From 73f58792f90942be1e2dc0ef67eac0a47d9aba18 Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Thu, 8 Dec 2016 13:12:53 +0000 Subject: Adds SSH Banner text into sshd_config Allow use of ooo template to populate banner text into /etc/issue Change-Id: If5b2da9415f10652a0a64503b2da4b63d1018640 Depends-On: Ie9f8afdfa9930428f06c9669fedb460dc1064d5e Closes-Bug: #1640306 --- ci/environments/scenario001-multinode.yaml | 10 +++++++++ environments/sshd-banner.yaml | 13 ++++++++++++ overcloud-resource-registry-puppet.j2.yaml | 1 + puppet/services/sshd.yaml | 34 ++++++++++++++++++++++++++++++ roles_data.yaml | 5 +++++ 5 files changed, 63 insertions(+) create mode 100644 environments/sshd-banner.yaml create mode 100644 puppet/services/sshd.yaml diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index db6967e0..bfda8cc0 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -34,6 +34,7 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt @@ -81,3 +82,12 @@ parameter_defaults: GlanceBackend: rbd GnocchiBackend: rbd CinderEnableIscsiBackend: false + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml new file mode 100644 index 00000000..041c0990 --- /dev/null +++ b/environments/sshd-banner.yaml @@ -0,0 +1,13 @@ +resource_registry: + OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml + +parameter_defaults: + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index e111a1a6..0174af9e 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -168,6 +168,7 @@ resource_registry: OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None + OS::TripleO::Services::Sshd: OS::Heat::None OS::TripleO::Services::Redis: puppet/services/database/redis.yaml OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml new file mode 100644 index 00000000..41e144a0 --- /dev/null +++ b/puppet/services/sshd.yaml @@ -0,0 +1,34 @@ +heat_template_version: ocata + +description: > + Configure sshd_config + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + BannerText: + default: '' + description: Configures Banner text in sshd_config + type: string + +outputs: + role_data: + description: Role data for the ssh + value: + service_name: sshd + config_settings: + BannerText: {get_param: BannerText} + step_config: | + include ::tripleo::profile::base::sshd diff --git a/roles_data.yaml b/roles_data.yaml index d6c03cb9..4321a28f 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::CeilometerApi - OS::TripleO::Services::CeilometerCollector @@ -115,6 +116,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -138,6 +140,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient @@ -151,6 +154,7 @@ - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -164,6 +168,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall -- cgit 1.2.3-korg