merged with puzzle

git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
author: mh <mh@d66ca3ae-40d7-4aa7-90d4-87d79ca94279> 2008-06-13 21:01:39 +0000
committer: mh <mh@d66ca3ae-40d7-4aa7-90d4-87d79ca94279> 2008-06-13 21:01:39 +0000
commit: ece3afde12bea114ea36be3186c069ed8403317b (patch)
tree: 7cd48024eefac2af137f142c59b1fdef7f7eb941 /manifests
parent: 2e38f51bd6eb0b6a83a07dc55fb592848155730f (diff)
download: puppet-sshd-ece3afde12bea114ea36be3186c069ed8403317b.tar.gz
puppet-sshd-ece3afde12bea114ea36be3186c069ed8403317b.tar.bz2
1 files changed, 89 insertions, 61 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index b040e75..4539dd6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,8 +1,48 @@
-# modules/ssh/manifests/init.pp - manage ssh stuff
-# Copyright (C) 2007 admin@immerda.ch
 #
-
-#modules_dir { "sshd": }
+# ssh module
+#
+# Copyright 2008, admin(at)immerda.ch
+# Copyright 2008, Puzzle ITC GmbH
+# Marcel Härry haerry+puppet(at)puzzle.ch
+# Simon Josi josi+puppet(at)puzzle.ch
+#
+# This program is free software; you can redistribute 
+# it and/or modify it under the terms of the GNU 
+# General Public License version 3 as published by 
+# the Free Software Foundation.
+#
+# Deploy authorized_keys file with the define
+#     sshd::deploy_auth_key
+# 
+# shdd-config:
+#
+# The configuration of the sshd is rather strict and
+# might not fit all needs. However there are a bunch 
+# of variables, which you might consider to configure. 
+# Checkout the following:
+#
+# sshd_allowed_users:           list of usernames separated by spaces. 
+#                               set this for example to "foobar root"
+#                               to ensure that only user foobar and root
+#                               might login. 
+#                               Default: empty -> no restriction is set
+# 
+# sshd_use_pam:                 if you want to use pam or not for authenticaton
+#                               Values: no or yes. 
+#                               Default: no
+#
+# sshd_permit_root_login:       If you want to allow root logins or not.
+#                               Valid values: yes, no, without-password, forced-commands-only
+#                               Default: without-password
+#
+# sshd_password_authentication: If you want to enable password authentication or not
+#                               Valid values: yes or no
+#                               Default: no
+# 
+# sshd_x11_forwarding:          If you want to enable x11 forwarding 
+#                               Valid Values: yes or no
+#                               Default: no
+#
 
 class sshd {
     case $operatingsystem {
@@ -18,14 +58,26 @@ class sshd {
 
 
 class sshd::base {
-	$real_sshd_config_source = $sshd_config_source ? {
-	    '' => "sshd/sshd_config/${operatingsystem}_normal.erb",
-    	default => $source,
-	}
-
+    # prepare variables to use in templates 
     $real_sshd_allowed_users = $sshd_allowed_users ? {
-        ''  => 'root',
-    	default => $sshd_allowed_users,
+        ''  => '',
+        default => $sshd_allowed_users
+    }
+    $real_sshd_use_pam = $sshd_use_pam ? {
+        '' => 'no',
+        default => $sshd_use_pam
+    }
+    $real_sshd_permit_root_login = $sshd_permit_root_login ? {
+        '' => 'without-password',
+        default => $sshd_permit_root_login
+    }
+    $real_sshd_password_authentication = $sshd_password_authentication ? {
+        '' => 'no',
+        default => $sshd_password_authentication
+    }
+    $real_sshd_x11_forwarding = $sshd_x11_forwarding ? {
+        '' => 'no',
+        default => $sshd_x11_forwarding
     }
 
     file { 'sshd_config':
@@ -33,17 +85,24 @@ class sshd::base {
         owner => root,
         group => 0,
         mode => 600,
-        content => template("${real_sshd_config_source}"),
+        content => template("sshd/sshd_config/${operatingsystem}_normal.erb"),
+        notify => Service[sshd],
     }
+    service{'sshd':
+        name => 'sshd',
+        enable => true,
+        ensure => running,
+        hasstatus => true,
+		require => File[sshd_config],
+     }
 }
 
 class sshd::linux inherits sshd::base {
     package{openssh:
 	    ensure => present,
 	}
-    include sshd::service
     File[sshd_config]{
-        notify => Service[sshd],
+        require +> Package[openssh],
     }
 }
 
@@ -57,6 +116,10 @@ class sshd::debian inherits sshd::linux {
     Package[openssh]{
         name => 'openssh-server',
     }
+    Service[sshd]{
+        name => 'ssh',
+        hasstatus => false,
+    }
 }
 class sshd::ubuntu inherits sshd::debian {}
 
@@ -68,77 +131,42 @@ class sshd::redhat inherits sshd::linux {
 class sshd::centos inherits sshd::redhat {}
 
 class sshd::openbsd inherits sshd::base {
-    exec{sshd_refresh:
-        command => "/bin/kill -HUP `/bin/cat /var/run/sshd.pid`",
-	    refreshonly => true,
-    }
-    File[sshd_config]{
-        notify => Exec[sshd_refresh],
-    }
-}
-
-### service stuff 
-class sshd::service {
-    case $operatingsystem {
-        debian: { include sshd::service::debian }
-        ubuntu: { include sshd::service::ubuntu }
-        default: { include sshd::service::base }
-    }
-}
-
-class sshd::service::base {
-    service{'sshd':
-        name => 'sshd',
-        enable => true,
-        ensure => running,
-        hasstatus => true,
-		require => Package[openssh],
-     }
-}
-
-class sshd::service::debian inherits sshd::service::base {
     Service[sshd]{
-        name => 'ssh',
+        restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
+	    stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
+        start => '/usr/sbin/sshd',
         hasstatus => false,
     }
 }
-class sshd::service::ubuntu inherits sshd::service::debian {}
 
 ### defines 
 define sshd::deploy_auth_key(
-        $source = '', 
         $user = 'root', 
         $target_dir = '/root/.ssh/', 
-        $group = '' ) {
+        $group = 0 ) {
 
         $real_target = $target_dir ? {
                 '' => "/home/$user/.ssh/",
                 default => $target_dir,
         }
 
-        $real_group = $group ? {
-                '' => 0,
-                default => $group,
-        }
-
-        $real_source = $source ? {
-            '' => [ "puppet://$server/files/sshd/authorized_keys/${name}",
-                    "puppet://$server/sshd/authorized_keys/${name}" ],
-            default => "puppet://$server/$source",
-        }
-
         file {$real_target:
                 ensure => directory,
                 owner => $user,
-                group => $real_group,
+                group => $group,
                 mode => 700,
         }
 
         file {"authorized_keys_${user}":
                 path => "$real_target/authorized_keys",
                 owner => $user,
-                group => $real_group,
+                group => $group,
                 mode => 600,
-                source => $real_source,
+                source => [ "puppet://$server/files/sshd/authorized_keys/${name}",
+                    "puppet://$server/files/sshd/authorized_keys/${fqdn}",
+                    "puppet://$server/files/sshd/authorized_keys/default",
+                    "puppet://$server/sshd/authorized_keys/${name}",
+                    "puppet://$server/sshd/authorized_keys/${fqdn}",
+                    "puppet://$server/sshd/authorized_keys/default" ],
         }
 }
author	mh <mh@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>	2008-06-13 21:01:39 +0000
committer	mh <mh@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>	2008-06-13 21:01:39 +0000
commit	ece3afde12bea114ea36be3186c069ed8403317b (patch)
tree	7cd48024eefac2af137f142c59b1fdef7f7eb941 /manifests
parent	2e38f51bd6eb0b6a83a07dc55fb592848155730f (diff)
download	puppet-sshd-ece3afde12bea114ea36be3186c069ed8403317b.tar.gz puppet-sshd-ece3afde12bea114ea36be3186c069ed8403317b.tar.bz2