diff --git a/.puppet-lint.rc b/.puppet-lint.rc deleted file mode 100644 index 269b058..0000000 --- a/.puppet-lint.rc +++ /dev/null @@ -1,3 +0,0 @@ ---no-variable_scope-check ---no-top_scope_facts ---no-140chars-check \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 03e1e65..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,130 +0,0 @@ -pipeline { - agent { - label 'puppet' - } - - post { - always { - deleteDir() /* clean up our workspace */ - } - success { - updateGitlabCommitStatus state: 'success' - } - failure { - updateGitlabCommitStatus state: 'failed' - step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true]) - } - } - - options { - gitLabConnection('gitlab.confdroid.com') - } - - stages { - - stage('pull master') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - # Ensure we're on the development branch (triggered by push) - git checkout development - # Create jenkins branch from development - git checkout -b jenkins-build-$BUILD_NUMBER - # Optionally merge master into jenkins to ensure compatibility - git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; } - ''' - } - } - } - - stage('puppet parser') { - steps { - sh '''for file in $(find . -iname \'*.pp\'); do - /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1; - done;''' - } - } - - stage('check templates') { - steps{ - sh '''for file in $(find . -iname \'*.erb\'); - do erb -P -x -T "-" $file | ruby -c || exit 1; - done;''' - } - } - - stage('puppet-lint') { - steps { - sh '''/usr/local/bin/puppet-lint . \\ - --no-variable_scope-check \\ - || { echo "Puppet lint failed"; exit 1; } - ''' - } - } - - stage('SonarScan') { - steps { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - sh ''' - /opt/sonar-scanner/bin/sonar-scanner \ - -Dsonar.projectKey=confdroid_ssh \ - -Dsonar.sources=. \ - -Dsonar.host.url=https://sonarqube.confdroid.com \ - -Dsonar.token=$SONAR_TOKEN - ''' - } - } - } - - stage('create Puppet documentation') { - steps { - sh '/opt/puppetlabs/bin/puppet strings' - } - } - - stage('update repo') { - steps { - sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) { - sh ''' - git config user.name "Jenkins Server" - git config user.email jenkins@confdroid.com - git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit" - git push -o merge_request.create \ - -o merge_request.target=master \ - -o merge_request.title="Auto-merge for build $BUILD_NUMBER" \ - -o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \ - -o merge_request.merge_when_pipeline_succeeds=true \ - origin jenkins-build-$BUILD_NUMBER - ''' - } - } - } - stage('Mirror to Gitea') { - steps { - withCredentials([usernamePassword( - credentialsId: 'Jenkins-gitea', - usernameVariable: 'GITEA_USER', - passwordVariable: 'GITEA_TOKEN')]) { - script { - // Checkout from GitLab (already done implicitly) - sh ''' - git checkout master - git pull origin master - git branch -D development - git branch -D jenkins-build-$BUILD_NUMBER - git rm -f Jenkinsfile - git rm -r --cached .vscode || echo "No .vscode to remove from git" - git rm -r --cached .puppet-lint.rc || echo "No .puppet-lint.rc to remove from git" - git commit --amend --no-edit --allow-empty - git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git - git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \ - push master --mirror - ''' - } - } - } - } - } -} \ No newline at end of file diff --git a/README.md b/README.md index 8361fe3..f88c2b6 100644 --- a/README.md +++ b/README.md @@ -25,11 +25,13 @@ ## Features - install required binaries -- manage local custom configuration based on parameters, overriding the defaults - manage selinux rules - manage service - (optional) manage firewall - + +> Note +Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the `ssh_custom_ensure`setting set to `absent` (default). + ## Support - Rocky 9 (Any RHEL 9 based OS should work but has not been tested) diff --git a/doc/file.README.html b/doc/file.README.html index 92c2f45..d50ddf8 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -97,8 +97,6 @@ +
+

Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the ssh_custom_ensuresetting set to absent (default).

+
+

Support