confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins-build-17' into 'master'

Browse Source 
Auto-merge for build 17

See merge request puppet/confdroid_ssh!17
This commit is contained in:
Jenkins
2026-04-13 10:58:09 +00:00
committed by Jenkins Server
parent b8c1e9d6b0 0570348f10
commit edf4d771ed
4 changed files with 211 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
Jenkinsfile vendored
View File

@@ -1,129 +0,0 @@
pipeline {
agent {
label 'puppet'
}
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_ssh \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push -o merge_request.create \
-o merge_request.target=master \
-o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
-o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
-o merge_request.merge_when_pipeline_succeeds=true \
origin jenkins-build-$BUILD_NUMBER
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

194
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -340,6 +340,132 @@
—
<div class='inline'>
<p>MaxSessions setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_pubkey_auth</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PubkeyAuthentication setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_auth_key_files</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;.ssh/authorized_keys&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysFile setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_principals_file</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;none&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedPrincipalsFile setting for sshd_config. Default is none to disable this setting.</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_keys_command</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;none&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysCommand setting for sshd_config. Default is none to disable this setting.</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_keys_command_user</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;nobody&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysCommandUser setting for sshd_config. Default is nobody to use an unpriviledged user.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_specific_hostkey</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use a specific host key</p>
</div>
</li>
<li>
<span class='name'>ssh_hostkey_type</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;rsa&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>type of host key to use if ssh_use_specific_hostkey is true</p>
</div>
</li>
@@ -355,17 +481,6 @@
<pre class="lines">
20
21
22
23
24
25
26
27
28
29
30
31
32
33
@@ -395,30 +510,55 @@
57
58
59
60</pre>
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 20</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 31</span>
class confdroid_ssh::params (
Array $ssh_reqpackages = [&#39;openssh&#39;,&#39;openssh-clients&#39;,&#39;openssh-server&#39;],
String $pkg_ensure = &#39;present&#39;,
Array $ssh_reqpackages = [&#39;openssh&#39;,&#39;openssh-clients&#39;,&#39;openssh-server&#39;],
String $pkg_ensure = &#39;present&#39;,
# firewall settings
String $ssh_fw_rule = &#39;present&#39;,
String $ssh_fw_port = &#39;22&#39;,
String $ssh_fw_order = &#39;50&#39;,
String $ssh_source_range = &#39;0.0.0.0/0&#39;,
String $ssh_fw_rule = &#39;present&#39;,
String $ssh_fw_port = &#39;22&#39;,
String $ssh_fw_order = &#39;50&#39;,
String $ssh_source_range = &#39;0.0.0.0/0&#39;,
# main configuration
Boolean $ssh_manage_config = true,
String $ssh_address_family = &#39;any&#39;,
String $ssh_listen_address = &#39;0.0.0.0&#39;,
String $ssh_root_login = &#39;prohibit-password&#39;,
String $ssh_strict_modes = &#39;yes&#39;,
String $ssh_max_auth_tries = &#39;6&#39;,
String $ssh_max_sessions = &#39;10&#39;,
# sshd configuration
Boolean $ssh_manage_config = true,
String $ssh_address_family = &#39;any&#39;,
String $ssh_listen_address = &#39;0.0.0.0&#39;,
String $ssh_root_login = &#39;prohibit-password&#39;,
String $ssh_strict_modes = &#39;yes&#39;,
String $ssh_max_auth_tries = &#39;6&#39;,
String $ssh_max_sessions = &#39;10&#39;,
String $ssh_pubkey_auth = &#39;yes&#39;,
String $ssh_auth_key_files = &#39;.ssh/authorized_keys&#39;,
String $ssh_authorized_principals_file = &#39;none&#39;,
String $ssh_authorized_keys_command = &#39;none&#39;,
String $ssh_authorized_keys_command_user = &#39;nobody&#39;,
Boolean $ssh_use_specific_hostkey = false,
String $ssh_hostkey_type = &#39;rsa&#39;,
) {
# default facts

46
manifests/params.pp
View File

@@ -16,26 +16,44 @@
# @param [String] ssh_strict_modes StrictModes setting for sshd_config
# @param [String] ssh_max_auth_tries MaxAuthTries setting for sshd_config
# @param [String] ssh_max_sessions MaxSessions setting for sshd_config
# @param [String] ssh_pubkey_auth PubkeyAuthentication setting for sshd_config
# @param [String] ssh_auth_key_files AuthorizedKeysFile setting for sshd_config
# @param [String] ssh_authorized_principals_file AuthorizedPrincipalsFile
# setting for sshd_config. Default is 'none' to disable this setting.
# @param [String] ssh_authorized_keys_command AuthorizedKeysCommand setting for sshd_config.
# Default is 'none' to disable this setting.
# @param [String] ssh_authorized_keys_command_user AuthorizedKeysCommandUser setting for sshd_config.
# Default is 'nobody' to use an unpriviledged user.
# @param [Boolean] ssh_use_specific_hostkey whether to use a specific host key
# @param [String] ssh_hostkey_type type of host key to use if
# ssh_use_specific_hostkey is true
##############################################################################
class confdroid_ssh::params (
Array $ssh_reqpackages = ['openssh','openssh-clients','openssh-server'],
String $pkg_ensure = 'present',
Array $ssh_reqpackages = ['openssh','openssh-clients','openssh-server'],
String $pkg_ensure = 'present',
# firewall settings
String $ssh_fw_rule = 'present',
String $ssh_fw_port = '22',
String $ssh_fw_order = '50',
String $ssh_source_range = '0.0.0.0/0',
String $ssh_fw_rule = 'present',
String $ssh_fw_port = '22',
String $ssh_fw_order = '50',
String $ssh_source_range = '0.0.0.0/0',
# main configuration
Boolean $ssh_manage_config = true,
String $ssh_address_family = 'any',
String $ssh_listen_address = '0.0.0.0',
String $ssh_root_login = 'prohibit-password',
String $ssh_strict_modes = 'yes',
String $ssh_max_auth_tries = '6',
String $ssh_max_sessions = '10',
# sshd configuration
Boolean $ssh_manage_config = true,
String $ssh_address_family = 'any',
String $ssh_listen_address = '0.0.0.0',
String $ssh_root_login = 'prohibit-password',
String $ssh_strict_modes = 'yes',
String $ssh_max_auth_tries = '6',
String $ssh_max_sessions = '10',
String $ssh_pubkey_auth = 'yes',
String $ssh_auth_key_files = '.ssh/authorized_keys',
String $ssh_authorized_principals_file = 'none',
String $ssh_authorized_keys_command = 'none',
String $ssh_authorized_keys_command_user = 'nobody',
Boolean $ssh_use_specific_hostkey = false,
String $ssh_hostkey_type = 'rsa',
) {
# default facts

11
templates/sshd_custom_conf.erb
View File

@@ -13,3 +13,14 @@ PermitRootLogin <%= @ssh_root_login %>
StrictModes <%= @ssh_strict_modes %>
MaxAuthTries <%= @ssh_max_auth_tries %>
MaxSessions <%= @ssh_max_sessions %>
PubkeyAuthentication <%= @ssh_pubkey_auth %>
AuthorizedKeysFile <%= @ssh_auth_key_files %>
AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>
AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
<% if @ssh_use_specific_hostkey -%>
HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
<% end -%>