dust-deploy 0.4.2 → 0.4.3

data/changelog.md

@@ -1,6 +1,18 @@
 Changelog
 =============
 
+0.4.3
+------------
+
+adds sshd recipe, which configures sshd_config. all sshd options are supported, with more or less intelligent default settings.
+usage:
+
+    recipes:
+      sshd:
+        Port: 12345
+        X11Forward: yes
+
+
 0.4.2
 ------------
 

data/lib/dust/helper.rb

@@ -32,6 +32,11 @@ class Hash
     end
     self
   end
+
+  # converts each value to an array, so .each and .combine won't get hickups
+  def values_to_array!
+    self.each { |k, v| self[k] = [ self[k] ] unless self[k].is_a? Array }
+  end
 end
 
 # stole this from Afz902k who posted something similar at stackoverflow.com
@@ -69,4 +74,4 @@ module Dust
       return false
     end
   end
-end
+end

data/lib/dust/recipes/sshd.rb

@@ -0,0 +1,73 @@
+class Sshd < Recipe
+  
+  desc 'sshd:deploy', 'installs and configures the ssh server'
+  def deploy 
+    return unless @node.install_package 'openssh-server'
+
+    generate_default_config
+    @config.values_to_array!
+
+    check_hostkeys
+    apply_configuration
+
+    @node.write '/etc/ssh/sshd_config', @sshd_config
+    restart_daemon
+  end
+
+
+  private
+
+  def default_config
+    { 'Port' => 22,
+      'Protocol' => 2,
+      'AcceptEnv' => 'LANG LC_*',
+      'HostKey' => [ '/etc/ssh/ssh_host_dsa_key',
+                     '/etc/ssh/ssh_host_ecdsa_key',
+                      '/etc/ssh/ssh_host_rsa_key' ],
+      'PasswordAuthentication' => 'yes', 
+      'ChallengeResponseAuthentication' => 'no',
+      'X11Forwarding' => 'yes',
+      'UsePAM' => 'yes',
+      'SyslogFacility' => 'AUTH',
+      'GSSAPIAuthentication' => 'no'
+    }
+  end
+
+  def generate_default_config
+    @config = default_config.merge @config
+
+    unless @config['sftp']
+      @config['Subsystem'] ||= 'sftp /usr/lib/openssh/sftp-server' if @node.uses_apt?
+      @config['Subsystem'] ||= 'sftp /usr/libexec/openssh/sftp-server' if @node.uses_rpm?
+    end
+
+    if @node.uses_rpm?
+      @config['SyslogFacility'] ||= 'AUTHPRIV'
+      @config['GSSAPIAuthentication'] ||= 'yes'
+    end
+  end
+
+  def apply_configuration
+    @sshd_config = ''
+    @config.each do |key, values|
+      values.each { |value| @sshd_config.concat "#{key} #{value}\n" }
+    end
+  end
+
+  def check_hostkeys
+    @config['HostKey'].each do |hostkey|
+      unless @node.file_exists? hostkey, :quiet => true
+        ::Dust.print_warning "hostkey '#{hostkey}' not found. removing from config"
+        @config['HostKey'].delete hostkey
+      end
+    end
+  end
+
+  def restart_daemon
+    daemon = 'ssh' if @node.uses_apt?
+    daemon = 'sshd' if @node.uses_rpm?
+
+    @node.restart_service daemon if @options.restart
+    @node.reload_service daemon if @options.reload
+  end
+end

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.4.2"
+  VERSION = "0.4.3"
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 4
-  - 2
-  version: 0.4.2
+  - 3
+  version: 0.4.3
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-17 00:00:00 +01:00
+date: 2012-01-19 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -145,6 +145,7 @@ files:
 - lib/dust/recipes/repositories.rb
 - lib/dust/recipes/resolv_conf.rb
 - lib/dust/recipes/ssh_authorized_keys.rb
+- lib/dust/recipes/sshd.rb
 - lib/dust/recipes/unattended_upgrades.rb
 - lib/dust/recipes/zabbix_agent.rb
 - lib/dust/server.rb