diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 00000000..23d2d44c --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,12 @@ +fixtures: + repositories: + "stdlib": + repo: "git://github.com/puppetlabs/puppetlabs-stdlib.git" + ref: "3.2.0" + "common": + repo: "git://github.com/ghoneycutt/puppet-module-common.git" + ref: "v1.0.0" + "firewall": + repo: "git://github.com/puppetlabs/puppetlabs-firewall.git" + symlinks: + "ssh": "#{source_dir}" diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..e019b3dc --- /dev/null +++ b/.travis.yml @@ -0,0 +1,13 @@ +language: ruby +before_script: "gem install --no-ri --no-rdoc bundler" +after_script: +script: 'SPEC_OPTS="--format documentation" bundle exec rake spec' +notifications: + email: false +rvm: + - 1.9.3 + - 1.8.7 +env: + - PUPPET_VERSION=2.7.13 + - PUPPET_VERSION=3.2.1 +gemfile: Gemfile diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..6e86a9f1 --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source :rubygems + +puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 2.7'] +gem 'puppet', puppetversion +gem 'puppetlabs_spec_helper', '>= 0.1.0' +gem 'puppet-lint', '>= 0.3.2' diff --git a/Modulefile b/Modulefile index 27a78077..d1613ca9 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'ghoneycutt-ssh' -version '2.0.0' +version '2.0.1' source 'git://github.com/ghoneycutt/puppet-module-ssh.git' author 'ghoneycutt' license 'Apache License, Version 2.0' @@ -7,6 +7,6 @@ summary 'Manages SSH' description 'Manage SSH' project_page 'https://github.com/ghoneycutt/puppet-module-ssh' -dependency 'puppetlabs/stdlib', '=> 3.2.x' +dependency 'puppetlabs/stdlib', '3.2.x' dependency 'ghoneycutt/common', '1.0.0' -dependency 'puppetlabs/firewall', '>= 0.2.1' +dependency 'puppetlabs/firewall' diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb new file mode 100644 index 00000000..5cbdae8d --- /dev/null +++ b/spec/classes/init_spec.rb @@ -0,0 +1,250 @@ +require 'spec_helper' +describe 'ssh' do + + context 'with default params' do + let :facts do + { + :fqdn => 'monkey.example.com', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + it { should include_class('ssh')} + + it { should_not include_class('common')} + + it { + should contain_package('ssh_packages').with({ + 'ensure' => 'installed', + 'name' => ['openssh-server','openssh-server','openssh-clients'], + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) + } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) + } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'sshd', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + end + + context 'with manage_root_ssh_config set to \'true\'' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { :manage_root_ssh_config => 'true' } + end + + it { should include_class('ssh')} + + it { should include_class('common')} + + it { + should contain_package('ssh_packages').with({ + 'ensure' => 'installed', + 'name' => ['openssh-server','openssh-server','openssh-clients'], + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) + } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) + } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'sshd', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + + it { + should contain_file('root_ssh_dir').with({ + 'ensure' => 'directory', + 'path' => '/root/.ssh', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0700', + 'require' => 'Common::Mkdir_p[/root/.ssh]', + }) + } + end + + context 'with manage_root_ssh_config set to invalid value' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { :manage_root_ssh_config => 'invalid' } + end + + it 'should fail' do + expect { + should include_class('ssh') + }.to raise_error(Puppet::Error,/manage_root_ssh_config is and must be \'true\' or \'false\'./) + end + end + + context 'with manage_firewall set to true' do + let :facts do + { + :fqdn => 'monkey.example.com', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { :manage_firewall => true } + end + + it { should include_class('ssh')} + + it { should_not include_class('common')} + + it { + should contain_package('ssh_packages').with({ + 'ensure' => 'installed', + 'name' => ['openssh-server','openssh-server','openssh-clients'], + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) + } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[ssh_packages]', + }) + } + + it { + should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) + } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'sshd', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + + it { + should contain_firewall('22 open port 22 for SSH').with({ + 'action' => 'accept', + 'dport' => '22', + 'proto' => 'tcp', + }) + } + end +end diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 41ca8a8e..eada5a59 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -1,7 +1,7 @@ # This file is being maintained by Puppet. # DO NOT EDIT -# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -45,12 +45,12 @@ # TunnelDevice any:any # PermitLocalCommand no Host * - GSSAPIAuthentication yes + GSSAPIAuthentication yes # If this option is set to yes then remote X11 clients will have full access # to the original X11 display. As virtually no X11 client supports the untrusted # mode correctly we set this to yes. - ForwardX11Trusted yes + ForwardX11Trusted yes # Send locale-related environment variables - SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - SendEnv LC_IDENTIFICATION LC_ALL + SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL