aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorMicah <micah@riseup.net>2015-11-09 15:05:48 +0000
committerMicah <micah@riseup.net>2015-11-09 15:05:48 +0000
commitc2fd1a769e81284cc004f0192d38d5635b5c85e5 (patch)
tree0901bbc2648f488ed7ff0da0f5d40bbfeafc4437 /manifests
parentb3e81589eec604768e08ed56ce5ca42a4b33db89 (diff)
parentfe92ce01fabe2d1b6a966d119e24c07cd164b776 (diff)
downloadpuppet-sshd-c2fd1a769e81284cc004f0192d38d5635b5c85e5.tar.gz
puppet-sshd-c2fd1a769e81284cc004f0192d38d5635b5c85e5.tar.bz2
Merge branch 'disable_stored_config' into 'master'
[feat] Optinally disable exported resources If run masterless, we cannot export resources, so we move them to an own class. Including it can be disabled by passing "use_storedconfig" to the sshd class. See merge request !21
Diffstat (limited to 'manifests')
-rw-r--r--manifests/base.pp18
-rw-r--r--manifests/init.pp3
-rw-r--r--manifests/sshkey.pp21
3 files changed, 26 insertions, 16 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 6dddedf..abd4fb8 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -25,21 +25,9 @@ class sshd::base {
case $::sshrsakey {
'': { info("no sshrsakey on ${::fqdn}") }
default: {
- @@sshkey{$::fqdn:
- ensure => present,
- tag => 'fqdn',
- type => ssh-rsa,
- key => $::sshrsakey,
- }
- # In case the node has uses a shared network address,
- # we don't define a sshkey resource using an IP address
- if $sshd::shared_ip == 'no' {
- @@sshkey{$sshd::sshkey_ipaddress:
- ensure => present,
- tag => 'ipaddress',
- type => ssh-rsa,
- key => $::sshrsakey,
- }
+ # only export sshkey when storedconfigs is enabled
+ if $::sshd::use_storedconfigs {
+ include ::ssh::sshkey
}
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 2dfc71c..b415741 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -52,7 +52,8 @@ class sshd(
$hostkey_type = versioncmp($::ssh_version, '6.5') ? {
/(^1|0)/ => [ 'rsa', 'ed25519' ],
/-1/ => [ 'rsa', 'dsa' ]
- }
+ },
+ $use_storedconfigs = true
) {
validate_bool($manage_shorewall)
diff --git a/manifests/sshkey.pp b/manifests/sshkey.pp
new file mode 100644
index 0000000..df37a66
--- /dev/null
+++ b/manifests/sshkey.pp
@@ -0,0 +1,21 @@
+# deploys the
+class sshd::sshkey {
+
+ @@sshkey{$::fqdn:
+ ensure => present,
+ tag => 'fqdn',
+ type => 'ssh-rsa',
+ key => $::sshrsakey,
+ }
+
+ # In case the node has uses a shared network address,
+ # we don't define a sshkey resource using an IP address
+ if $sshd::shared_ip == 'no' {
+ @@sshkey{$::sshd::sshkey_ipaddress:
+ ensure => present,
+ tag => 'ipaddress',
+ type => 'ssh-rsa',
+ key => $::sshrsakey,
+ }
+ }
+}