Add support for Ubuntu 24.04 (noble)

ghoneycutt · Jul 15, 2024 · 5069c83 · 5069c83
1 parent dffa455
commit 5069c83
Show file tree

Hide file tree

Showing 7 changed files with 99 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -279,6 +279,7 @@ module aims to support the current and previous major Puppet versions.
  * Debian 11
  * Ubuntu 20.04 LTS
  * Ubuntu 22.04 LTS
+ * Ubuntu 24.04 LTS
 
 ### May work
 

diff --git a/data/os/Ubuntu/24.04.yaml b/data/os/Ubuntu/24.04.yaml
@@ -0,0 +1,34 @@
+---
+pam::common_files_create_links: false
+pam::common_files_suffix:       ~
+pam::common_files:
+  - common_account
+  - common_auth
+  - common_password
+  - common_session
+  - common_session_noninteractive
+
+pam::sshd_pam_access: absent
+pam::pam_d_login_template: pam/login.ubuntu22.erb
+pam::pam_d_sshd_template: pam/sshd.ubuntu22.erb
+pam::package_name: libpam0g
+pam::pam_auth_lines:
+  - 'auth	[success=1 default=ignore]	pam_unix.so nullok'
+  - 'auth	requisite			pam_deny.so'
+  - 'auth	required			pam_permit.so'
+  - 'auth	optional			pam_cap.so'
+pam::pam_account_lines:
+  - 'account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so'
+  - 'account	requisite			pam_deny.so'
+  - 'account	required			pam_permit.so'
+pam::pam_password_lines:
+  - 'password	[success=1 default=ignore]	pam_unix.so obscure yescrypt'
+  - 'password	requisite			pam_deny.so'
+  - 'password	required			pam_permit.so'
+pam::pam_session_lines:
+  - 'session	[default=1]			pam_permit.so'
+  - 'session	requisite			pam_deny.so'
+  - 'session	required			pam_permit.so'
+  - 'session	optional			pam_umask.so'
+  - 'session	required	pam_unix.so'
+  - 'session	optional	pam_systemd.so'
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -270,8 +270,8 @@
     fail("Debian's os.release.major is <${facts['os']['release']['major']}> and must be 7, 8, 9, 10 or 11")
   }
 
-  if $facts['os']['name'] == 'Ubuntu' and !($facts['os']['release']['major'] in ['12.04', '14.04', '16.04', '18.04', '20.04', '22.04']) {
-    fail("Ubuntu's os.release.major is <${facts['os']['release']['major']}> and must be 12.04, 14.04, 16.04, 18.04, 20.04 or 22.04")
+  if $facts['os']['name'] == 'Ubuntu' and !($facts['os']['release']['major'] in ['12.04', '14.04', '16.04', '18.04', '20.04', '22.04', '24.04']) {
+    fail("Ubuntu's os.release.major is <${facts['os']['release']['major']}> and must be 12.04, 14.04, 16.04, 18.04, 20.04, 22.04 or 24.04")
   }
 
   if $pam_d_sshd_template == 'pam/sshd.custom.erb' {

diff --git a/metadata.json b/metadata.json
@@ -84,7 +84,8 @@
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
         "20.04",
-        "22.04"
+        "22.04",
+        "24.04"
       ]
     }
   ],

diff --git a/spec/acceptance/nodesets/ubuntu-2404.yml b/spec/acceptance/nodesets/ubuntu-2404.yml
@@ -0,0 +1,24 @@
+HOSTS:
+  ubuntu2404:
+    roles:
+      - agent
+    platform: ubuntu-24.04-amd64
+    hypervisor : docker
+    image: ubuntu:24.04
+    docker_preserve_image: true
+    docker_cmd: '["/sbin/init"]'
+    docker_image_commands:
+      - "rm -f /etc/dpkg/dpkg.cfg.d/excludes"
+      - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates'
+      - 'locale-gen en_US.UTF-8'
+    docker_env:
+      - LANG=en_US.UTF-8
+      - LANGUAGE=en_US.UTF-8
+      - LC_ALL=en_US.UTF-8
+    docker_container_name: 'pam-ubuntu2404'
+CONFIG:
+  log_level: debug
+  type: foss
+ssh:
+  password: root
+  auth_methods: ["password"]
diff --git a/templates/login.ubuntu24.erb b/templates/login.ubuntu24.erb
@@ -0,0 +1,18 @@
+auth       optional   pam_faildelay.so  delay=3000000
+auth       requisite  pam_nologin.so
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session    required     pam_loginuid.so
+session    optional   pam_motd.so motd=/run/motd.dynamic
+session    optional   pam_motd.so noupdate
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+session       required   pam_env.so readenv=1
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+@include common-auth
+auth       optional   pam_group.so
+session    required   pam_limits.so
+session    optional   pam_lastlog.so
+session    optional   pam_mail.so standard
+session    optional   pam_keyinit.so force revoke
+@include common-account
+@include common-session
+@include common-password
diff --git a/templates/sshd.ubuntu24.erb b/templates/sshd.ubuntu24.erb
@@ -0,0 +1,18 @@
+@include common-auth
+account    required     pam_nologin.so
+<% if @sshd_pam_access != 'absent' -%>
+account  <%= @sshd_pam_access %>     pam_access.so
+<% end -%>
+@include common-account
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+session    required     pam_loginuid.so
+session    optional     pam_keyinit.so force revoke
+@include common-session
+session    optional     pam_motd.so  motd=/run/motd.dynamic
+session    optional     pam_motd.so noupdate
+session    optional     pam_mail.so standard noenv # [1]
+session    required     pam_limits.so
+session    required     pam_env.so # [1]
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+@include common-password