Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sort hashes in templates #1

Open
wants to merge 38 commits into
base: testing
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
0680338
Sort hashes in templates so config files are not modified in every pu…
amateo Feb 27, 2014
3547fdc
make package 'ensure' variable, with 'present' as default
CyBeRoni Mar 2, 2014
883f15b
sort hashes to prevent shuffling and restarting ssh unnecessarily
CyBeRoni Mar 2, 2014
e622c64
add freebsd support
saz Mar 2, 2014
14d80d2
new release v2.1.0
saz Mar 2, 2014
b224323
change parameter order
CyBeRoni Mar 2, 2014
90f991b
Merge pull request #20 from amateo/testing
saz Mar 3, 2014
40bdca2
fix conflicts
saz Mar 3, 2014
58c4944
new release v2.2.0
saz Mar 3, 2014
bff4ad6
fix $ensure to actually do what I expect.
CyBeRoni Mar 4, 2014
dbabc49
fix syntax
CyBeRoni Mar 4, 2014
aac81b6
Merge https://github.com/saz/puppet-ssh
CyBeRoni Mar 4, 2014
9325650
re-instate check for package name
CyBeRoni Mar 4, 2014
2d3c573
Set up a few simple tests
CyBeRoni Mar 4, 2014
5ff3d28
Add testing files
CyBeRoni Mar 4, 2014
1e597d7
Allow turning off storeconfigs/hostkey managment
rfay Mar 7, 2014
3e6f851
Merge pull request #23 from CyBeRoni/master
saz Mar 8, 2014
8df221d
Merge pull request #25 from rfay/storeconfigs_enabled_parameter
saz Mar 8, 2014
b01984c
fix module on gentoo linux
saz Mar 8, 2014
29f66a1
new release v2.3.0
saz Mar 8, 2014
834a6f5
fix Match ordering in sshd config as it needs to be the last part
saz Mar 8, 2014
1db972b
new release v2.3.1
saz Mar 8, 2014
6338f97
Make logic explicit in template.
Mar 12, 2014
096184b
Merge pull request #28 from cruisibesarescondev/patch-1
saz Mar 13, 2014
d276677
some cleanup
saz Mar 13, 2014
a0f5d5d
new release v2.3.2
saz Mar 13, 2014
e056eb2
add travis-ci status image to README
saz Mar 13, 2014
9eb6039
update travis config
saz Mar 13, 2014
3727a2c
update Rakefile
saz Mar 13, 2014
895cbd0
fix gemfile
saz Mar 13, 2014
6cb3483
fix lint errors
saz Mar 13, 2014
1cdcc99
remove fixtures symlinks
saz Mar 13, 2014
e46a32b
new release v2.3.3
saz Mar 13, 2014
37fd998
improve spec test
saz Mar 13, 2014
1426c30
fix spec test on ruby 1.8.7
saz Mar 13, 2014
62dd42d
Merge remote-tracking branch 'upstream/master'
amateo Mar 17, 2014
3c2a699
Fix to correctly order: Although Match option must be the last one,
amateo Mar 17, 2014
304a2a9
Finish v2.3.2-1:
amateo Mar 17, 2014
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
fixtures:
repositories:
stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib"
symlinks:
ssh: "#{source_dir}"
9 changes: 9 additions & 0 deletions .gemfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
source 'https://rubygems.org'

puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
gem 'puppet', puppetversion
gem 'puppetlabs_spec_helper', '>= 0.1.0', :require => false
gem 'puppet-lint', '>= 0.3.2'
gem 'facter', '>= 1.7.0', "< 1.8.0"

# vim:ft=ruby
38 changes: 38 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
branches:
only:
- master
language: ruby
bundler_args: --without development
script: 'bundle exec rake validate && bundle exec rake lint && SPEC_OPTS="--format documentation" bundle exec rake spec'
after_success:
- git clone -q git://github.com/puppetlabs/ghpublisher.git .forge-releng
- .forge-releng/publish
rvm:
- 1.8.7
- 1.9.3
env:
matrix:
- PUPPET_GEM_VERSION="~> 2.7.0"
- PUPPET_GEM_VERSION="~> 3.0.0"
- PUPPET_GEM_VERSION="~> 3.1.0"
- PUPPET_GEM_VERSION="~> 3.2.0"
- PUPPET_GEM_VERSION="~> 3.3.0"
- PUPPET_GEM_VERSION="~> 3.4.0"
global:
- PUBLISHER_LOGIN=saz
- secure: |-
bMAcMOMNUgKl7mVDNc47HwT7A8s3SvVRgy4Gu49XbyQ4C/pQ/TCSVlhyvNS7AHAA5BoZcypC
23f69ykM4qVFGKDEi+oy6rfWXq8WVgyqA9r30Gcg95Plna5fRt/8lmbfBpa+DLRuUYhbzOXg
RuXT20V+nQOHDfp7fuC0EBQxIfM=
matrix:
include:
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.2.0"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.3.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 2.6.0"
notifications:
email: false
gemfile: .gemfile
2 changes: 1 addition & 1 deletion Modulefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'saz-ssh'
version '2.0.0'
version '2.3.3'
source 'git://github.com/saz/puppet-ssh.git'
author 'saz'
license 'Apache License, Version 2.0'
Expand Down
6 changes: 4 additions & 2 deletions README.markdown
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# SSH Client and Server Puppet Module
# puppet-ssh [![Build Status](https://secure.travis-ci.org/saz/puppet-ssh.png)](http://travis-ci.org/saz/puppet-ssh)

Manage SSH client and server via Puppet

Expand Down Expand Up @@ -79,7 +79,8 @@ or
```

### Server only
Host keys will be collected for client distribution
Host keys will be collected for client distribution unless
storeconfigs_enabled => false

```
include ssh::server
Expand All @@ -89,6 +90,7 @@ or

```
class { 'ssh::server':
storeconfigs_enabled => false,
options => {
'Match User www-data' => {
'ChrootDirectory' => '%h',
Expand Down
18 changes: 18 additions & 0 deletions Rakefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]

desc "Run puppet in noop mode and check for syntax errors."
task :validate do
Dir['manifests/**/*.pp'].each do |manifest|
sh "puppet parser validate --noop #{manifest}"
end
Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
end
Dir['templates/**/*.erb'].each do |template|
sh "erb -P -x -T '-' #{template} | ruby -c"
end
end
1 change: 1 addition & 0 deletions manifests/client.pp
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
class ssh::client(
$ensure = present,
$options = {}
) inherits ssh::params {
$merged_options = merge($ssh::params::ssh_default_options, $options)
Expand Down
2 changes: 1 addition & 1 deletion manifests/client/config.pp
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
class ssh::client::config {
class ssh::client::config {
file { $ssh::params::ssh_config:
ensure => present,
owner => 0,
Expand Down
8 changes: 5 additions & 3 deletions manifests/client/install.pp
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
class ssh::client::install {
if !defined(Package[$ssh::params::client_package_name]) {
package { $ssh::params::client_package_name:
ensure => present,
if $ssh::params::client_package_name {
if !defined(Package[$ssh::params::client_package_name]) {
package { $ssh::params::client_package_name:
ensure => $ssh::client::ensure,
}
}
}
}
15 changes: 13 additions & 2 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
$ssh_config = '/etc/ssh/ssh_config'
$ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
$service_name = 'ssh'
$sftp_server_path = '/usr/lib/openssh/sftp-server'
}
redhat: {
$server_package_name = 'openssh-server'
Expand All @@ -17,6 +18,16 @@
$ssh_config = '/etc/ssh/ssh_config'
$ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
$service_name = 'sshd'
$sftp_server_path = '/usr/lib/openssh/sftp-server'
}
freebsd: {
$server_package_name = undef
$client_package_name = undef
$sshd_config = '/etc/ssh/sshd_config'
$ssh_config = '/etc/ssh/ssh_config'
$ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
$service_name = 'sshd'
$sftp_server_path = '/usr/lib/openssh/sftp-server'
}
default: {
case $::operatingsystem {
Expand All @@ -28,6 +39,7 @@
$ssh_config = '/etc/ssh/ssh_config'
$ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
$service_name = 'sshd'
$sftp_server_path = '/usr/lib/misc/sftp-server'
}
default: {
fail("Unsupported platform: ${::osfamily}/${::operatingsystem}")
Expand All @@ -41,15 +53,14 @@
'X11Forwarding' => 'yes',
'PrintMotd' => 'no',
'AcceptEnv' => 'LANG LC_*',
'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
'Subsystem' => "sftp ${sftp_server_path}",
'UsePAM' => 'yes',
}

$ssh_default_options = {
'Host *' => {
'SendEnv' => 'LANG LC_*',
'HashKnownHosts' => 'yes',
'GSSAPIAuthentication' => 'yes',
},
}
}
32 changes: 23 additions & 9 deletions manifests/server.pp
Original file line number Diff line number Diff line change
@@ -1,22 +1,36 @@
class ssh::server(
$ensure = present,
$storeconfigs_enabled = true,
$options = {}
) inherits ssh::params {
$merged_options = merge($ssh::params::sshd_default_options, $options)

include ssh::server::install
include ssh::server::config
include ssh::server::service
include ssh::hostkeys
include ssh::knownhosts

anchor { 'ssh::server::start': }
anchor { 'ssh::server::end': }

Anchor['ssh::server::start'] ->
Class['ssh::server::install'] ->
Class['ssh::server::config'] ~>
Class['ssh::server::service'] ->
Class['ssh::hostkeys'] ->
Class['ssh::knownhosts'] ->
Anchor['ssh::server::end']
# Provide option to *not* use storeconfigs/puppetdb, which means not managing
# hostkeys and knownhosts
if ($storeconfigs_enabled) {
include ssh::hostkeys
include ssh::knownhosts

Anchor['ssh::server::start'] ->
Class['ssh::server::install'] ->
Class['ssh::server::config'] ~>
Class['ssh::server::service'] ->
Class['ssh::hostkeys'] ->
Class['ssh::knownhosts'] ->
Anchor['ssh::server::end']
}
else {
Anchor['ssh::server::start'] ->
Class['ssh::server::install'] ->
Class['ssh::server::config'] ~>
Class['ssh::server::service'] ->
Anchor['ssh::server::end']
}
}
4 changes: 2 additions & 2 deletions manifests/server/host_key.pp
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@
$private_key_content = '',
) {
if $public_key_source == '' and $public_key_content == '' {
fail("You must provide either public_key_source or public_key_content parameter")
fail('You must provide either public_key_source or public_key_content parameter')
}
if $private_key_source == '' and $private_key_content == '' {
fail("You must provide either private_key_source or private_key_content parameter")
fail('You must provide either private_key_source or private_key_content parameter')
}

$manage_pub_key_content = $public_key_source ? {
Expand Down
8 changes: 5 additions & 3 deletions manifests/server/install.pp
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
class ssh::server::install {
include ssh::params
if !defined(Package[$ssh::params::server_package_name]) {
package { $ssh::params::server_package_name:
ensure => present,
if $ssh::params::server_package_name {
if !defined(Package[$ssh::params::server_package_name]) {
package { $ssh::params::server_package_name:
ensure => $ssh::server::ensure,
}
}
}
}
Empty file added manifests/site.pp
Empty file.
33 changes: 33 additions & 0 deletions spec/classes/client_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
require 'spec_helper'

describe 'ssh::client', :type => 'class' do
context "On Debian with no other parameters" do
let :facts do
{
:osfamily => 'Debian',
:interfaces => 'eth0',
:ipaddress_eth0 => '192.168.1.1'
}
end
it {
should contain_package('openssh-client').with(:ensure => 'present')
}
end
context "On Debian with custom ensure" do
let :facts do
{
:osfamily => 'Debian',
:interfaces => 'eth0',
:ipaddress_eth0 => '192.168.1.1'
}
end
let :params do
{
:ensure => 'latest'
}
end
it {
should contain_package('openssh-client').with(:ensure => 'latest')
}
end
end
78 changes: 78 additions & 0 deletions spec/classes/server_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
require 'spec_helper'
describe 'ssh::server' do
let :default_params do
{
:ensure => 'present',
:storeconfigs_enabled => true,
:options => {}
}
end

[ {},
{
:ensure => 'latest',
:storeconfigs_enabled => true,
:options => {}
},
{
:ensure => 'present',
:storeconfigs_enabled => false,
:options => {}
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :param_hash do
default_params.merge(param_set)
end

let :params do
param_set
end

['Debian'].each do |osfamily|
let :facts do
{
:osfamily => osfamily,
:interfaces => 'eth0',
:ipaddress_eth0 => '192.168.1.1'
}
end

describe "on supported osfamily: #{osfamily}" do
it { should contain_class('ssh::params') }
it { should contain_package('openssh-server').with_ensure(param_hash[:ensure]) }

it { should contain_file('/etc/ssh/sshd_config').with(
'owner' => 0,
'group' => 0
)}

it { should contain_service('ssh').with(
'ensure' => 'running',
'enable' => true,
'hasrestart' => true,
'hasstatus' => true
)}

it 'should compile the template based on the class parameters' do
content = param_value(
subject,
'file',
'/etc/ssh/sshd_config',
'content'
)
expected_lines = [
'ChallengeResponseAuthentication no',
'X11Forwarding yes',
'PrintMotd no',
'AcceptEnv LANG LC_*',
'Subsystem sftp /usr/lib/openssh/sftp-server',
'UsePAM yes'
]
(content.split("\n") & expected_lines).should =~ expected_lines
end
end
end
end
end
end
20 changes: 2 additions & 18 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
@@ -1,18 +1,2 @@
require 'pathname'
dir = Pathname.new(__FILE__).parent
$LOAD_PATH.unshift(dir, dir + 'lib', dir + '../lib')

require 'mocha'
require 'puppet'
gem 'rspec', '=1.2.9'
require 'spec/autorun'

Spec::Runner.configure do |config|
config.mock_with :mocha
end

# We need this because the RAL uses 'should' as a method. This
# allows us the same behaviour but with a different method name.
class Object
alias :must :should
end
require 'rspec-puppet'
require 'puppetlabs_spec_helper/module_spec_helper'
2 changes: 1 addition & 1 deletion templates/sshd_config.erb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# File is managed by Puppet

<%- scope.lookupvar('ssh::server::merged_options').sort.each do |k, v| -%>
<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? "zzz" + sk.to_s : sk.to_s }.each do |k, v| -%>
<%- if v.is_a?(Hash) -%>
<%= k %>
<%- v.sort.each do |key, value| -%>
Expand Down
2 changes: 1 addition & 1 deletion tests/init.pp
Original file line number Diff line number Diff line change
@@ -1 +1 @@
include ssh
class { '::ssh::server': }
1 change: 1 addition & 0 deletions tests/server.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
include ssh::server