aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuke Hinds <lhinds@redhat.com>2017-03-12 03:24:35 +0000
committerOliver Walsh <owalsh@redhat.com>2017-04-19 18:03:02 +0100
commit5e14f95a4a46fcf88293f1b0fa93327566614d43 (patch)
treea86285ef8b67e6dc1084e004586759263d7d2f20
parent56c8f120770b63b5518d3738ed56de626d24eb80 (diff)
SSHD Service extensions
This change implements a MOTD message and provides a hash of sshd config options which are sourced to the puppet-ssh module as a hash. The SSHD puppet service is enabled by default, as it is required for Idb56acd1e1ecb5a5fd4d942969be428cc9cbe293. Also added the service to the CI roles. Change-Id: Ie2e01d93082509b8ede37297067eab03bb1ab06e Depends-On: I1d09530d69e42c0c36311789166554a889e46556 Closes-Bug: #1668543 Co-Authored-By: Oliver Walsh <owalsh@redhat.com>
-rw-r--r--ci/environments/multinode-3nodes.yaml2
-rw-r--r--ci/environments/multinode-container-upgrade.yaml1
-rw-r--r--ci/environments/multinode.yaml1
-rw-r--r--ci/environments/multinode_major_upgrade.yaml1
-rw-r--r--ci/environments/scenario002-multinode.yaml1
-rw-r--r--ci/environments/scenario003-multinode.yaml1
-rw-r--r--ci/environments/scenario004-multinode.yaml1
-rw-r--r--environments/sshd-banner.yaml6
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml2
-rw-r--r--puppet/services/sshd.yaml29
-rw-r--r--releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml5
11 files changed, 46 insertions, 4 deletions
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
index 56013adf..ef51a779 100644
--- a/ci/environments/multinode-3nodes.yaml
+++ b/ci/environments/multinode-3nodes.yaml
@@ -56,6 +56,7 @@
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Sshd
- name: Controller
CountDefault: 1
@@ -77,3 +78,4 @@
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
diff --git a/ci/environments/multinode-container-upgrade.yaml b/ci/environments/multinode-container-upgrade.yaml
index 44a0ce73..df60a6e3 100644
--- a/ci/environments/multinode-container-upgrade.yaml
+++ b/ci/environments/multinode-container-upgrade.yaml
@@ -48,6 +48,7 @@ parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index d0d6ba99..650bbf01 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -52,6 +52,7 @@ parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml
index c97080fb..8a520b57 100644
--- a/ci/environments/multinode_major_upgrade.yaml
+++ b/ci/environments/multinode_major_upgrade.yaml
@@ -56,6 +56,7 @@ parameter_defaults:
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index 38d24ee1..8236ee8f 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -61,6 +61,7 @@ parameter_defaults:
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml
index 5472b494..fbc3165e 100644
--- a/ci/environments/scenario003-multinode.yaml
+++ b/ci/environments/scenario003-multinode.yaml
@@ -55,6 +55,7 @@ parameter_defaults:
- OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index 25fad4bb..b81b54f0 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -69,6 +69,7 @@ parameter_defaults:
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml
index 041c0990..894bf1c9 100644
--- a/environments/sshd-banner.yaml
+++ b/environments/sshd-banner.yaml
@@ -1,6 +1,3 @@
-resource_registry:
- OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
-
parameter_defaults:
BannerText: |
******************************************************************
@@ -11,3 +8,6 @@ parameter_defaults:
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
+ MessageOfTheDay: |
+ ALERT! You are entering into a secured area!
+ This service is restricted to authorized users only.
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index ee75de6d..34916728 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -176,8 +176,8 @@ resource_registry:
OS::TripleO::Services::Memcached: puppet/services/memcached.yaml
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
- OS::TripleO::Services::Sshd: OS::Heat::None
OS::TripleO::Services::Securetty: OS::Heat::None
+ OS::TripleO::Services::Sshd: puppet/services/sshd.yaml
OS::TripleO::Services::Redis: puppet/services/database/redis.yaml
OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml
OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml
diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml
index 12998c33..e09a8894 100644
--- a/puppet/services/sshd.yaml
+++ b/puppet/services/sshd.yaml
@@ -22,6 +22,33 @@ parameters:
default: ''
description: Configures Banner text in sshd_config
type: string
+ MessageOfTheDay:
+ default: ''
+ description: Configures /etc/motd text
+ type: string
+ SshServerOptions:
+ default:
+ HostKey:
+ - '/etc/ssh/ssh_host_rsa_key'
+ - '/etc/ssh/ssh_host_ecdsa_key'
+ - '/etc/ssh/ssh_host_ed25519_key'
+ SyslogFacility: 'AUTHPRIV'
+ AuthorizedKeysFile: '.ssh/authorized_keys'
+ PasswordAuthentication: 'no'
+ ChallengeResponseAuthentication: 'no'
+ GSSAPIAuthentication: 'yes'
+ GSSAPICleanupCredentials: 'no'
+ UsePAM: 'yes'
+ X11Forwarding: 'yes'
+ UsePrivilegeSeparation: 'sandbox'
+ AcceptEnv:
+ - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+ - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+ - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+ - 'XMODIFIERS'
+ Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
+ description: Mapping of sshd_config values
+ type: json
outputs:
role_data:
@@ -30,5 +57,7 @@ outputs:
service_name: sshd
config_settings:
tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
+ tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
+ tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
step_config: |
include ::tripleo::profile::base::sshd
diff --git a/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml
new file mode 100644
index 00000000..4cc01df8
--- /dev/null
+++ b/releasenotes/notes/sshd-service-extensions-0c4d0879942a2052.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Added ability to manage MOTD Banner
+ Enabled SSHD composible service by default. Puppet-ssh manages the sshd config.