...
 
Commits (2)
......@@ -166,6 +166,27 @@ suites:
array:
- '| /bin/true'
- /tmp/mail.test
- name: sys_ssh
run_list:
- recipe[sys::ssh]
attributes:
sys:
ssh:
authorize:
root:
keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ7mI0iEdW2GmHZv+0OknkPDkQaBowEDzfaal2A+eRR
config:
root:
'*':
AddKeysToAgent: ask
ssh_config:
- '*.example.org':
SendEnv: TGIF
sshd:
config:
ClientAliveInterval: 4711
X11Forwarding: 'no'
- name: sys_sudo
run_list:
- recipe[sys::sudo]
......
# Cookbook Name:: sys
# File:: definitions/sys_ssh_authorize.rb
#
# Copyright 2012, Victor Penso
# Copyright 2012-2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Matthias Pausch <m.pausch@gsi.de>
# Victor Penso <v.penso@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -30,8 +38,8 @@ define :sys_ssh_authorize, :keys => Array.new, :managed => false do
else
if node['etc']['passwd'].has_key?(account)
# path to the user SSH configuration
dot_ssh = "#{node['etc']['passwd'][account].dir}/.ssh"
gid = node['etc']['passwd'][account].gid
dot_ssh = "#{node['etc']['passwd'][account]['dir']}/.ssh"
gid = node['etc']['passwd'][account]['gid']
elsif node['sys']['accounts'].key?(account) &&
node['sys']['accounts'][account].key?('home')
dot_ssh = "#{node['sys']['accounts'][account]['home']}/.ssh"
......
#
# Copyright 2013, Victor Penso
# Cookbook Name:: sys
# File:: definitions/sys_ssh_config.rb
#
# Copyright 2013-2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Matthias Pausch <m.pausch@gsi.de>
# Victor Penso <v.penso@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -22,10 +31,10 @@ define :sys_ssh_config, :config => Hash.new do
log("Can't deploy SSH config: configuration for account [#{account}] missing") { level :warn }
else
# path to the user SSH configuration
dot_ssh = "#{node['etc']['passwd'][account].dir}/.ssh"
dot_ssh = "#{node['etc']['passwd'][account]['dir']}/.ssh"
directory dot_ssh do
owner account
group node['etc']['passwd'][account].gid
group node['etc']['passwd'][account]['gid']
mode "0700"
end
# path to the user keys file
......@@ -33,7 +42,7 @@ define :sys_ssh_config, :config => Hash.new do
template ssh_config do
source 'user_ssh_config_generic.erb'
owner account
group node['etc']['passwd'][account].gid
group node['etc']['passwd'][account]['gid']
cookbook 'sys'
mode "0600"
variables(
......
......@@ -15,4 +15,4 @@ supports 'debian'
depends 'line', '< 1.0'
version '1.53.5'
version '1.53.6'
source 'http://rubygems.org'
group :jessie do
# net-ssh >= 5 requires ruby 2.2 and
# net-telnet >= 0.2 requires ruby 2.3
if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.2.0')
gem 'net-ssh', '< 5'
gem 'net-telnet', '< 0.2'
end
end
group :wheezy do
# net-ssh >= 5 requires ruby 2.2
if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
gem 'rake', '< 12.3'
end
end
# Cookbook Name:: sys
# Integration tests for recipe sys::ssh
#
# Copyright 2020 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# SSH is dificult to test as it is already configured and running inside vagrant VMs
#
require 'spec_helper'
### node['sys']['sshd']['config']:
describe package('openssh-server') do
it { should be_installed }
end
describe service('ssh') do
it { should be_enabled }
it { should be_running }
end
describe file('/etc/ssh/sshd_config') do
it { should exist }
# picked up default:
its(:content) { should match(/^UsePAM yes$/) }
# overwritten default:
its(:content) { should match(/^X11Forwarding no$/) }
its(:content) { should_not match(/^X11Forwarding yes$/) }
# custom setting:
its(:content) { should match(/^ClientAliveInterval 4711/) }
end
### node['sys']['ssh']['ssh_config']:
describe file('/etc/ssh/ssh_config') do
it { should exist }
its(:content) { should match(/Host \*\.example\.org\n\s+SendEnv TGIF/m) }
end
### node['sys']['ssh']['authorize']
describe user('root') do
it { should exist }
end
describe file('/root/.ssh') do
it { should exist }
it { should be_directory }
it { should be_mode('700') }
end
describe file('/root/.ssh/authorized_keys') do
it { should exist }
its(:content) do
should include 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ7mI0iEdW2GmHZv+0OknkPDkQaBowEDzfaal2A+eRR'
end
end
### node['sys']['ssh']['config']:
describe file('/root/.ssh/config') do
it { should exist }
it { should be_mode('600') }
its(:content) do
should match(/^Host \*\n\s*AddKeysToAgent ask$/m)
end
end
require 'serverspec'
set :backend, :exec