| Revision | eb808f9ae05d8b24888d8477f9ac6d89d40752b6 (tree) |
|---|---|
| Zeit | 2016-01-31 18:14:16 |
| Autor | whitestar <whitestar@gaea...> |
| Commiter | whitestar |
add SSH-CA KRL configuration.
cookbooks/ssh_utils/CHANGELOG.md (diff) cookbooks/ssh_utils/README.md (diff) cookbooks/ssh_utils/attributes/default.rb (diff) cookbooks/ssh_utils/metadata.rb (diff) cookbooks/ssh_utils/recipes/server.rb (diff)| @@ -1,6 +1,10 @@ | ||
| 1 | 1 | ssh_utils CHANGELOG |
| 2 | 2 | =================== |
| 3 | 3 | |
| 4 | +0.2.0 | |
| 5 | +----- | |
| 6 | +- add SSH-CA KRL configuration. | |
| 7 | + | |
| 4 | 8 | 0.1.1 |
| 5 | 9 | ----- |
| 6 | 10 | - update for Ubuntu 14.04 |
| @@ -20,7 +20,8 @@ Attributes | ||
| 20 | 20 | |Key|Type|Description, example|Default| |
| 21 | 21 | |:--|:--|:--|:--| |
| 22 | 22 | |`['ssh_utils']['with_ssl_cert_cookbook']`|Boolean|works with `ssl_cert` cookbook.|`false`| |
| 23 | -|`['ssh_utils']['ssl_cert']['ca_pubkey_name']`|String|deployed SSH-CA public key name.|`nil`| | |
| 23 | +|`['ssh_utils']['ssl_cert']['ca_pubkey_name']`|String|deployed SSH-CA public key name from chef-fault.|`nil`| | |
| 24 | +|`['ssh_utils']['ssl_cert']['ssh_ca_krl_name']`|String|deployed SSH-CA KRL name from chef-vault. (0.2.0 or later)|`nil`| | |
| 24 | 25 | |`['ssh_utils']['sshd_config']['extra_props']['<property_name>']`|String of Array|properties for sshd_config.|empty| |
| 25 | 26 | |
| 26 | 27 | Usage |
| @@ -32,7 +33,10 @@ Usage | ||
| 32 | 33 | - set up OpenSSH server. |
| 33 | 34 | - If `node['ssh_utils']['with_ssl_cert_cookbook']` is true, |
| 34 | 35 | `node['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys']` is overridden |
| 35 | - by the file path based on `node['ssh_utils']['ssl_cert']['ca_pubkey_name']` attributes. | |
| 36 | + by the file path based on `node['ssh_utils']['ssl_cert']['ca_pubkey_name']` attribute. | |
| 37 | +- If `node['ssh_utils']['with_ssl_cert_cookbook']` is true, | |
| 38 | +`node['ssh_utils']['sshd_config']['extra_props']['RevokedKeys']` is overridden | |
| 39 | + by the file path based on `node['ssh_utils']['ssl_cert']'ssh_ca_krl_name']` attribute too. | |
| 36 | 40 | |
| 37 | 41 | License and Authors |
| 38 | 42 | ------------------- |
| @@ -22,13 +22,18 @@ default['ssh_utils']['with_ssl_cert_cookbook'] = false | ||
| 22 | 22 | # node['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] |
| 23 | 23 | # is overridden by the following 'ca_pubkey_name' attributes. |
| 24 | 24 | default['ssh_utils']['ssl_cert']['ca_pubkey_name'] = nil |
| 25 | +# If node['ssh_utils']['with_ssl_cert_cookbook'] is true, | |
| 26 | +# node['ssh_utils']['sshd_config']['extra_props']['RevokedKeys'] | |
| 27 | +# is overridden by the following 'ssh_ca_krl_name' attributes. | |
| 28 | +default['ssh_utils']['ssl_cert']['ssh_ca_krl_name'] = nil # e.g. 'grid_ssh_ca' | |
| 25 | 29 | |
| 26 | 30 | # server |
| 27 | 31 | default['ssh_utils']['sshd_config'] = { |
| 28 | 32 | 'extra_props' => { |
| 29 | 33 | # e.g. |
| 30 | 34 | #'Banner' => '/etc/issue.net', |
| 31 | - #'TrustedUserCAKeys' => '/path/to/ca_public_keys.pub', | |
| 35 | + #'TrustedUserCAKeys' => '/path/to/ssh_ca_public_keys.pub', | |
| 36 | + #'RevokedKeys' => '/path/to/ssh_ca.krl', | |
| 32 | 37 | }, |
| 33 | 38 | } |
| 34 | 39 |
| @@ -4,7 +4,7 @@ maintainer_email '' | ||
| 4 | 4 | license 'Apache 2.0' |
| 5 | 5 | description 'Installs/Configures ssh_utils' |
| 6 | 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) |
| 7 | -version '0.1.1' | |
| 7 | +version '0.2.0' | |
| 8 | 8 | |
| 9 | -depends 'ssl_cert', '>= 0.2.0' | |
| 9 | +depends 'ssl_cert', '>= 0.3.0' | |
| 10 | 10 |
| @@ -17,10 +17,16 @@ | ||
| 17 | 17 | # limitations under the License. |
| 18 | 18 | # |
| 19 | 19 | |
| 20 | -if node['ssh_utils']['with_ssl_cert_cookbook'] \ | |
| 21 | - && !node['ssh_utils']['ssl_cert']['ca_pubkey_name'].nil? then | |
| 22 | - node.override['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] \ | |
| 23 | - = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ca_pubkey_name']}_pubkey_path"] | |
| 20 | +if node['ssh_utils']['with_ssl_cert_cookbook'] then | |
| 21 | + if !node['ssh_utils']['ssl_cert']['ca_pubkey_name'].nil? then | |
| 22 | + node.override['ssh_utils']['sshd_config']['extra_props']['TrustedUserCAKeys'] \ | |
| 23 | + = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ca_pubkey_name']}_pubkey_path"] | |
| 24 | + end | |
| 25 | + | |
| 26 | + if !node['ssh_utils']['ssl_cert']['ssh_ca_krl_name'].nil? then | |
| 27 | + node.override['ssh_utils']['sshd_config']['extra_props']['RevokedKeys'] \ | |
| 28 | + = node['ssl_cert']["#{node['ssh_utils']['ssl_cert']['ssh_ca_krl_name']}_krl_path"] | |
| 29 | + end | |
| 24 | 30 | end |
| 25 | 31 | |
| 26 | 32 | [ |
Fork