heat_template_version: wallaby description: > Configure sshd_config parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json BannerText: default: '' description: Configures Banner text in sshd_config type: string MessageOfTheDay: default: '' description: Configures /etc/motd text type: string SshServerOptions: default: {} description: Mapping of sshd_config values type: json SshServerOptionsOverrides: default: {} description: Mapping of sshd_config values to override definitions in SshServerOptions type: json PasswordAuthentication: default: 'no' description: Whether or not disable password authentication type: string SshFirewallAllowAll: default: false description: Set this to true to open up ssh access from all sources. type: boolean conditions: ssh_firewall_allow_all: {equals: [{get_param: SshFirewallAllowAll}, true]} outputs: role_data: description: Role data for the ssh value: service_name: sshd firewall_rules: '003 accept ssh from all': proto: 'tcp' dport: 22 extras: ensure: {if: [ssh_firewall_allow_all, 'present', 'absent']} config_settings: tripleo::profile::base::sshd::bannertext: {get_param: BannerText} tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay} tripleo::profile::base::sshd::options: map_merge: - {get_param: SshServerOptions} - {get_param: SshServerOptionsOverrides} tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication} step_config: | include tripleo::profile::base::sshd