From 86d9048be1641fe90e132d5578dad0a5febddc01 Mon Sep 17 00:00:00 2001 From: Chris Portman Date: Tue, 15 Apr 2014 13:09:28 +1000 Subject: [PATCH 1/3] Implement Specific Option Ordering Requirements If the options 'Port' or 'ListenAddress' are specified they are plucked from the options hash and put at the top of the sshd config file with Port befire ListenAddress as is required by the sshd software (having ListenAddress before Port will cause an error). The rest of the options hash is processed as normal --- templates/sshd_config.erb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 50e57b789..01b8f1a14 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,4 +1,10 @@ # File is managed by Puppet +<%- if port = scope.lookupvar('ssh::server::merged_options').delete('Port') -%> +Port <%= port %> +<%- end -%> +<%- if listen = scope.lookupvar('ssh::server::merged_options').delete('ListenAddress') -%> +ListenAddress <%= listen %> +<%- end -%> <%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? sk.to_s : '' }.each do |k, v| -%> <%- if v.is_a?(Hash) -%> From 89a42a4eaf349cf99c668c121a96ea43108e5627 Mon Sep 17 00:00:00 2001 From: Chris Portman Date: Tue, 15 Apr 2014 13:32:37 +1000 Subject: [PATCH 2/3] Sort the Options Hash Sort the options hash by downcased key. Any Match are forced to the end. This works by sorting the options keys as an array so that it should work in ruby 1.8.7 --- templates/sshd_config.erb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 01b8f1a14..04b261272 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -6,10 +6,13 @@ Port <%= port %> ListenAddress <%= listen %> <%- end -%> -<%- scope.lookupvar('ssh::server::merged_options').sort_by{ |sk| (sk.to_s.downcase.include? "match") ? sk.to_s : '' }.each do |k, v| -%> +<%- options = scope.lookupvar('ssh::server::merged_options') -%> +<%- options.keys.sort_by{ |sk| (sk.to_s.downcase.include? "match") ? 'zzz' + sk.to_s : sk.to_s }.each do |k| -%> +<%- v = options[k] -%> <%- if v.is_a?(Hash) -%> <%= k %> -<%- v.sort.each do |key, value| -%> +<%- v.keys.sort.each do |key| -%> + <%- value = v[key] -%> <%- if value.is_a?(Array) -%> <%- value.each do |a| -%> <%= key %> <%= a %> From 02037f0b41d63e1ab2d699afb082d9db960ce275 Mon Sep 17 00:00:00 2001 From: Chris Portman Date: Tue, 15 Apr 2014 14:03:09 +1000 Subject: [PATCH 3/3] Only do scope.lookupvar once Improving some efficiency --- templates/sshd_config.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 04b261272..13db0d1a9 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,12 +1,12 @@ # File is managed by Puppet -<%- if port = scope.lookupvar('ssh::server::merged_options').delete('Port') -%> +<%- options = scope.lookupvar('ssh::server::merged_options') -%> +<%- if port = options.delete('Port') -%> Port <%= port %> <%- end -%> -<%- if listen = scope.lookupvar('ssh::server::merged_options').delete('ListenAddress') -%> +<%- if listen = options.delete('ListenAddress') -%> ListenAddress <%= listen %> <%- end -%> -<%- options = scope.lookupvar('ssh::server::merged_options') -%> <%- options.keys.sort_by{ |sk| (sk.to_s.downcase.include? "match") ? 'zzz' + sk.to_s : sk.to_s }.each do |k| -%> <%- v = options[k] -%> <%- if v.is_a?(Hash) -%>