Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / openssh / 50511c498aa7814dc0681aeb6e699988ab31e809 / . / openssh / schemas / server.yaml
blob: 7b0785986e0cc8759b14ad3f3a28c363e3949056 [file] [log] [blame]
%YAML 1.1
---
"$schema": "http://json-schema.org/draft-06/schema#"
title: openssh server role
description: |
openssh server configurathion
type: object
additionalProperties: false
required:
- enabled
- user
properties:
enabled:
description: |
Enables openssh server configurathion.
type: boolean
bind:
description: Specifies sshd servcive listen on configurathion.
type: object
properties:
port:
description: |
Specifies the local addresses sshd should listen on.
type: integer
address:
description: Specifies the port on which the server listens for connections. Multiple options are permitted.
type: string
example: 127.0.0.1 192.168.1.1
password_auth:
description: Specifies whether password authentication is allowed.
type: boolean
permit_root_login:
description: |
Specifies whether root can log in using ssh.
# TODO currently its only boolean option, need to be fixed.
# The argument must be ``yes'', ``prohibit-password'',
# ``without-password'', ``forced-commands-only'', or ``no''.
# The default is ``prohibit-password''.
# enum:
# - yes
# - no
# - without-password
# - forced-commands-only
# - prohibit-password
type: boolean
user:
description: |
List of openssh user's, to be configured.
type: object
additionalProperties: false
patternProperties:
'^[a-z][-a-z0-9_]*$': # man 5 adduser.conf
type: object
minProperties: 1
additionalProperties: false
required:
- enabled
properties:
enabled:
type: boolean
public_keys:
description: List of pub keys for user (> authorized_keys)
type: array
items:
- type: object
additionalProperties: false
properties:
key:
type: string
description: ssh public key
example: "ssh-rsa AAAAXXX username@example.com"
example:
- key: "ssh-rsa AAAAXXX1111 username@example.com"
- key: "ssh-rsa AAAAXXX2222 username@example.com"
user: # man 5 adduser.conf
$ref: "#/definitions/_global_useradd_user"
alive:
description: Configure ClientAlive* option's.
type: object
parameters:
keep:
description: Specifies whether the system should send TCP keepalive messages to the other side
type: string
enum:
- yes
- no
interval:
description: |
Configure ClientAliveInterval option.
Sets a timeout interval in seconds after which if no data has been
received from the client, sshd(8) will send a message through the
encrypted channel to request a response from the client.
type: integer
example: 600
count:
description: |
Configure ClientAliveCountMax option
Sets the number of client alive messages which may be sent without ssh receiving
any messages back from the client.
type: integer
example: 3
force_command:
description: |
Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if present.
type: string
use_dns:
description: |
Specifies whether sshd should look up the remote host name, and to
check that the resolved host name for the remote IP address maps back to the very same IP address
type: boolean
definitions:
_global_useradd_user:
description: Define exactly one linux user login data.
additionalProperties: false
type: object
required:
- enabled
- name
properties:
enabled:
type: boolean
home:
type: string
example: "/home/user123"
password:
type: string
example: "$6$cJ/vINf7$Wof3.L7L1lKqMFAKoTKxESKOZNSNc.K7BkeJNIXY5bETFjbS200njx9j.Y152wfFRoNXs6b3qBEF5Co0uNeyQ0" # r00tme
name:
type: string
example: user123
shell:
type: string
example: "/bin/sh"
sudo:
type: boolean
description: Allow user to use sudo
email:
type: string
example: example@mail.com
full_name:
type: string
example: "Cloud Infrastructure user"
uid:
type: integer