Showing with 57 additions and 3 deletions.

+1 −1 Modulefile

+9 −1 README.md

+5 −0 manifests/init.pp

+1 −1 metadata.json

+40 −0 spec/classes/init_spec.rb

+1 −0 templates/sshd_config.erb
diff --git a/Modulefile b/Modulefile
@@ -1,5 +1,5 @@
 name    'ghoneycutt-ssh'
-version '3.15.2'
+version '3.16.0'
 source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'

diff --git a/README.md b/README.md
@@ -131,6 +131,14 @@ sshd_config's group.
 
 - *Default*: 'root'
 
+sshd_config_loglevel
+---------------------------
+LogLevel option in sshd_config. Acceptable values are QUIET, FATAL, ERROR, INFO, VERBOSE.
+
+*DEBUG, DEBUG1, DEBUG2, and DEBUG3* are permitted values for sshd, however [setting the logging level to DEBUG or higher violates the privacy of users](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config) and should not be done unless manually debugging.
+
+- *Default*: 'INFO'
+
 sshd_config_mode
 ---------------
 sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris.
@@ -187,7 +195,7 @@ Specifies whether sshd should check file modes and ownership of the user's files
 
 sshd_config_serverkeybits
 ----------------------------
-Defines the number of bits in the ephemeral protocol version 1 server key.  The minimum value is 512, and the default is 1024 except for Solaris default value is 768. 
+Defines the number of bits in the ephemeral protocol version 1 server key.  The minimum value is 512, and the default is 1024 except for Solaris default value is 768.
 
 - *Default*: '1024' except for Solaris which is '768'
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -26,6 +26,7 @@
   $sshd_config_path                 = '/etc/ssh/sshd_config',
   $sshd_config_owner                = 'root',
   $sshd_config_group                = 'root',
+  $sshd_config_loglevel             = 'INFO',
   $sshd_config_mode                 = 'USE_DEFAULTS',
   $sshd_config_port                 = '22',
   $sshd_config_syslog_facility      = 'AUTH',
@@ -494,6 +495,10 @@
     }
   }
 
+  #loglevel
+  $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
+  validate_re($sshd_config_loglevel, $supported_loglevel_vals)
+
   package { $packages_real:
     ensure    => installed,
     source    => $ssh_package_source_real,

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-ssh",
-  "version": "3.15.2",
+  "version": "3.16.0",
   "author": "ghoneycutt",
   "summary": "Manages SSH",
   "license": "Apache License, Version 2.0",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -59,6 +59,7 @@
 
     it { should contain_file('sshd_config').with_content(/^Port 22$/) }
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -182,6 +183,7 @@
     }
 
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -282,6 +284,7 @@
     }
 
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -381,6 +384,7 @@
     }
 
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -480,6 +484,7 @@
 
     it { should contain_file('sshd_config').with_content(/^Port 22$/) }
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -586,6 +591,7 @@
 
     it { should contain_file('sshd_config').with_content(/^Port 22$/) }
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -692,6 +698,7 @@
 
     it { should contain_file('sshd_config').with_content(/^Port 22$/) }
     it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) }
@@ -885,6 +892,7 @@
 
     it { should contain_file('sshd_config').with_content(/^Port 22222$/) }
     it { should contain_file('sshd_config').with_content(/^SyslogFacility DAEMON$/) }
+    it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) }
     it { should contain_file('sshd_config').with_content(/^LoginGraceTime 60$/) }
     it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) }
     it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/) }
@@ -928,6 +936,37 @@
     }
   end
 
+  describe 'sshd_loglevel param' do
+    context 'when set to an invalid value' do
+      let :facts do
+        {
+          :fqdn      => 'monkey.example.com',
+          :osfamily  => 'RedHat',
+          :root_home => '/root',
+          :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+        }
+      end
+      let (:params) {{'sshd_config_loglevel' => 'BOGON'}}
+      it 'should fail' do
+        expect { subject }.to raise_error(Puppet::Error, /"BOGON" does not match/)
+      end
+    end
+    ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val|
+      context "when set to #{supported_val}" do
+        let :facts do
+          {
+            :fqdn      => 'monkey.example.com',
+            :osfamily  => 'RedHat',
+            :root_home => '/root',
+            :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+          }
+        end
+        let (:params) {{ 'sshd_config_loglevel' => supported_val}}
+        it { should contain_file('sshd_config').with_content(/^LogLevel #{supported_val}$/) }
+      end
+    end
+  end
+
   context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do
     let :facts do
       {
@@ -1912,6 +1951,7 @@
     end
   end
 
+
   describe 'with parameter ssh_sendenv specified' do
     ['true',true].each do |value|
       context "as #{value}" do

diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
@@ -38,6 +38,7 @@ ServerKeyBits <%= @sshd_config_serverkeybits_real %>
 #SyslogFacility AUTH
 SyslogFacility <%= @sshd_config_syslog_facility %>
 #LogLevel INFO
+LogLevel <%= @sshd_config_loglevel %>
 
 # Authentication: