confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins-build-27' into 'master'

Browse Source 
Auto-merge for build 27

See merge request puppet/confdroid_ssh!27
This commit is contained in:
Jenkins
2026-04-14 09:50:15 +00:00
committed by Jenkins Server
parent ca0ec2bb84 5f6b9d8b99
commit 52177608ce
7 changed files with 46 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.puppet-lint.rc
View File

@@ -1,3 +0,0 @@
--no-variable_scope-check
--no-top_scope_facts
--no-140chars-check

130
Jenkinsfile vendored
View File

@@ -1,130 +0,0 @@
pipeline {
agent {
label 'puppet'
}
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_ssh \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push -o merge_request.create \
-o merge_request.target=master \
-o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
-o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
-o merge_request.merge_when_pipeline_succeeds=true \
origin jenkins-build-$BUILD_NUMBER
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git rm -r --cached .puppet-lint.rc || echo "No .puppet-lint.rc to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

4
doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html
View File

@@ -141,7 +141,7 @@ class confdroid_ssh::main::dirs (
path => $ssh_etc_path,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
@@ -152,7 +152,7 @@ class confdroid_ssh::main::dirs (
ensure => directory,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,

44
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -532,7 +532,7 @@
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
@@ -568,7 +568,7 @@
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
@@ -1168,6 +1168,24 @@
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is none, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.</p>
</div>
</li>
<li>
<span class='name'>ssh_login_grace_time</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;2m&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is 2m, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log</p>
</div>
</li>
@@ -1183,12 +1201,6 @@
<pre class="lines">
194
195
196
197
198
199
200
201
202
@@ -1269,10 +1281,17 @@
277
278
279
280</pre>
280
281
282
283
284
285
286
287</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 194</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 200</span>
class confdroid_ssh::params (
@@ -1289,6 +1308,7 @@ class confdroid_ssh::params (
Boolean $ssh_manage_config = true,
String $ssh_address_family = &#39;any&#39;,
String $ssh_listen_address = &#39;0.0.0.0&#39;,
String $ssh_login_grace_time = &#39;2m&#39;,
String $ssh_root_login = &#39;prohibit-password&#39;,
String $ssh_strict_modes = &#39;yes&#39;,
String $ssh_max_auth_tries = &#39;6&#39;,
@@ -1303,9 +1323,9 @@ class confdroid_ssh::params (
String $ssh_rekeylimit = &#39;default none&#39;,
String $ssh_syslog_facility = &#39;AUTH&#39;,
String $ssh_log_level = &#39;INFO&#39;,
String $ssh_password_authentication = &#39;no&#39;,
String $ssh_password_authentication = &#39;yes&#39;,
String $ssh_permit_empty_passwords = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;yes&#39;,
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = &#39;yes&#39;,
String $ssh_kerberos_or_local_passwd = &#39;yes&#39;,

4
manifests/main/dirs.pp
View File

@@ -12,7 +12,7 @@ class confdroid_ssh::main::dirs (
path => $ssh_etc_path,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
@@ -23,7 +23,7 @@ class confdroid_ssh::main::dirs (
ensure => directory,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,

11
manifests/params.pp
View File

@@ -190,6 +190,12 @@
# display a custom banner message to users when they connect. This can be used
# to display legal notices, security warnings, or other information to users when
# they connect to the SSH server.
# @param [String] ssh_login_grace_time setting for sshd_config.
# Default is '2m', which means that users have 2 minutes to successfully
# authenticate before the server disconnects them, but can be set to a different
# time interval if desired. This setting can be used to limit the amount of time
# that attackers have to attempt to brute-force authentication, but should be set
# to a reasonable value to avoid disconnecting legitimate users who may need more time to log
##############################################################################
class confdroid_ssh::params (
@@ -206,6 +212,7 @@ class confdroid_ssh::params (
Boolean $ssh_manage_config = true,
String $ssh_address_family = 'any',
String $ssh_listen_address = '0.0.0.0',
String $ssh_login_grace_time = '2m',
String $ssh_root_login = 'prohibit-password',
String $ssh_strict_modes = 'yes',
String $ssh_max_auth_tries = '6',
@@ -220,9 +227,9 @@ class confdroid_ssh::params (
String $ssh_rekeylimit = 'default none',
String $ssh_syslog_facility = 'AUTH',
String $ssh_log_level = 'INFO',
String $ssh_password_authentication = 'no',
String $ssh_password_authentication = 'yes',
String $ssh_permit_empty_passwords = 'no',
String $ssh_kbd_interactive_auth = 'no',
String $ssh_kbd_interactive_auth = 'yes',
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = 'yes',
String $ssh_kerberos_or_local_passwd = 'yes',

1
templates/sshd_custom_conf.erb
View File

@@ -16,6 +16,7 @@ RekeyLimit <%= @ssh_rekeylimit %>
SyslogFacility <%= @ssh_syslog_facility %>
LogLevel <%= @ssh_log_level %>
LoginGraceTime <%= @ssh_login_grace_time %>
PermitRootLogin <%= @ssh_root_login %>
StrictModes <%= @ssh_strict_modes %>
MaxAuthTries <%= @ssh_max_auth_tries %>