diff options
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 157 |
1 files changed, 11 insertions, 146 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 386bd77..83b26c1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -133,22 +133,7 @@ # Default: empty -> not added. class sshd { - include sshd::client - - case $operatingsystem { - gentoo: { include sshd::gentoo } - redhat: { include sshd::redhat } - centos: { include sshd::centos } - openbsd: { include sshd::openbsd } - debian: { include sshd::debian } - ubuntu: { include sshd::ubuntu } - default: { include sshd::default } - } -} - - -class sshd::base { - # prepare variables to use in templates + # prepare variables to use in templates case $sshd_listen_address { '': { $sshd_listen_address = [ '0.0.0.0', '::' ] } } @@ -219,41 +204,17 @@ class sshd::base { '': { $sshd_ensure_version = "present" } } - file { 'sshd_config': - path => '/etc/ssh/sshd_config', - owner => root, - group => 0, - mode => 600, - content => $lsbdistcodename ? { - '' => template("sshd/sshd_config/${operatingsystem}.erb"), - default => template ("sshd/sshd_config/${operatingsystem}_${lsbdistcodename}.erb"), - }, - notify => Service[sshd], - } - # Now add the key, if we've got one - case $sshrsakey { - '': { warning("no sshrsakey on $fqdn") } - default: { - @@sshkey{"$hostname.$domain": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, - } - @@sshkey{"$ipaddress": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, - } - } - } - service{'sshd': - name => 'sshd', - enable => true, - ensure => running, - hasstatus => true, - require => File[sshd_config], + include sshd::client + + case $operatingsystem { + gentoo: { include sshd::gentoo } + redhat,centos: { include sshd::redhat } + centos: { include sshd::centos } + openbsd: { include sshd::openbsd } + debian,ubuntu: { include sshd::debian } + default: { include sshd::default } } - + if $use_nagios { case $nagios_check_ssh { 'false': { info("We don't do nagioschecks for ssh on ${fqdn}" ) } @@ -261,99 +222,3 @@ class sshd::base { } } } - -class sshd::linux inherits sshd::base { - if $sshd_ensure_version == '' { $sshd_ensure_version = 'installed' } - package {'openssh': - ensure => $sshd_ensure_version, - } - File[sshd_config]{ - require +> Package[openssh], - } -} - -class sshd::gentoo inherits sshd::linux { - Package[openssh]{ - category => 'net-misc', - } -} - -class sshd::debian inherits sshd::linux { - - # the templates for Debian need lsbdistcodename - include assert_lsbdistcodename - - Package[openssh]{ - name => 'openssh-server', - } - - $sshd_restartandstatus = $lsbdistcodename ? { - etch => false, - lenny => true, - default => false - } - - Service[sshd]{ - name => 'ssh', - pattern => 'sshd', - hasstatus => $sshd_restartandstatus, - hasrestart => $sshd_restartandstatus, - } -} -class sshd::ubuntu inherits sshd::debian {} - -class sshd::redhat inherits sshd::linux { - Package[openssh]{ - name => 'openssh-server', - } -} -class sshd::centos inherits sshd::redhat {} - -class sshd::openbsd inherits sshd::base { - Service[sshd]{ - restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`', - stop => '/bin/kill `/bin/cat /var/run/sshd.pid`', - start => '/usr/sbin/sshd', - hasstatus => false, - } -} - -### defines -# wrapper to have some defaults. -define sshd::ssh_authorized_key( - $type = 'ssh-dss', - $key, - $user = '', - $target = undef, - $options = 'absent' - ) -{ - $real_user = $user ? { - false => $name, - "" => $name, - default => $user, - } - case $target { - undef: { - $real_target = "/home/$real_user/.ssh/authorized_keys" - } - default: { - $real_target = $target - } - } - ssh_authorized_key{$name: - type => $type, - key => $key, - user => $real_user, - target => $real_target, - } - - case $options { - 'absent': { info("not setting any option for ssh_authorized_key: $name") } - default: { - Ssh_authorized_key[$name]{ - options => $options, - } - } - } -} |