From 23efb583bf565f12361e929f1a2d1fca61f4d3bb Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 16 Oct 2010 16:01:24 +0200 Subject: Cleanup templates: sshd_port is guaranteed by init.pp not to be empty. --- templates/sshd_config/OpenBSD.erb | 4 ---- 1 file changed, 4 deletions(-) (limited to 'templates/sshd_config/OpenBSD.erb') diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index 69e8afa..c0517f4 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -12,15 +12,11 @@ <%= sshd_head_additional_options %> <%- end %> -<%- unless sshd_port.to_s.empty? then -%> <%- if sshd_port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> Port <%= sshd_port -%> <% end -%> -<%- else -%> -Port 22 -<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> -- cgit v1.2.3 From a643172a794c9a1ff7602e9b4d3b220867684f54 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 16 Oct 2010 16:05:00 +0200 Subject: New option sshd_ports that obsoletes sshd_port. Backward compatibility is preserved. --- manifests/init.pp | 22 +++++++++++++++++----- templates/sshd_config/CentOS.erb | 6 ++++-- templates/sshd_config/Debian_etch.erb | 6 ++++-- templates/sshd_config/Debian_lenny.erb | 6 ++++-- templates/sshd_config/Debian_squeeze.erb | 6 ++++-- templates/sshd_config/Gentoo.erb | 6 ++++-- templates/sshd_config/OpenBSD.erb | 6 ++++-- 7 files changed, 41 insertions(+), 17 deletions(-) (limited to 'templates/sshd_config/OpenBSD.erb') diff --git a/manifests/init.pp b/manifests/init.pp index 4f82542..abb1490 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -118,8 +118,11 @@ # Valid Values: yes or no # Default: no # -# sshd_port: If you want to specify a different port than the default 22 -# Default: 22 +# sshd_port: Deprecated, use sshd_ports instead. +# +# sshd_ports: If you want to specify a list of ports other than the default 22 +# Default: [22] +# # # sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) # Default: AuthorizedKeysFile %h/.ssh/authorized_keys @@ -193,8 +196,14 @@ class sshd { case $sshd_permit_empty_passwords { '': { $sshd_permit_empty_passwords = 'no' } } - case $sshd_port { - '': { $sshd_port = 22 } + if ( $sshd_port != '' ) && ( $sshd_ports != []) { + err("Cannot use sshd_port and sshd_ports at the same time.") + } + if $sshd_port != '' { + $sshd_ports = [ $sshd_port ] + } + elsif $sshd_port == [] { + $sshd_ports = [ 22 ] } case $sshd_authorized_keys_file { '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } @@ -224,9 +233,12 @@ class sshd { } if $use_nagios { + define sshd::nagios { + nagios::service{ "ssh_port_${name}": check_command => "check_ssh_port!$name" } + } case $nagios_check_ssh { false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) } - default: { nagios::service{ "ssh_port_${sshd_port}": check_command => "check_ssh_port!$sshd_port" } } + default: { sshd::nagios($sshd_ports:) } } } diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index 9d02a3f..da8bb9a 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -16,11 +16,13 @@ # only protocol 2 Protocol 2 -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 9fef401..391328b 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 4bb9c87..13264cc 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 0b91514..439919f 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -6,11 +6,13 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 291b2ea..9058aea 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -14,11 +14,13 @@ <%= sshd_head_additional_options %> <%- end %> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index c0517f4..3d57097 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -12,11 +12,13 @@ <%= sshd_head_additional_options %> <%- end %> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port -%> <% end -%> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> -- cgit v1.2.3 From 8cb562f87cf5a74ffb62e1fad8e5f6d200f723ab Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sat, 16 Oct 2010 22:32:25 +0200 Subject: Syntax fix. --- templates/sshd_config/CentOS.erb | 2 +- templates/sshd_config/Debian_etch.erb | 2 +- templates/sshd_config/Debian_lenny.erb | 2 +- templates/sshd_config/Debian_squeeze.erb | 2 +- templates/sshd_config/Gentoo.erb | 2 +- templates/sshd_config/OpenBSD.erb | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'templates/sshd_config/OpenBSD.erb') diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index da8bb9a..544effe 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -20,7 +20,7 @@ Protocol 2 <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 391328b..c148d08 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -10,7 +10,7 @@ <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 13264cc..e0b1917 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -10,7 +10,7 @@ <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 439919f..950a53c 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -10,7 +10,7 @@ <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 9058aea..768d3f5 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -18,7 +18,7 @@ <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index 3d57097..51662d3 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -16,7 +16,7 @@ <%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= port -%> +Port <%= port %> <% end -%> <%- end -%> -- cgit v1.2.3