $service_name = 'sshd' + $sftp_server_path = '/usr/lib/openssh/sftp-server' } default: { case $::operatingsystem { @@ -36,6 +39,7 @@ $ssh_config = '/etc/ssh/ssh_config' $ssh_known_hosts = '/etc/ssh/ssh_known_hosts' $service_name = 'sshd' + $sftp_server_path = '/usr/lib/misc/sftp-server' } default: { fail("Unsupported platform: ${::osfamily}/${::operatingsystem}") @@ -49,7 +53,7 @@ 'X11Forwarding' => 'yes', 'PrintMotd' => 'no', 'AcceptEnv' => 'LANG LC_*', - 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', + 'Subsystem' => "sftp ${sftp_server_path}", 'UsePAM' => 'yes', } @@ -57,7 +61,6 @@ 'Host *' => { 'SendEnv' => 'LANG LC_*', 'HashKnownHosts' => 'yes', - 'GSSAPIAuthentication' => 'yes', }, } } From 29f66a18ce1981e09aa31e0088009768baafab52 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sat, 8 Mar 2014 18:33:07 +0100 Subject: [PATCH 14/29] new release v2.3.0 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index fe3257dd..c56bbbbd 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.2.0' +version '2.3.0' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From 834a6f511527b5d2d142d1ff7fbecd6b42165e95 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sat, 8 Mar 2014 20:27:54 +0100 Subject: [PATCH 15/29] fix Match ordering in sshd config as it needs to be the last part --- templates/sshd_config.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index b1adfbee..eab82484 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,6 +1,6 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::merged_options').sort.each do |k, v| -%> +<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk, sv| sk.to_s.downcase.include? "match" ? sk.to_s : '' }.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> <%- v.sort.each do |key, value| -%> From 1db972b5f6075cbd5949bf102540e6bf79cd970b Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Sat, 8 Mar 2014 20:28:18 +0100 Subject: [PATCH 16/29] new release v2.3.1 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index c56bbbbd..66adcb3a 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.3.0' +version '2.3.1' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From 6338f977813fd231d7aea926f65b3fc86428bbbe Mon Sep 17 00:00:00 2001 From: cruisibesarescondev Date: Wed, 12 Mar 2014 13:02:43 -0400 Subject: [PATCH 17/29] Make logic explicit in template. I see this warning when I render this template: modules/ssh/templates/sshd_config.erb:3: warning: string literal in condition Im not sure if this effects all versions of ruby or what. I think that this was your intension. Let me know if this isn't want you wanted here. On: ubuntu ruby 1.9.3p0 puppet 3.4.3 --- templates/sshd_config.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index eab82484..5043e66d 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,6 +1,6 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk, sv| sk.to_s.downcase.include? "match" ? sk.to_s : '' }.each do |k, v| -%> +<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk, sv| (sk.to_s.downcase.include? "match" )? sk.to_s : '' }.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> <%- v.sort.each do |key, value| -%> From d276677170238536b1ba7dbee0fbbb6883c47eb9 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 12:14:13 +0100 Subject: [PATCH 18/29] some cleanup --- templates/sshd_config.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 5043e66d..50e57b78 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,6 +1,6 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk, sv| (sk.to_s.downcase.include? "match" )? sk.to_s : '' }.each do |k, v| -%> +<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? sk.to_s : '' }.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> <%- v.sort.each do |key, value| -%> From a0f5d5da20c91775c76c77d3b57b41f4245a260a Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 12:18:32 +0100 Subject: [PATCH 19/29] new release v2.3.2 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index 66adcb3a..72302f8a 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.3.1' +version '2.3.2' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From e056eb2a0ff30e6d79676bbe5c534665ff65b3b0 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 12:22:09 +0100 Subject: [PATCH 20/29] add travis-ci status image to README --- README.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.markdown b/README.markdown index ede196e2..509bfbb3 100644 --- a/README.markdown +++ b/README.markdown @@ -1,4 +1,4 @@ -# SSH Client and Server Puppet Module +# puppet-ssh [![Build Status](https://secure.travis-ci.org/saz/puppet-ssh.png)](http://travis-ci.org/saz/puppet-ssh) Manage SSH client and server via Puppet From 9eb603971b53fc72f9e5c4ef377682fd5991b172 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 12:29:16 +0100 Subject: [PATCH 21/29] update travis config --- .travis.yml | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index ed76831d..873111c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,38 @@ +--- +branches: + only: + - master language: ruby +bundler_args: --without development +script: 'bundle exec rake validate && bundle exec rake lint && SPEC_OPTS="--format documentation" bundle exec rake spec' +after_success: + - git clone -q git://github.com/puppetlabs/ghpublisher.git .forge-releng + - .forge-releng/publish rvm: - 1.8.7 - 1.9.3 -script: 'rake spec' env: - - PUPPET_VERSION="~> 2.7.0" - - PUPPET_VERSION="3.3" -gemfile: .gemfile -branches: - only: - - master + matrix: + - PUPPET_GEM_VERSION="~> 2.7.0" + - PUPPET_GEM_VERSION="~> 3.0.0" + - PUPPET_GEM_VERSION="~> 3.1.0" + - PUPPET_GEM_VERSION="~> 3.2.0" + - PUPPET_GEM_VERSION="~> 3.3.0" + - PUPPET_GEM_VERSION="~> 3.4.0" + global: + - PUBLISHER_LOGIN=saz + - secure: |- + bMAcMOMNUgKl7mVDNc47HwT7A8s3SvVRgy4Gu49XbyQ4C/pQ/TCSVlhyvNS7AHAA5BoZcypC + 23f69ykM4qVFGKDEi+oy6rfWXq8WVgyqA9r30Gcg95Plna5fRt/8lmbfBpa+DLRuUYhbzOXg + RuXT20V+nQOHDfp7fuC0EBQxIfM= +matrix: + include: + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.2.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.3.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.6.0" notifications: email: false +gemfile: .gemfile From 3727a2c8d61595315f59de77c4d69f923cf3768b Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 12:31:38 +0100 Subject: [PATCH 22/29] update Rakefile --- Rakefile | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index e47b27c5..0a28d845 100644 --- a/Rakefile +++ b/Rakefile @@ -1,2 +1,18 @@ -require 'rake' +require 'rubygems' require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc "Run puppet in noop mode and check for syntax errors." +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end From 895cbd09d3eb58501a51d07b2f60b1b640cb076a Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 13:52:24 +0100 Subject: [PATCH 23/29] fix gemfile --- .gemfile | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/.gemfile b/.gemfile index b17ef437..30601444 100644 --- a/.gemfile +++ b/.gemfile @@ -1,16 +1,9 @@ source 'https://rubygems.org' +puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3'] +gem 'puppet', puppetversion gem 'puppetlabs_spec_helper', '>= 0.1.0', :require => false - -if puppetversion = ENV['PUPPET_VERSION'] - gem 'puppet', puppetversion, :require => false - - if puppetversion[0].chr.to_i < 3 - gem 'hiera-puppet', :require => false - end - -else - gem 'puppet', :require => false -end +gem 'puppet-lint', '>= 0.3.2' +gem 'facter', '>= 1.7.0', "< 1.8.0" # vim:ft=ruby From 6cb34834072419713bd486892af689b4a9e941d0 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 14:40:17 +0100 Subject: [PATCH 24/29] fix lint errors --- manifests/client/config.pp | 2 +- manifests/server/host_key.pp | 4 ++-- tests/init.pp | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/client/config.pp b/manifests/client/config.pp index 608fd8cb..2658ac02 100644 --- a/manifests/client/config.pp +++ b/manifests/client/config.pp @@ -1,4 +1,4 @@ -class ssh::client::config { +class ssh::client::config { file { $ssh::params::ssh_config: ensure => present, owner => 0, diff --git a/manifests/server/host_key.pp b/manifests/server/host_key.pp index b8e22151..a8960684 100644 --- a/manifests/server/host_key.pp +++ b/manifests/server/host_key.pp @@ -36,10 +36,10 @@ $private_key_content = '', ) { if $public_key_source == '' and $public_key_content == '' { - fail("You must provide either public_key_source or public_key_content parameter") + fail('You must provide either public_key_source or public_key_content parameter') } if $private_key_source == '' and $private_key_content == '' { - fail("You must provide either private_key_source or private_key_content parameter") + fail('You must provide either private_key_source or private_key_content parameter') } $manage_pub_key_content = $public_key_source ? { diff --git a/tests/init.pp b/tests/init.pp index 1c7d29f1..6687c2c7 100644 --- a/tests/init.pp +++ b/tests/init.pp @@ -1 +1 @@ -class {"::ssh::server": } +class { '::ssh::server': } From 1cdcc994c21af2ee2f7660e9032591032c9595fa Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 19:12:37 +0100 Subject: [PATCH 25/29] remove fixtures symlinks --- .fixtures.yml | 2 ++ spec/fixtures/modules/ssh/files | 1 - spec/fixtures/modules/ssh/lib | 1 - spec/fixtures/modules/ssh/manifests | 1 - spec/fixtures/modules/ssh/templates | 1 - 5 files changed, 2 insertions(+), 4 deletions(-) delete mode 120000 spec/fixtures/modules/ssh/files delete mode 120000 spec/fixtures/modules/ssh/lib delete mode 120000 spec/fixtures/modules/ssh/manifests delete mode 120000 spec/fixtures/modules/ssh/templates diff --git a/.fixtures.yml b/.fixtures.yml index 74ce67fb..5eec1869 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,3 +1,5 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib" + symlinks: + ssh: "#{source_dir}" diff --git a/spec/fixtures/modules/ssh/files b/spec/fixtures/modules/ssh/files deleted file mode 120000 index 84dafe8d..00000000 --- a/spec/fixtures/modules/ssh/files +++ /dev/null @@ -1 +0,0 @@ -../../../../files \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/lib b/spec/fixtures/modules/ssh/lib deleted file mode 120000 index 42892ea0..00000000 --- a/spec/fixtures/modules/ssh/lib +++ /dev/null @@ -1 +0,0 @@ -../../../../lib \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/manifests b/spec/fixtures/modules/ssh/manifests deleted file mode 120000 index 373b9920..00000000 --- a/spec/fixtures/modules/ssh/manifests +++ /dev/null @@ -1 +0,0 @@ -../../../../manifests \ No newline at end of file diff --git a/spec/fixtures/modules/ssh/templates b/spec/fixtures/modules/ssh/templates deleted file mode 120000 index f8a06d1d..00000000 --- a/spec/fixtures/modules/ssh/templates +++ /dev/null @@ -1 +0,0 @@ -../../../../templates \ No newline at end of file From e46a32b985d0189df3a8967f144e4928fca93dce Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 19:13:25 +0100 Subject: [PATCH 26/29] new release v2.3.3 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index 72302f8a..90291201 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '2.3.2' +version '2.3.3' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0' From 37fd998837f61ff9434c802c893e7458ca3876d1 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 23:47:13 +0100 Subject: [PATCH 27/29] improve spec test --- spec/classes/server_spec.rb | 93 +++++++++++++++++++++++++++---------- 1 file changed, 69 insertions(+), 24 deletions(-) diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb index fb0a16f0..5c63c709 100644 --- a/spec/classes/server_spec.rb +++ b/spec/classes/server_spec.rb @@ -1,33 +1,78 @@ require 'spec_helper' - -describe 'ssh::server', :type => 'class' do - context "On Debian with no other parameters" do - let :facts do +describe 'ssh::server' do + let :default_params do { - :osfamily => 'Debian', - :interfaces => 'eth0', - :ipaddress_eth0 => '192.168.1.1' - } - end - it { - should contain_package('openssh-server').with(:ensure => 'present') + :ensure => 'present', + :storeconfigs_enabled => true, + :options => {} } end - context "On Debian with custom ensure" do - let :facts do - { - :osfamily => 'Debian', - :interfaces => 'eth0', - :ipaddress_eth0 => '192.168.1.1' - } + + [ {}, + { + :ensure => 'latest', + :storeconfigs_enabled => true, + :options => {} + }, + { + :ensure => 'present', + :storeconfigs_enabled => false, + :options => {} + } + ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :param_hash do + default_params.merge(param_set) end + let :params do - { - :ensure => 'latest' - } + param_set end - it { - should contain_package('openssh-server').with(:ensure => 'latest') - } + + ['Debian'].each do |osfamily| + let :facts do + { + :osfamily => osfamily, + :interfaces => 'eth0', + :ipaddress_eth0 => '192.168.1.1' + } + end + + describe "on supported osfamily: #{osfamily}" do + it { should contain_class('ssh::params') } + it { should contain_package('openssh-server').with_ensure(param_hash[:ensure]) } + + it { should contain_file('/etc/ssh/sshd_config').with( + 'owner' => 0, + 'group' => 0, + )} + + it { should contain_service('ssh').with( + 'ensure' => 'running', + 'enable' => true, + 'hasrestart' => true, + 'hasstatus' => true, + )} + + it 'should compile the template based on the class parameters' do + content = param_value( + subject, + 'file', + '/etc/ssh/sshd_config', + 'content' + ) + expected_lines = [ + 'ChallengeResponseAuthentication no', + 'X11Forwarding yes', + 'PrintMotd no', + 'AcceptEnv LANG LC_*', + 'Subsystem sftp /usr/lib/openssh/sftp-server', + 'UsePAM yes' + ] + (content.split("\n") & expected_lines).should =~ expected_lines + end + end + end + end end end From 1426c30b6e26283cb2224b0e720777a1e423bc9c Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 13 Mar 2014 23:55:19 +0100 Subject: [PATCH 28/29] fix spec test on ruby 1.8.7 --- spec/classes/server_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb index 5c63c709..6c62c9c4 100644 --- a/spec/classes/server_spec.rb +++ b/spec/classes/server_spec.rb @@ -44,14 +44,14 @@ it { should contain_file('/etc/ssh/sshd_config').with( 'owner' => 0, - 'group' => 0, + 'group' => 0 )} it { should contain_service('ssh').with( 'ensure' => 'running', 'enable' => true, 'hasrestart' => true, - 'hasstatus' => true, + 'hasstatus' => true )} it 'should compile the template based on the class parameters' do From 3c2a6997f30272c2dfb10c439c8f179d0277f88b Mon Sep 17 00:00:00 2001 From: "Angel L. Mateo" Date: Mon, 17 Mar 2014 12:38:56 +0100 Subject: [PATCH 29/29] Fix to correctly order: Although Match option must be the last one, the other options should be ordered too, in order to not changing file in every execution --- templates/sshd_config.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 50e57b78..d7ed11a7 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,6 +1,6 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? sk.to_s : '' }.each do |k, v| -%> +<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? "zzz" + sk.to_s : sk.to_s }.each do |k, v| -%> <%- if v.is_a?(Hash) -%> <%= k %> <%- v.sort.each do |key, value| -%>