confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Compare commits

base: confdroid:ff1b1821502453c1dee13b10d521d5eaaf4adb13
Branches Tags
confdroid:master
confdroid:1.0.1-04.2026 confdroid:1.0.0-04.2026
...
compare: confdroid:16bab4c98e3c28bf28a2ecf14176c48f917b5f31
Branches Tags
confdroid:master
confdroid:1.0.1-04.2026 confdroid:1.0.0-04.2026

5 Commits
ff1b182150 ... 16bab4c98e

Author SHA1 Message Date
Jenkins
16bab4c98e Merge branch 'jenkins-build-21' into 'master' 
Auto-merge for build 21

See merge request puppet/confdroid_ssh!21
 2026-04-13 14:55:18 +02:00
Jenkins Server
e7ac45b383 Recommit for updates in build 21 2026-04-13 14:21:20 +02:00
Jenkins Server
b507f60c7a Merge remote-tracking branch 'origin/master' into jenkins-build-21 2026-04-13 14:20:26 +02:00
12ww1160
c97d093d84 OP#575 finish password section 2026-04-13 14:20:06 +02:00
Jenkins
f1b95f2852 Merge branch 'jenkins-build-20' into 'master' 
Auto-merge for build 20

See merge request puppet/confdroid_ssh!20
 2026-04-13 12:03:05 +00:00
4 changed files with 97 additions and 149 deletions
Expand all files Collapse all files

129
Jenkinsfile vendored
View File

@@ -1,129 +0,0 @@
pipeline {
agent {
label 'puppet'
}
post {
always {
deleteDir() /* clean up our workspace */
}
success {
updateGitlabCommitStatus state: 'success'
}
failure {
updateGitlabCommitStatus state: 'failed'
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
}
}
options {
gitLabConnection('gitlab.confdroid.com')
}
stages {
stage('pull master') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
# Ensure we're on the development branch (triggered by push)
git checkout development
# Create jenkins branch from development
git checkout -b jenkins-build-$BUILD_NUMBER
# Optionally merge master into jenkins to ensure compatibility
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
'''
}
}
}
stage('puppet parser') {
steps {
sh '''for file in $(find . -iname \'*.pp\'); do
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
done;'''
}
}
stage('check templates') {
steps{
sh '''for file in $(find . -iname \'*.erb\');
do erb -P -x -T "-" $file | ruby -c || exit 1;
done;'''
}
}
stage('puppet-lint') {
steps {
sh '''/usr/local/bin/puppet-lint . \\
--no-variable_scope-check \\
|| { echo "Puppet lint failed"; exit 1; }
'''
}
}
stage('SonarScan') {
steps {
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
sh '''
/opt/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=confdroid_ssh \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.confdroid.com \
-Dsonar.token=$SONAR_TOKEN
'''
}
}
}
stage('create Puppet documentation') {
steps {
sh '/opt/puppetlabs/bin/puppet strings'
}
}
stage('update repo') {
steps {
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
sh '''
git config user.name "Jenkins Server"
git config user.email jenkins@confdroid.com
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
git push -o merge_request.create \
-o merge_request.target=master \
-o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
-o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
-o merge_request.merge_when_pipeline_succeeds=true \
origin jenkins-build-$BUILD_NUMBER
'''
}
}
}
stage('Mirror to Gitea') {
steps {
withCredentials([usernamePassword(
credentialsId: 'Jenkins-gitea',
usernameVariable: 'GITEA_USER',
passwordVariable: 'GITEA_TOKEN')]) {
script {
// Checkout from GitLab (already done implicitly)
sh '''
git checkout master
git pull origin master
git branch -D development
git branch -D jenkins-build-$BUILD_NUMBER
git rm -f Jenkinsfile
git rm -r --cached .vscode || echo "No .vscode to remove from git"
git commit --amend --no-edit --allow-empty
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
push master --mirror
'''
}
}
}
}
}
}

92
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -520,6 +520,60 @@
— —
<div class='inline'> <div class='inline'>
<p>LogLevel setting for sshd_config. Default is INFO.</p> <p>LogLevel setting for sshd_config. Default is INFO.</p>
</div>
</li>
<li>
<span class='name'>ssh_password_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PasswordAuthentication setting for sshd_config. Default is no, which requires key-based authentication. This is a recommended security setting, so passwords do not show up in logs, but can be set to yes if password authentication is desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_permit_empty_passwords</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PermitEmptyPasswords setting for sshd_config. Default is no, which is a recommended security setting and works in connection with key-based authentication, but can be set to yes if password authentication should be allowed and empty passwords should be allowed. Again, this should be used with caution if enabled.</p>
</div>
</li>
<li>
<span class='name'>ssh_kbd_interactive_auth</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no, which is a recommended security setting together with password authentication, but can be set to yes if keyboard-interactive authentication should be allowed. (not recommended)</p>
</div> </div>
</li> </li>
@@ -535,19 +589,6 @@
<pre class="lines"> <pre class="lines">
37
38
39
40
41
42
43
44
45
46
47
48
49
50 50
51 51
52 52
@@ -585,10 +626,26 @@
84 84
85 85
86 86
87</pre> 87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 37</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 50</span>
class confdroid_ssh::params ( class confdroid_ssh::params (
@@ -618,7 +675,10 @@ class confdroid_ssh::params (
String $ssh_hostkey_type = &#39;rsa&#39;, String $ssh_hostkey_type = &#39;rsa&#39;,
String $ssh_rekeylimit = &#39;default none&#39;, String $ssh_rekeylimit = &#39;default none&#39;,
String $ssh_syslog_facility = &#39;AUTH&#39;, String $ssh_syslog_facility = &#39;AUTH&#39;,
String $ssh_log_level = &#39;INFO&#39; String $ssh_log_level = &#39;INFO&#39;,
String $ssh_password_authentication = &#39;no&#39;,
String $ssh_permit_empty_passwords = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;no&#39;
) { ) {
# default facts # default facts

18
manifests/params.pp
View File

@@ -33,6 +33,19 @@
# Default is 'AUTH'. # Default is 'AUTH'.
# @param [String] ssh_log_level LogLevel setting for sshd_config. # @param [String] ssh_log_level LogLevel setting for sshd_config.
# Default is 'INFO'. # Default is 'INFO'.
# @param [String] ssh_password_authentication PasswordAuthentication setting
# for sshd_config. Default is 'no', which requires key-based authentication.
# This is a recommended security setting, so passwords do not show up in logs,
# but can be set to 'yes' if password authentication is desired.
# @param [String] ssh_permit_empty_passwords PermitEmptyPasswords setting
# for sshd_config. Default is 'no', which is a recommended security setting
# and works in connection with key-based authentication, but can be set
# to 'yes' if password authentication should be allowed and empty passwords
# should be allowed. Again, this should be used with caution if enabled.
# @param [String] ssh_kbd_interactive_auth setting for sshd_config.
# Default is 'no', which is a recommended security setting together
# with password authentication, but can be set to 'yes' if
# keyboard-interactive authentication should be allowed. (not recommended)
############################################################################## ##############################################################################
class confdroid_ssh::params ( class confdroid_ssh::params (
@@ -62,7 +75,10 @@ class confdroid_ssh::params (
String $ssh_hostkey_type = 'rsa', String $ssh_hostkey_type = 'rsa',
String $ssh_rekeylimit = 'default none', String $ssh_rekeylimit = 'default none',
String $ssh_syslog_facility = 'AUTH', String $ssh_syslog_facility = 'AUTH',
String $ssh_log_level = 'INFO' String $ssh_log_level = 'INFO',
String $ssh_password_authentication = 'no',
String $ssh_permit_empty_passwords = 'no',
String $ssh_kbd_interactive_auth = 'no'
) { ) {
# default facts # default facts

7
templates/sshd_custom_conf.erb
View File

@@ -8,11 +8,9 @@
Port <%= @ssh_fw_port %> Port <%= @ssh_fw_port %>
AddressFamily <%= @ssh_address_family %> AddressFamily <%= @ssh_address_family %>
ListenAddress <%= @ssh_listen_address %> ListenAddress <%= @ssh_listen_address %>
<% if @ssh_use_specific_hostkey -%> <% if @ssh_use_specific_hostkey -%>
HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
<% end -%> <% end -%>
RekeyLimit <%= @ssh_rekeylimit %> RekeyLimit <%= @ssh_rekeylimit %>
SyslogFacility <%= @ssh_syslog_facility %> SyslogFacility <%= @ssh_syslog_facility %>
@@ -30,4 +28,7 @@ AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>
AuthorizedKeysCommand <%= @ssh_authorized_keys_command %> AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %> AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
# test PasswordAuthentication <%= @ssh_password_authentication %>
PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>