diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/client/base.pp | 3 | ||||
| -rw-r--r-- | manifests/debian.pp | 3 | ||||
| -rw-r--r-- | manifests/init.pp | 34 |
3 files changed, 29 insertions, 11 deletions
diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 33d9f9e..64d4f6f 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,7 +1,6 @@ class sshd::client::base { # this is needed because the gid might have changed - file { '/etc/ssh/ssh_known_hosts': - owner => root, group => 0, mode => 0644; + config_file { '/etc/ssh/ssh_known_hosts': } # Now collect all server keys diff --git a/manifests/debian.pp b/manifests/debian.pp index 0cc4ede..43dc26c 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -9,8 +9,7 @@ class sshd::debian inherits sshd::linux { $sshd_restartandstatus = $lsbdistcodename ? { etch => false, - lenny => true, - default => false + default => true } Service[sshd]{ diff --git a/manifests/init.pp b/manifests/init.pp index 3352820..64d1be4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,7 @@ # # ssh module # -# Copyright 2008, micah@riseup.net +# Copyright 2008-2009, micah@riseup.net # Copyright 2008, admin(at)immerda.ch # Copyright 2008, Puzzle ITC GmbH # Marcel Härry haerry+puppet(at)puzzle.ch @@ -26,7 +26,7 @@ # # $sshd_listen_address = ['10.0.0.1 192.168.0.1'] # $sshd_use_pam = yes -# include sshd::debian +# include sshd # # If you need to install a version of the ssh daemon or client package other than # the default one that would be installed by 'ensure => installed', then you can @@ -35,6 +35,14 @@ # $sshd_ensure_version = "1:5.2p2-6" # $ssh_ensure_version = "1:5.2p2-6" # +# To have nagios checks setup automatically for sshd services, simply +# set $use_nagios = true before the class is included. If you want to +# disable ssh nagios checking for a particular node (such as when ssh +# is firewalled), then you can set $nagios_check_ssh to false and that +# node will not be monitored. +# NOTE: this requires that you are using the nagios puppet module +# which supports the nagios native types via nagios::service +# # The following is a list of the currently available variables: # # sshd_listen_address: specify the addresses sshd should listen on @@ -110,8 +118,11 @@ # Valid Values: yes or no # Default: no # -# sshd_port: If you want to specify a different port than the default 22 -# Default: 22 +# sshd_port: Deprecated, use sshd_ports instead. +# +# sshd_ports: If you want to specify a list of ports other than the default 22 +# Default: [22] +# # # sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) # Default: AuthorizedKeysFile %h/.ssh/authorized_keys @@ -185,8 +196,14 @@ class sshd { case $sshd_permit_empty_passwords { '': { $sshd_permit_empty_passwords = 'no' } } - case $sshd_port { - '': { $sshd_port = 22 } + if ( $sshd_port != '' ) and ( $sshd_ports != []) { + err("Cannot use sshd_port and sshd_ports at the same time.") + } + if $sshd_port != '' { + $sshd_ports = [ $sshd_port ] + } + elsif $sshd_port == [] { + $sshd_ports = [ 22 ] } case $sshd_authorized_keys_file { '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } @@ -216,9 +233,12 @@ class sshd { } if $use_nagios { + define sshd::nagios { + nagios::service{ "ssh_port_${name}": check_command => "check_ssh_port!$name" } + } case $nagios_check_ssh { false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) } - default: { nagios::service{ "ssh_port_${sshd_port}": check_command => "check_ssh_port!$sshd_port" } } + default: { sshd::nagios{$sshd_ports:} } } } |