New option sshd_ports that obsoletes sshd_port.

Backward compatibility is preserved.

7 files changed, 41 insertions, 17 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index 4f82542..abb1490 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -118,8 +118,11 @@
 # 				Valid Values: yes or no
 #				Default: no
 #
-# sshd_port:                    If you want to specify a different port than the default 22
-#                               Default: 22
+# sshd_port:                    Deprecated, use sshd_ports instead.
+#
+# sshd_ports:                   If you want to specify a list of ports other than the default 22
+#                               Default: [22]
+#
 #
 # sshd_authorized_keys_file:    Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u)
 #                               Default: AuthorizedKeysFile	%h/.ssh/authorized_keys
@@ -193,8 +196,14 @@ class sshd {
   case $sshd_permit_empty_passwords {
     '': { $sshd_permit_empty_passwords = 'no' }
   }
-  case $sshd_port {
-    '': { $sshd_port = 22 }
+  if ( $sshd_port != '' ) && ( $sshd_ports != []) {
+      err("Cannot use sshd_port and sshd_ports at the same time.")
+  }
+  if $sshd_port != '' {
+      $sshd_ports = [ $sshd_port ]
+  }
+  elsif $sshd_port == [] {
+      $sshd_ports = [ 22 ]
   }
   case $sshd_authorized_keys_file {
     '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
@@ -224,9 +233,12 @@ class sshd {
   }
 
   if $use_nagios {
+    define sshd::nagios {
+        nagios::service{ "ssh_port_${name}": check_command => "check_ssh_port!$name" }
+    }
     case $nagios_check_ssh {
       false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
-      default: { nagios::service{ "ssh_port_${sshd_port}": check_command => "check_ssh_port!$sshd_port" } }
+      default: { sshd::nagios($sshd_ports:) }
     }
   }
 
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 9d02a3f..da8bb9a 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -16,11 +16,13 @@
 
 # only protocol 2
 Protocol 2
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index 9fef401..391328b 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -6,11 +6,13 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 4bb9c87..13264cc 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -6,11 +6,13 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 0b91514..439919f 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -6,11 +6,13 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 291b2ea..9058aea 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -14,11 +14,13 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index c0517f4..3d57097 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -12,11 +12,13 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port -%>
 <% end -%>
+<%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>