Commit Graph

33 Commits

Author SHA1 Message Date
Daniel Dehennin df477b25c2 feat(map): update to v4 “map.jinja”
The `map.jinja` now exports a single variable called `mapdata`.

We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
2020-07-31 10:54:40 +02:00
Daniel Dehennin 7a1f6199d0 fix(jinja): encode context as json
Or with python2 the template are generated with `u'<string>'`.
2020-07-20 16:28:22 +02:00
Daniel Dehennin cb6e48feaa feat(templates): don't get openssh pillars in templates
We pass the pillars via the template engine context, this avoid the
need to load `map.jinja` from the templates themselves and recude the
number of `pillar.get` calls.

* openssh/config.sls (sshd_config): pass `sshd_config` in the
  context.
  (ssh_config): pass `ssh_config` in the context.

* openssh/files/default/ssh_config: remove `map.jinja` import since
  it's now in the context.

* openssh/files/default/sshd_config: ditoo.

* openssh/known_hosts.sls: pass `known_hosts` in the context.

* openssh/files/default/ssh_known_hosts: use `known_hosts` from the
  context instead of calling `pillar.get` several times.

BREAKING CHANGE: Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
2020-07-17 10:48:32 +02:00
Imran Iqbal 7e35335613
fix(config.sls): fix `salt-lint` errors
```bash
Examining openssh/config.sls of type state
[210] Numbers that start with `0` should always be encapsulated in quotation marks
openssh/config.sls:103
    - mode: 0600
```
2019-10-09 15:01:26 +01:00
Imran Iqbal f6dbca3352
fix: complete PR #164
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
2019-07-04 01:42:19 +01:00
nb a47596f15a feat(TOFS): ssh sshd configs known_host and banner 2019-07-01 14:46:46 +11:00
chenmen 463ad69d92 reuse sshd_config from map (#160)
remove duplicated 'pillar.get' calls to retrieve the sshd_config and ssh_config pillars.
2019-04-27 09:13:48 +02:00
Alexander Weidinger 4b84dead8e Made host key algos configurable; dropped DSA 2019-02-12 14:55:15 +01:00
Peter Hudec ea755686e3 updated openssh/config.sls 2018-10-10 14:06:14 +02:00
tmeneau 63ad14efb1 Fix invalid require_in sshd_config for key states
Change the require_ins used by the key management states in the
config.sls to be conditional based on whether the sshd_config
is managed by the formula

Fixes #130
2018-08-03 08:35:42 -04:00
Raphaël Hertzog 6ccb9fc87d Replace deprecated "user" attribute by "runas" 2018-02-16 12:11:54 +01:00
Andres Montalban 26f2fc8e97 [FIX] When key is present override generating by any way 2017-10-15 17:55:44 -03:00
Alexander Weidinger 7afea021c6 Fixed key generation
- generate before running check_mk on the sshd_config
- set permissions on private key
- cope with empty keys
2017-07-31 23:35:18 +02:00
Andres Montalban c7a97ae72f Create needed directory for UsePrivilegeSeparation option 2017-07-28 10:17:16 -03:00
Alexander Weidinger c71f2ae4fa minor fix: use keyFile in config.sls 2017-07-04 22:47:02 +02:00
Alexander Weidinger 162705c7ce Test config before applying it 2017-05-17 13:00:06 +02:00
Alexander Weidinger 6b23b28f52 Opt-in to enforce RSA key length 2017-03-04 14:21:58 +01:00
amendlik 6d6c7a0ead Merge branch 'master' into file-mode 2017-02-25 06:40:30 -07:00
ek9 038a51cdc8 manage sshd_config and ssh_config only if pillars are defined 2017-02-24 21:13:52 +01:00
Adam Mendlik 613bea2cac Add variables for file owner and mode 2017-02-23 14:56:22 -07:00
Bogdan Radulescu 13cf374efe Added configuration options for ssh_config
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
elfixit 18ba94d0fc add options to give a key size to generate_key 2015-07-12 18:09:26 +02:00
Niels Abspoel 2a68ccac1a Add option to remove ssh_host_keys 2015-06-07 20:37:33 +02:00
Franz Pletz 5d0f69ad2c Cleanups for host key pillar example 2014-12-15 07:00:45 +01:00
Franz Pletz 33f21a0976 Add support for ED25519 host keys 2014-12-15 07:00:17 +01:00
Alan Pearce 6fb57f40bc Config: Add support for generating keys 2014-08-24 16:09:12 +01:00
Alan Pearce 73eaef4ea0 Config: Add support for ECDSA host keys 2014-08-24 11:55:38 +01:00
Alan Pearce ce46343562 Config: Refactor host key provisioning into loop 2014-08-24 11:55:38 +01:00
Alan Pearce 2876a691b0 Remove reference to root group
By not specifying it, root user's group should be used.
2014-08-19 21:44:38 +01:00
Seth House b44c26cd13 Moved the rsa/dsa key management to config.sls 2014-03-17 16:17:04 -06:00
Kenny Do 9f70270643 explicitly set the user, group, and mode to match the package's
sshd_config
2014-01-09 04:57:00 -08:00
Kenny Do dc53d0c295 fixed the name of the service that the openssh config is watched by 2014-01-09 04:54:49 -08:00
Kenny Do 07771c0ebf Split the sshd_config and banner components into sub-states 2014-01-03 18:32:05 -08:00