General discussion about Chef

[chef] Re: Re: openssh Cookbook - why default attribute default['openssh']['client']['host'] = '*' - override?


Chronological Thread 
  • From: Tensibai < >
  • To:
  • Subject: [chef] Re: Re: openssh Cookbook - why default attribute default['openssh']['client']['host'] = '*' - override?
  • Date: Thu, 24 Sep 2015 10:35:15 +0200

Quick version: Set your defaults attributes before the other Hashes as the template will read in the order of appearance (declaration)

 

In my opinion a better way would be to do this:

default['openssh']['client']['*'] = {
  'global_known_hosts_file' = '/var/lib/sss/pubconf/known_hosts'
  'pubkey_authentication' = 'yes'
 
  'verify_host_key_d_n_s' = 'no'
  '#_verify_host_key_d_n_s_:_no_-_sonst_ist_es_zu_langsam'] = 'no'
  'host_key_algorithms' = 'ssh-rsa,ssh-dss'
  'proxy_command' = '/usr/bin/sss_ssh_knownhostsproxy -p %p %h'
}
 
default['openssh']['client']['foo'] = {
    'pubkey_authentication' => 'no',
    'host_key_algorithms' => 'ssh-dss'
}
 
default['openssh']['client']['bar'] = {
    'host_key_algorithms' => 'ssh-dss'
}
 
 
 
The template for ssh_config[1] iterate over the key just under 'client' and build the values accordingly.
 
[1] https://github.com/chef-cookbooks/openssh/blob/master/templates/default/ssh_config.erb
 

 

Le 2015-09-22 17:00, Alexander Skwar a écrit :

Hi again
 
 
Hm. I guess, I'm doing something wrong... Now my ssh_config looks like this:
 
$ cat /etc/ssh/ssh_config 
# This file was generated by Chef for host
# Do NOT modify this file by hand!
 
Host *
Host foo
PubkeyAuthentication no
HostKeyAlgorithms ssh-dss
Host bar
HostKeyAlgorithms ssh-dss
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
VerifyHostKeyDNS no
#VerifyHostKeyDNS:No-SonstIstEsZuLangsam no
HostKeyAlgorithms ssh-rsa,ssh-dss
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
 
 
That's clearly not, what I want.
 
In my own cookbook, I've got this attributes/default.rb file:
 
default['openssh']['client']['foo'] = {
    'pubkey_authentication' => 'no',
    'host_key_algorithms' => 'ssh-dss'
}
 
default['openssh']['client']['bar'] = {
    'host_key_algorithms' => 'ssh-dss'
}
 
default['openssh']['client']['global_known_hosts_file'] = '/var/lib/sss/pubconf/known_hosts'
default['openssh']['client']['pubkey_authentication'] = 'yes'
 
default['openssh']['client']['verify_host_key_d_n_s'] = 'no'
default['openssh']['client']['#_verify_host_key_d_n_s_:_no_-_sonst_ist_es_zu_langsam'] = 'no'
default['openssh']['client']['host_key_algorithms'] = 'ssh-rsa,ssh-dss'
default['openssh']['client']['proxy_command'] = '/usr/bin/sss_ssh_knownhostsproxy -p %p %h'
 
#default['openssh']['client']['*'] = {}
 
# EOF
 
 
I would not have expected, that my "default" settings (eg. proxy_command to take just one example) is below "Host bar". As it is not in any Host hash, I would've expected, that the setting would've been above all the "Host ..." blocks or maybe in the "Host *" block.
 
 
How to do it correctly? 
 
When I move my "default lines" ABOVE all the "Host" lines (default['openssh']['client']['foo'] and default['openssh']['client']['bar']), then the generated ssh_config is good. Don't know, but that does not feel right.
 
Regards,
Alexander
 
 
 
 

2015-09-22 16:37 GMT+02:00 Alexander Skwar < "> >:
Hello
 
In the openssh Cookbook from Supermarket @ supermarket.chef.io/cookbooks/openssh, the attributes file for the "client section" contains this:
 
default['openssh']['client']['host'] = '*'
 
See github.com/chef-cookbooks/openssh/blob/master/attributes/default.rb#L57
 
Short question: How do I get rid of this, without having to modify the openssh/attributes/default.rb file; ie. from my own cookbook, which has a "include_recipe "openssh"" somewhere.

 
​Because of that, the generated /etc/ssh/ssh_config file contains at least this:
 
$ cat /etc/ssh/ssh_config 
# This file was generated by Chef for host
# Do NOT modify this file by hand!
 
Host *
Ie., there's at least a "Host *" entry. And the way I have it now, all my attributes are below that; ie. my ssh_config file reads:
 
$ cat /etc/ssh/ssh_config 
# This file was generated by Chef for host
# Do NOT modify this file by hand!
 
Host *
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
VerifyHostKeyDNS no
#VerifyHostKeyDNS:No-SonstIstEsZuLangsam no
HostKeyAlgorithms ssh-rsa,ssh-dss
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
 
That's not quite what I want. I don't want that "Host *" line there.
 
 
Thanks a lot,

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 ">
  <==


 
-- 

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 ">
  <==
 

 

 

Archive powered by MHonArc 2.6.16.

§