Windows Compatibility

[AnthyG-epias]

Pull Request (PR) description

This Pull Request adds the required modifications to the module for it to be compatible with the Windows Capability ("Optional Feature") OpenSSH.Server.

It adds a section to the README.md with an example on how to set it up on Windows.

I decided to not add the additional installation and configuration steps to the module, because as I understand, the Windows Capability is not broadly available on every Windows Version. I believe it should be compatible with the chocolatey way of installation, but I have not tested this.

I had some problems with the windows specific permission / ownership system and I solved them by using the puppetlabs-acl puppet module, but looking at #225 it might not be necessary. But as it stands, it works, and I don't really want to invest more time unless I have more knowledge that can be easily applied. That is to say, I heartily welcome suggestions, tips, tricks, hints etc..

I actually did not see #225 up until today (when I was basically finished with my changes), and as some changes do seem to match 1to1, I consider them changes that should be merged regardless of the rest of my proposed changes. E.g. that file ownership is configurable, and that the already configurable sshd binary path is used for config file validation.

I have successfully tested my proposed changes on multiple freshly provisioned machines running Windows Server 2022.

This Pull Request (PR) fixes the following issues

Fixes #225

Things left to do

• add descriptions for new parameters
• update REFERENCE.md

[AnthyG-epias]

how are these extra pipelines triggered, and can I run the necessary stuff locally instead of having to wait for the pipelines to run?

[saz]

@AnthyG-epias bundle exec rake spec should do it. See https://voxpupuli.org/docs/how_to_run_tests/ for helpful details.

[AnthyG-epias]

anything left to do, e.g. additional tests that should exist before approve?

[saz]

@AnthyG-epias Can you squash commits and rebase to the current master?

[saz]

@AnthyG-epias I've integrated some changes (#435 and #436) already. This should make your PR a bit easier and will only include changes related to Windows compatability.

[AnthyG-epias]

In my original proposition, I had the additional option ssh::server::manage_config_permissions which allowed me to skip setting owner and group properties for the file and concat resources. @saz, are you able to tell me, whether it is possible to use null here instead? As far as I remember, the Microsoft OpenSSH Feature sets the required permissions itself, and overwriting them caused issues.

I might be able to test it next week, but I can't guarantee, because I'm currently working on other things. I'd also have to find out how to use puppet environments I guess.

  $config_file_ownership = $ssh::server::manage_config_permissions ? {
    false   => {},
    default => {
      owner => $ssh::server::config_user,
      group => $ssh::server::config_group,
    }
  }

    file { $ssh::server::include_dir:
      ensure  => directory,
      *       => $config_file_ownership,
      mode    => $ssh::server::include_dir_mode,
      purge   => $ssh::server::include_dir_purge,
      recurse => $ssh::server::include_dir_purge,
    }

[saz]

I've intentionally left this part out, as it wouldn't be required by any supported OS right now.

I suggest that this should be part of your PR.

For the testing part: I'm not able to help here, as I don't run Windows, but take your time to validate, that things are working properly.