Readme

• Readme
  • Synopsis
  • WARNING
  • Features
  • Adding custom configurations
  • Support
  • Parameter Inheritance
  • Module Deployment
  • Tests
  • Contact Us
  • Disclaimer

Synopsis

confdroid_sshmanages the aspects of the sshd daemon.

WARNING

Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production

Features

• install required binaries
• manage required files and directories including selinux context
• manage service
• (optional) manage firewall

Adding custom configurations

Custom configuration files live in /etc/ssh/sshd_config.d/. IN order to create a custom config file, add a stanza like this in your control repo:

confdroid_ssh::custom::custom_config { '30-my-custom-rule':
  config_name    => '30-custom-rule',
  config_content => ['PasswordAuthentication no'],
}

This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:

###############################################################################
##### DO NOT EDIT THIS FILE MANUALLY                                          #
##### This file is managed by Puppet. Any changes to this file will be        #
##### overwritten. Update the Puppet define input instead.                    #
###############################################################################
PasswordAuthentication no

Note that the value for config_content has to be an array, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.

Support

• Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
• Puppet 8

Parameter Inheritance

All parameters are listed in params.pp and inherited from there. Variable parameters are in the upper section and also documented in the top. These can be overridden by the ENC. Parameters in the bottom section (curly brackets) cannot be overridden and usually are used for keeping the code in the classes more readable.

Module Deployment

Almost every puppet setup is done in very custom ways, and hence the way the modules are deployed to nodes are different. This module assumes Foreman as ENC, so the modules just have to be present on the master node and Foreman will take care for it.

Tests

• Puppet Lint
  • excluded tests:
    • --no-variable_scope-check: not applicable as we are inheriting parameters from params class. the lint check does not distinguish between facts and inherited parameters.
• Puppet Parser
• ERB Template Parser
• Sonar Quality Gate

Contact Us

• contact Us
• Feedback Portal

Disclaimer

ConfDroid as entity is entirely independent from Puppet. We provide custom configuration modules, written for specific purposes and specific environments. The modules are tested and supported only as documented, and require testing in designated environments (i.e. lab or development environments) for parameter tuning etc. before deploying into production environments.