Skip to content

Commit

Permalink
Notify sshd when conf.d files change
Browse files Browse the repository at this point in the history
Put Include directive first
Replaces #409 and #413
Fixes #407
Fixes #408
  • Loading branch information
treydock committed Nov 15, 2023
1 parent dd26d7e commit a343a67
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 9 deletions.
1 change: 1 addition & 0 deletions manifests/config_file_server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,6 @@
group => $group,
mode => $mode,
content => epp('ssh/config_file.epp', { 'lines' => $lines, 'custom' => $custom }),
notify => $ssh::server::notify_service,
}
}
8 changes: 7 additions & 1 deletion manifests/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -605,6 +605,12 @@
$packages_require = undef
}

if $manage_service {
$notify_service = Service['sshd_service']
} else {
$notify_service = undef
}

file { 'sshd_config' :
ensure => file,
path => $config_path,
Expand All @@ -626,7 +632,7 @@
recurse => $include_dir_purge,
force => $include_dir_purge,
require => $packages_require,
notify => Service['sshd_service'],
notify => $notify_service,
}
} else {
$include_dir = undef
Expand Down
3 changes: 2 additions & 1 deletion spec/classes/server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@
purge: 'true',
recurse: 'true',
force: 'true',
notify: 'Service[sshd_service]',
)
end
else
Expand Down Expand Up @@ -143,7 +144,7 @@
supported_os: [
{
'operatingsystem' => 'RedHat',
'operatingsystemrelease' => ['7'],
'operatingsystemrelease' => ['8'],
},
],
}
Expand Down
14 changes: 14 additions & 0 deletions spec/defines/config_file_server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,25 @@
'group' => 'root',
'mode' => '0600',
'content' => content_header,
'notify' => 'Service[sshd_service]',
},
)
end
end

context 'when not managing the sshd service' do
let(:pre_condition) do
<<-PP
class { 'ssh::server':
manage_service => false,
}
PP
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/ssh/sshd_config.d/ing.conf').without_notify }
end

context "on #{os} with ensure set to valid value" do
let(:params) { { ensure: 'absent' } }

Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/testing/Debian-11_sshd_config
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
#
# See https://man.openbsd.org/sshd_config for more info

Include /etc/ssh/sshd_config.d/*.conf
AcceptEnv LANG
AcceptEnv LC_*
Include /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication no
PrintMotd no
Subsystem sftp /usr/lib/openssh/sftp-server
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/testing/RedHat-9_sshd_config
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@
#
# See https://man.openbsd.org/sshd_config for more info

AuthorizedKeysFile .ssh/authorized_keys
Include /etc/ssh/sshd_config.d/*.conf
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp /usr/libexec/openssh/sftp-server
2 changes: 1 addition & 1 deletion spec/fixtures/testing/Ubuntu-20.04_sshd_config
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
#
# See https://man.openbsd.org/sshd_config for more info

Include /etc/ssh/sshd_config.d/*.conf
AcceptEnv LANG
AcceptEnv LC_ADDRESS
AcceptEnv LC_ALL
Expand All @@ -27,7 +28,6 @@ GSSAPICleanupCredentials yes
HostbasedAuthentication no
IgnoreRhosts yes
IgnoreUserKnownHosts no
Include /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication yes
LoginGraceTime 120
PasswordAuthentication yes
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/testing/Ubuntu-22.04_sshd_config
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
#
# See https://man.openbsd.org/sshd_config for more info

Include /etc/ssh/sshd_config.d/*.conf
AcceptEnv LANG
AcceptEnv LC_*
Include /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication no
PasswordAuthentication yes
PrintMotd no
Expand Down
6 changes: 3 additions & 3 deletions templates/sshd_config.erb
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@
#
# See https://man.openbsd.org/sshd_config for more info

<% if @include != nil -%>
Include <%= @include %>
<% end -%>
<% if @accept_env != nil -%>
<% @accept_env.each do |v| -%>
AcceptEnv <%= v %>
Expand Down Expand Up @@ -132,9 +135,6 @@ IgnoreRhosts <%= @ignore_rhosts %>
<% if @ignore_user_known_hosts != nil -%>
IgnoreUserKnownHosts <%= @ignore_user_known_hosts %>
<% end -%>
<% if @include != nil -%>
Include <%= @include %>
<% end -%>
<% if @ip_qos != nil -%>
IPQoS <%= @ip_qos %>
<% end -%>
Expand Down

0 comments on commit a343a67

Please sign in to comment.