As you can see, it's going to take each of the attributes you declare and write them to the file. It's logical that they would be listed in the file in the same order you listed them in your attributes file. So this is one instance where the order in which you list attributes can matter. It often doesn't matter. The cookbook is designed this way so it doesn't have to account for every possible configurable item supported by OpenSSH. You just tell it what you need and it will write it into the file. The advantage is that the cookbook won't need an update if, in the future, versions of OpenSSH are released that add new configurable parameters, so long as they don't break compatibility with the formatting of the /etc/ssh/ssh(d)_config files.The order of things can matter in Chef, and the way the openssh cookbook works is pretty simplistic. As far as the /etc/ssh/ssh_config file is concerned, take a look at how it's generated:Alexander,
https://github.com/chef-cookbooks/openssh/blob/master/templates/default/ssh_config.erbOn Tue, Sep 22, 2015 at 11:00 AM, Alexander Skwar < " target="_blank"> > wrote:Hi againHm. I guess, I'm doing something wrong… Now my ssh_config looks like this:$ cat /etc/ssh/ssh_config# This file was generated by Chef for host# Do NOT modify this file by hand!Host *Host fooPubkeyAuthentication noHostKeyAlgorithms ssh-dssHost barHostKeyAlgorithms ssh-dssGlobalKnownHostsFile /var/lib/sss/pubconf/known_hostsPubkeyAuthentication yesVerifyHostKeyDNS no#VerifyHostKeyDNS:No-SonstIstEsZuLangsam noHostKeyAlgorithms ssh-rsa,ssh-dssProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %hThat's clearly not, what I want.In my own cookbook, I've got this attributes/default.rb file:default['openssh']['client']['foo'] = {'pubkey_authentication' => 'no','host_key_algorithms' => 'ssh-dss'}default['openssh']['client']['bar'] = {'host_key_algorithms' => 'ssh-dss'}default['openssh']['client']['global_known_hosts_file'] = '/var/lib/sss/pubconf/known_hosts'default['openssh']['client']['pubkey_authentication'] = 'yes'default['openssh']['client']['verify_host_key_d_n_s'] = 'no'default['openssh']['client']['#_verify_host_key_d_n_s_:_no_-_sonst_ist_es_zu_langsam'] = 'no'default['openssh']['client']['host_key_algorithms'] = 'ssh-rsa,ssh-dss'default['openssh']['client']['proxy_command'] = '/usr/bin/sss_ssh_knownhostsproxy -p %p %h'#default['openssh']['client']['*'] = {}# EOFI would not have expected, that my "default" settings (eg. proxy_command to take just one example) is below "Host bar". As it is not in any Host hash, I would've expected, that the setting would've been above all the "Host …" blocks or maybe in the "Host *" block.How to do it correctly?When I move my "default lines" ABOVE all the "Host" lines (default['openssh']['client']['foo'] and default['openssh']['client']['bar']), then the generated ssh_config is good. Don't know, but that does not feel right.Regards,Alexander--2015-09-22 16:37 GMT+02:00 Alexander Skwar < " target="_blank"> >:HelloIn the openssh Cookbook from Supermarket @ supermarket.chef.io/cookbooks/openssh, the attributes file for the "client section" contains this:
default['openssh']['client']['host'] = '*'
Alexander -- => Google+ => http://plus.skwar.me <== => Chat (Jabber/Google Talk) => " target="_blank"> <==
Alexander -- => Google+ => http://plus.skwar.me <== => Chat (Jabber/Google Talk) => " target="_blank"> <==
Archive powered by MHonArc 2.6.16.