Grid環境構築用のChefリポジトリです。
Revision | eb808f9ae05d8b24888d8477f9ac6d89d40752b6 (tree) |
---|---|
Zeit | 2016-01-31 18:14:16 |
Autor | whitestar <whitestar@gaea...> |
Commiter | whitestar |
add SSH-CA KRL configuration.
@@ -1,6 +1,10 @@ | ||
1 | 1 | ssh_utils CHANGELOG |
2 | 2 | =================== |
3 | 3 | |
4 | +0.2.0 | |
5 | +----- | |
6 | +- add SSH-CA KRL configuration. | |
7 | + | |
4 | 8 | 0.1.1 |
5 | 9 | ----- |
6 | 10 | - update for Ubuntu 14.04 |
@@ -20,7 +20,8 @@ Attributes | ||
20 | 20 | |Key|Type|Description, example|Default| |
21 | 21 | |:--|:--|:--|:--| |
22 | 22 | |`['ssh_utils']['with_ssl_cert_cookbook']`|Boolean|works with `ssl_cert` cookbook.|`false`| |
23 | -|`['ssh_utils']['ssl_cert']['ca_pubkey_name']`|String|deployed SSH-CA public key name.|`nil`| | |
23 | +|`['ssh_utils']['ssl_cert']['ca_pubkey_name']`|String|deployed SSH-CA public key name from chef-fault.|`nil`| | |
24 | +|`['ssh_utils']['ssl_cert']['ssh_ca_krl_name']`|String|deployed SSH-CA KRL name from chef-vault. (0.2.0 or later)|`nil`| | |
24 | 25 | |`['ssh_utils']['sshd_config']['extra_props']['<property_name>']`|String of Array|properties for sshd_config.|empty| |
25 | 26 | |
26 | 27 | Usage |
@@ -32,7 +33,10 @@ Usage | ||
32 | 33 | - set up OpenSSH server. |
33 | 34 | - If `node['ssh_utils']['with_ssl_cert_cookbook']` is true, |
34 | 35 | `node['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys']` is overridden |
35 | - by the file path based on `node['ssh_utils']['ssl_cert']['ca_pubkey_name']` attributes. | |
36 | + by the file path based on `node['ssh_utils']['ssl_cert']['ca_pubkey_name']` attribute. | |
37 | +- If `node['ssh_utils']['with_ssl_cert_cookbook']` is true, | |
38 | +`node['ssh_utils']['sshd_config']['extra_props']['RevokedKeys']` is overridden | |
39 | + by the file path based on `node['ssh_utils']['ssl_cert']'ssh_ca_krl_name']` attribute too. | |
36 | 40 | |
37 | 41 | License and Authors |
38 | 42 | ------------------- |
@@ -22,13 +22,18 @@ default['ssh_utils']['with_ssl_cert_cookbook'] = false | ||
22 | 22 | # node['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] |
23 | 23 | # is overridden by the following 'ca_pubkey_name' attributes. |
24 | 24 | default['ssh_utils']['ssl_cert']['ca_pubkey_name'] = nil |
25 | +# If node['ssh_utils']['with_ssl_cert_cookbook'] is true, | |
26 | +# node['ssh_utils']['sshd_config']['extra_props']['RevokedKeys'] | |
27 | +# is overridden by the following 'ssh_ca_krl_name' attributes. | |
28 | +default['ssh_utils']['ssl_cert']['ssh_ca_krl_name'] = nil # e.g. 'grid_ssh_ca' | |
25 | 29 | |
26 | 30 | # server |
27 | 31 | default['ssh_utils']['sshd_config'] = { |
28 | 32 | 'extra_props' => { |
29 | 33 | # e.g. |
30 | 34 | #'Banner' => '/etc/issue.net', |
31 | - #'TrustedUserCAKeys' => '/path/to/ca_public_keys.pub', | |
35 | + #'TrustedUserCAKeys' => '/path/to/ssh_ca_public_keys.pub', | |
36 | + #'RevokedKeys' => '/path/to/ssh_ca.krl', | |
32 | 37 | }, |
33 | 38 | } |
34 | 39 |
@@ -4,7 +4,7 @@ maintainer_email '' | ||
4 | 4 | license 'Apache 2.0' |
5 | 5 | description 'Installs/Configures ssh_utils' |
6 | 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) |
7 | -version '0.1.1' | |
7 | +version '0.2.0' | |
8 | 8 | |
9 | -depends 'ssl_cert', '>= 0.2.0' | |
9 | +depends 'ssl_cert', '>= 0.3.0' | |
10 | 10 |
@@ -17,10 +17,16 @@ | ||
17 | 17 | # limitations under the License. |
18 | 18 | # |
19 | 19 | |
20 | -if node['ssh_utils']['with_ssl_cert_cookbook'] \ | |
21 | - && !node['ssh_utils']['ssl_cert']['ca_pubkey_name'].nil? then | |
22 | - node.override['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] \ | |
23 | - = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ca_pubkey_name']}_pubkey_path"] | |
20 | +if node['ssh_utils']['with_ssl_cert_cookbook'] then | |
21 | + if !node['ssh_utils']['ssl_cert']['ca_pubkey_name'].nil? then | |
22 | + node.override['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] \ | |
23 | + = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ca_pubkey_name']}_pubkey_path"] | |
24 | + end | |
25 | + | |
26 | + if !node['ssh_utils']['ssl_cert']['ssh_ca_krl_name'].nil? then | |
27 | + node.override['ssh_utils']['sshd_config']['extra_props']['RevokedKeys'] \ | |
28 | + = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ssh_ca_krl_name']}_krl_path"] | |
29 | + end | |
24 | 30 | end |
25 | 31 | |
26 | 32 | [ |