Re: how to deploy common ssh_config and sshd_config settings on all hosts?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Feb 06, 2017 at 09:45:36AM +0100, Harald Dunkel wrote:
> Hi Andy,
>
> On 02/02/17 17:43, Andy Smith wrote:
> > Hi Harald,
> >
> > On Thu, Feb 02, 2017 at 02:50:09PM +0100, Harald Dunkel wrote:
> >>
> >> Exactly. The central place in my case is a debian source package. It
> >> provides binary meta-packages referencing other packages and some
> >> /etc/service.d/local.conf files, extending the ususal /etc/service.conf
> >> files provided by the service's binary package.
> >
> > If you are making your own Debian packages with all of your custom
> > config already in them, then you could just put them in your own apt
> > repository and point all your machines there. But you must have
> > already thought of this so there must be some reason why that
> > solution is not acceptable…
> >
>
> I already have these common packages in a local repository. They
> Provide some common config settings, e.g. for exim4, rsyslog,
> logrotate, local certificates, fonts, etc. Most important: They
> depend on and recommend large lists of packages, helping to keep
> all hosts in sync.
>
> For openssh I have the problem that I can only override the whole
> ssh_config and sshd_config files. I cannot *extend* them. I had
> hoped to avoid the dpkg-divert.
You might try to patch (and unpatch, and make sure all of this is
idempotent) your config in the maintainer scripts. Not completely
trivial, but sounds doable (at least "well enough").
A big help in this might be the package "cme": its purpose is to
"understand" and "edit" configuration files in many formats. That
would mean some dependencies for you, of course.
(I haven't used CME yet, but by what I've seen it seems to be pretty
Well Done (TM))
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAliYQSoACgkQBcgs9XrR2kaf3ACfYyZwvKBdqFWahw7SrusZBkxY
R40An1nmpNEfHkJPd2zn9I1wHnTQM65l
=xL8c
-----END PGP SIGNATURE-----
Reply to: