confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins-build-23' into 'master'

Browse Source 
Auto-merge for build 23

See merge request puppet/confdroid_ssh!23
This commit is contained in:
Jenkins
2026-04-13 13:01:39 +00:00
committed by Jenkins Server
parent 6a9563ae04 a648676a51
commit 761f071573
4 changed files with 43 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
Jenkinsfile vendored
View File

@@ -1,129 +0,0 @@
pipeline {
agent {
label 'puppet'
}
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_ssh \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push -o merge_request.create \
-o merge_request.target=master \
-o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
-o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
-o merge_request.merge_when_pipeline_succeeds=true \
origin jenkins-build-$BUILD_NUMBER
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

44
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -772,6 +772,24 @@
— —
<div class='inline'> <div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSSAPI for k5users.</p> <p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSSAPI for k5users.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_pam</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to yes only if you want to use PAM for authentication together with those settings.</p>
</div> </div>
</li> </li>
@@ -787,12 +805,6 @@
<pre class="lines"> <pre class="lines">
93
94
95
96
97
98
99 99
100 100
101 101
@@ -852,10 +864,16 @@
155 155
156 156
157 157
158</pre> 158
159
160
161
162
163
164</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 93</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 99</span>
class confdroid_ssh::params ( class confdroid_ssh::params (
@@ -896,11 +914,11 @@ class confdroid_ssh::params (
String $ssh_kerberos_get_afstoken = &#39;no&#39;, String $ssh_kerberos_get_afstoken = &#39;no&#39;,
String $ssh_kerberos_use_kuserok = &#39;yes&#39;, String $ssh_kerberos_use_kuserok = &#39;yes&#39;,
Boolean $ssh_use_gssapi = false, Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = &#39;yes&#39;, String $ssh_gssapi_authentication = &#39;yes&#39;,
String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;, String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;,
String $ssh_gssapi_key_exchange = &#39;no&#39;, String $ssh_gssapi_key_exchange = &#39;no&#39;,
String $ssh_gssapi_enablek5users = &#39;no&#39;, String $ssh_gssapi_enablek5users = &#39;no&#39;,
String $ssh_use_pam = &#39;no&#39;,
) { ) {
# default facts # default facts

16
manifests/params.pp
View File

@@ -89,6 +89,12 @@
# @param [String] ssh_gssapi_enablek5users setting for sshd_config. # @param [String] ssh_gssapi_enablek5users setting for sshd_config.
# Default is 'no'. This setting is only relevant if GSSAPI authentication is # Default is 'no'. This setting is only relevant if GSSAPI authentication is
# enabled, and should be set to 'yes' if you want to enable GSSAPI for k5users. # enabled, and should be set to 'yes' if you want to enable GSSAPI for k5users.
# @param [String] ssh_use_pam setting for sshd_config. Default is 'no'. PAM is not
# commonly used for SSH authentication and can introduce security risks if
# not configured properly, so it is disabled by default. Thi setting is
# related to PasswordAuthentication and KbdInteractiveAuthentication, and
# should be set to 'yes' only if you want to use PAM for authentication
# together with those settings.
############################################################################## ##############################################################################
class confdroid_ssh::params ( class confdroid_ssh::params (
@@ -129,11 +135,11 @@ class confdroid_ssh::params (
String $ssh_kerberos_get_afstoken = 'no', String $ssh_kerberos_get_afstoken = 'no',
String $ssh_kerberos_use_kuserok = 'yes', String $ssh_kerberos_use_kuserok = 'yes',
Boolean $ssh_use_gssapi = false, Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = 'yes', String $ssh_gssapi_authentication = 'yes',
String $ssh_gssapi_cleanup_credentials = 'yes', String $ssh_gssapi_cleanup_credentials = 'yes',
String $ssh_gssapi_key_exchange = 'no', String $ssh_gssapi_key_exchange = 'no',
String $ssh_gssapi_enablek5users = 'no', String $ssh_gssapi_enablek5users = 'no',
String $ssh_use_pam = 'no',
) { ) {
# default facts # default facts

1
templates/sshd_custom_conf.erb
View File

@@ -31,6 +31,7 @@ AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
PasswordAuthentication <%= @ssh_password_authentication %> PasswordAuthentication <%= @ssh_password_authentication %>
PermitEmptyPasswords <%= @ssh_permit_empty_passwords %> PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %> KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
UsePAM <%= @ssh_use_pam %>
<% if @ssh_use_kerberos -%> <% if @ssh_use_kerberos -%>
KerberosAuthentication <%= @ssh_kerberos_authentication %> KerberosAuthentication <%= @ssh_kerberos_authentication %>