diff --git a/.puppet-lint.rc b/.puppet-lint.rc deleted file mode 100644 index 269b058..0000000 --- a/.puppet-lint.rc +++ /dev/null @@ -1,3 +0,0 @@ ---no-variable_scope-check ---no-top_scope_facts ---no-140chars-check \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 03e1e65..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,130 +0,0 @@ -pipeline { - agent { - label 'puppet' - } - - post { - always { - deleteDir() /* clean up our workspace */ - } - success { - updateGitlabCommitStatus state: 'success' - } - failure { - updateGitlabCommitStatus state: 'failed' - step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true]) - } - } - - options { - gitLabConnection('gitlab.confdroid.com') - } - - stages { - - stage('pull master') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - # Ensure we're on the development branch (triggered by push) - git checkout development - # Create jenkins branch from development - git checkout -b jenkins-build-$BUILD_NUMBER - # Optionally merge master into jenkins to ensure compatibility - git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; } - ''' - } - } - } - - stage('puppet parser') { - steps { - sh '''for file in $(find . -iname \'*.pp\'); do - /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1; - done;''' - } - } - - stage('check templates') { - steps{ - sh '''for file in $(find . -iname \'*.erb\'); - do erb -P -x -T "-" $file | ruby -c || exit 1; - done;''' - } - } - - stage('puppet-lint') { - steps { - sh '''/usr/local/bin/puppet-lint . \\ - --no-variable_scope-check \\ - || { echo "Puppet lint failed"; exit 1; } - ''' - } - } - - stage('SonarScan') { - steps { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - sh ''' - /opt/sonar-scanner/bin/sonar-scanner \ - -Dsonar.projectKey=confdroid_ssh \ - -Dsonar.sources=. \ - -Dsonar.host.url=https://sonarqube.confdroid.com \ - -Dsonar.token=$SONAR_TOKEN - ''' - } - } - } - - stage('create Puppet documentation') { - steps { - sh '/opt/puppetlabs/bin/puppet strings' - } - } - - stage('update repo') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit" - git push -o merge_request.create \ - -o merge_request.target=master \ - -o merge_request.title="Auto-merge for build $BUILD_NUMBER" \ - -o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \ - -o merge_request.merge_when_pipeline_succeeds=true \ - origin jenkins-build-$BUILD_NUMBER - ''' - } - } - } - stage('Mirror to Gitea') { - steps { - withCredentials([usernamePassword( - credentialsId: 'Jenkins-gitea', - usernameVariable: 'GITEA_USER', - passwordVariable: 'GITEA_TOKEN')]) { - script { - // Checkout from GitLab (already done implicitly) - sh ''' - git checkout master - git pull origin master - git branch -D development - git branch -D jenkins-build-$BUILD_NUMBER - git rm -f Jenkinsfile - git rm -r --cached .vscode || echo "No .vscode to remove from git" - git rm -r --cached .puppet-lint.rc || echo "No .puppet-lint.rc to remove from git" - git commit --amend --no-edit --allow-empty - git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git - git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \ - push master --mirror - ''' - } - } - } - } - } -} \ No newline at end of file diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html index 8460181..008c095 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html @@ -166,7 +166,7 @@ class confdroid_ssh::main::files ( if $ssh_manage_config { file { $sshd_custom_conf: - ensure => file, + ensure => $ssh_custom_ensure, path => $sshd_custom_conf, owner => $sshd_user, group => $sshd_user, diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html index 5290b75..9c3ea31 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -1186,6 +1186,24 @@ —

setting for sshd_config. Default is ‘2m’, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log

+
+ + + +
  • + + ssh_custom_ensure + + + (String) + + + (defaults to: 'file') + + + — +
    +

    whether the custom configuration file should be file or absent.

    • @@ -1201,8 +1219,6 @@ 
     
 
-200
-201
 202
 203
 204
@@ -1288,10 +1304,13 @@
 284
 285
 286
-287
    +287 +288 +289 +290 - 
    # File 'manifests/params.pp', line 200
+        
    # File 'manifests/params.pp', line 202
 
 class confdroid_ssh::params (
 
@@ -1305,6 +1324,7 @@ class confdroid_ssh::params (
   String $ssh_source_range                  = '0.0.0.0/0',
 
   # sshd configuration 
+  String  $ssh_custom_ensure                = 'file',
   Boolean $ssh_manage_config                = true,
   String  $ssh_address_family               = 'any',
   String  $ssh_listen_address               = '0.0.0.0',
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 118cf09..6543586 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -23,7 +23,7 @@ class confdroid_ssh::main::files (
 
   if $ssh_manage_config {
     file { $sshd_custom_conf:
-      ensure   => file,
+      ensure   => $ssh_custom_ensure,
       path     => $sshd_custom_conf,
       owner    => $sshd_user,
       group    => $sshd_user,
diff --git a/manifests/params.pp b/manifests/params.pp
index 6040012..fa28b2d 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -196,6 +196,8 @@
 #   time interval if desired. This setting can be used to limit the amount of time
 #   that attackers have to attempt to brute-force authentication, but should be set
 #   to a reasonable value to avoid disconnecting legitimate users who may need more time to log
+# @param [String] ssh_custom_ensure whether the custom configuration file 
+#   should be file or absent.
 ##############################################################################
 class confdroid_ssh::params (
 
@@ -209,6 +211,7 @@ class confdroid_ssh::params (
   String $ssh_source_range                  = '0.0.0.0/0',
 
   # sshd configuration 
+  String  $ssh_custom_ensure                = 'file',
   Boolean $ssh_manage_config                = true,
   String  $ssh_address_family               = 'any',
   String  $ssh_listen_address               = '0.0.0.0',