diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 22 | ||||
| -rw-r--r-- | manifests/client.pp | 2 | ||||
| -rw-r--r-- | manifests/client/base.pp | 5 | ||||
| -rw-r--r-- | manifests/init.pp | 9 |
4 files changed, 28 insertions, 10 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 2ac2385..848e547 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -10,18 +10,24 @@ class sshd::base { } # Now add the key, if we've got one - case $sshrsakey_key { + case $sshrsakey { '': { info("no sshrsakey on $fqdn") } default: { - @@sshkey{"$hostname.$domain": - type => ssh-rsa, - key => $sshrsakey_key, + @@sshkey{"$fqdn": + tag => "fqdn", + type => ssh-rsa, + key => $sshrsakey, ensure => present, } - @@sshkey{"$ipaddress": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, + # In case the node has uses a shared network address, + # we don't define a sshkey resource using an IP address + if $sshd_shared_ip == "no" { + @@sshkey{"$ipaddress": + tag => "ipaddress", + type => ssh-rsa, + key => $sshrsakey, + ensure => present, + } } } } diff --git a/manifests/client.pp b/manifests/client.pp index 31785e9..0d1d198 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -6,7 +6,7 @@ class sshd::client { default: { case $kernel { linux: { include sshd::client::linux } - default: { include sshd::client::base } + default: { include sshd::client::base } } } } diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 64d4f6f..1fe2b14 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -4,5 +4,8 @@ class sshd::client::base { } # Now collect all server keys - Sshkey <<||>> + case $sshd_shared_ip { + no: { Sshkey <<||>> } + yes: { Sshkey <<| tag == "fqdn" |>> } + } } diff --git a/manifests/init.pp b/manifests/init.pp index e933a46..af25e9e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -92,6 +92,15 @@ class sshd { case $sshd_ensure_version { '': { $sshd_ensure_version = "present" } } + case $sshd_print_motd { + '': { $sshd_print_motd = "yes" } + } + case $sshd_shared_ip { + '': { $sshd_shared_ip = "no" } + } + case $sshd_use_strong_ciphers { + '': { $sshd_use_strong_ciphers = "no" } + } include sshd::client |