update formatting to be consistent with upstream puppet emacs mode, if this is different from the vim
mode, then there is a difference between these two editor's formatting that needs to be resolved
This commit is contained in:
Micah Anderson
parent
50c52b8483
commit
1b2dcaf510
1 changed files with 152 additions and 151 deletions
|
|
@ -119,186 +119,187 @@
|
|||
# Default: empty -> not added.
|
||||
|
||||
class sshd {
|
||||
include sshd::client
|
||||
|
||||
case $operatingsystem {
|
||||
gentoo: { include sshd::gentoo }
|
||||
redhat: { include sshd::redhat }
|
||||
centos: { include sshd::centos }
|
||||
openbsd: { include sshd::openbsd }
|
||||
debian: { include sshd::debian }
|
||||
ubuntu: { include sshd::ubuntu }
|
||||
default: { include sshd::default }
|
||||
}
|
||||
include sshd::client
|
||||
|
||||
case $operatingsystem {
|
||||
gentoo: { include sshd::gentoo }
|
||||
redhat: { include sshd::redhat }
|
||||
centos: { include sshd::centos }
|
||||
openbsd: { include sshd::openbsd }
|
||||
debian: { include sshd::debian }
|
||||
ubuntu: { include sshd::ubuntu }
|
||||
default: { include sshd::default }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
class sshd::base {
|
||||
# prepare variables to use in templates
|
||||
case $sshd_listen_address {
|
||||
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
|
||||
}
|
||||
case $sshd_allowed_users {
|
||||
'': { $sshd_allowed_users = '' }
|
||||
}
|
||||
case $sshd_allowed_groups {
|
||||
'': { $sshd_allowed_groups = '' }
|
||||
}
|
||||
case $sshd_use_pam {
|
||||
'': { $sshd_use_pam = 'no' }
|
||||
}
|
||||
case $sshd_permit_root_login {
|
||||
'': { $sshd_permit_root_login = 'without-password' }
|
||||
}
|
||||
case $sshd_password_authentication {
|
||||
'': { $sshd_password_authentication = 'no' }
|
||||
}
|
||||
case $sshd_tcp_forwarding {
|
||||
'': { $sshd_tcp_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_x11_forwarding {
|
||||
'': { $sshd_x11_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_agent_forwarding {
|
||||
'': { $sshd_agent_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_challenge_response_authentication {
|
||||
'': { $sshd_challenge_response_authentication = 'no' }
|
||||
}
|
||||
case $sshd_pubkey_authentication {
|
||||
'': { $sshd_pubkey_authentication = 'yes' }
|
||||
}
|
||||
case $sshd_rsa_authentication {
|
||||
'': { $sshd_rsa_authentication = 'no' }
|
||||
}
|
||||
case $sshd_strict_modes {
|
||||
'': { $sshd_strict_modes = 'yes' }
|
||||
}
|
||||
case $sshd_ignore_rhosts {
|
||||
'': { $sshd_ignore_rhosts = 'yes' }
|
||||
}
|
||||
case $sshd_rhosts_rsa_authentication {
|
||||
'': { $sshd_rhosts_rsa_authentication = 'no' }
|
||||
}
|
||||
case $sshd_hostbased_authentication {
|
||||
'': { $sshd_hostbased_authentication = 'no' }
|
||||
}
|
||||
case $sshd_permit_empty_passwords {
|
||||
'': { $sshd_permit_empty_passwords = 'no' }
|
||||
}
|
||||
case $sshd_port {
|
||||
'': { $sshd_port = 22 }
|
||||
}
|
||||
case $sshd_authorized_keys_file {
|
||||
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
|
||||
}
|
||||
case $sshd_sftp_subsystem {
|
||||
'': { $sshd_sftp_subsystem = '' }
|
||||
}
|
||||
case $sshd_additional_options {
|
||||
'': { $sshd_additional_options = '' }
|
||||
}
|
||||
|
||||
file { 'sshd_config':
|
||||
path => '/etc/ssh/sshd_config',
|
||||
owner => root,
|
||||
group => 0,
|
||||
mode => 600,
|
||||
content => $lsbdistcodename ? {
|
||||
'' => template("sshd/sshd_config/${operatingsystem}.erb"),
|
||||
default => template ("sshd/sshd_config/${operatingsystem}_${lsbdistcodename}.erb"),
|
||||
},
|
||||
notify => Service[sshd],
|
||||
}
|
||||
# Now add the key, if we've got one
|
||||
case $sshrsakey_key {
|
||||
'': { info("no sshrsakey on $fqdn") }
|
||||
default: {
|
||||
@@sshkey{"$hostname.$domain":
|
||||
type => ssh-rsa,
|
||||
key => $sshrsakey_key,
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
}
|
||||
service{'sshd':
|
||||
name => 'sshd',
|
||||
enable => true,
|
||||
ensure => running,
|
||||
hasstatus => true,
|
||||
require => File[sshd_config],
|
||||
# prepare variables to use in templates
|
||||
case $sshd_listen_address {
|
||||
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
|
||||
}
|
||||
case $sshd_allowed_users {
|
||||
'': { $sshd_allowed_users = '' }
|
||||
}
|
||||
case $sshd_allowed_groups {
|
||||
'': { $sshd_allowed_groups = '' }
|
||||
}
|
||||
case $sshd_use_pam {
|
||||
'': { $sshd_use_pam = 'no' }
|
||||
}
|
||||
case $sshd_permit_root_login {
|
||||
'': { $sshd_permit_root_login = 'without-password' }
|
||||
}
|
||||
case $sshd_password_authentication {
|
||||
'': { $sshd_password_authentication = 'no' }
|
||||
}
|
||||
case $sshd_tcp_forwarding {
|
||||
'': { $sshd_tcp_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_x11_forwarding {
|
||||
'': { $sshd_x11_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_agent_forwarding {
|
||||
'': { $sshd_agent_forwarding = 'no' }
|
||||
}
|
||||
case $sshd_challenge_response_authentication {
|
||||
'': { $sshd_challenge_response_authentication = 'no' }
|
||||
}
|
||||
case $sshd_pubkey_authentication {
|
||||
'': { $sshd_pubkey_authentication = 'yes' }
|
||||
}
|
||||
case $sshd_rsa_authentication {
|
||||
'': { $sshd_rsa_authentication = 'no' }
|
||||
}
|
||||
case $sshd_strict_modes {
|
||||
'': { $sshd_strict_modes = 'yes' }
|
||||
}
|
||||
case $sshd_ignore_rhosts {
|
||||
'': { $sshd_ignore_rhosts = 'yes' }
|
||||
}
|
||||
case $sshd_rhosts_rsa_authentication {
|
||||
'': { $sshd_rhosts_rsa_authentication = 'no' }
|
||||
}
|
||||
case $sshd_hostbased_authentication {
|
||||
'': { $sshd_hostbased_authentication = 'no' }
|
||||
}
|
||||
case $sshd_permit_empty_passwords {
|
||||
'': { $sshd_permit_empty_passwords = 'no' }
|
||||
}
|
||||
case $sshd_port {
|
||||
'': { $sshd_port = 22 }
|
||||
}
|
||||
case $sshd_authorized_keys_file {
|
||||
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
|
||||
}
|
||||
case $sshd_sftp_subsystem {
|
||||
'': { $sshd_sftp_subsystem = '' }
|
||||
}
|
||||
case $sshd_additional_options {
|
||||
'': { $sshd_additional_options = '' }
|
||||
}
|
||||
|
||||
file { 'sshd_config':
|
||||
path => '/etc/ssh/sshd_config',
|
||||
owner => root,
|
||||
group => 0,
|
||||
mode => 600,
|
||||
content => $lsbdistcodename ? {
|
||||
'' => template("sshd/sshd_config/${operatingsystem}.erb"),
|
||||
default => template ("sshd/sshd_config/${operatingsystem}_${lsbdistcodename}.erb"),
|
||||
},
|
||||
notify => Service[sshd],
|
||||
}
|
||||
# Now add the key, if we've got one
|
||||
case $sshrsakey_key {
|
||||
'': { info("no sshrsakey on $fqdn") }
|
||||
default: {
|
||||
@@sshkey{"$hostname.$domain":
|
||||
type => ssh-rsa,
|
||||
key => $sshrsakey_key,
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
}
|
||||
service{'sshd':
|
||||
name => 'sshd',
|
||||
enable => true,
|
||||
ensure => running,
|
||||
hasstatus => true,
|
||||
require => File[sshd_config],
|
||||
}
|
||||
}
|
||||
|
||||
class sshd::linux inherits sshd::base {
|
||||
package{openssh:
|
||||
ensure => present,
|
||||
}
|
||||
File[sshd_config]{
|
||||
require +> Package[openssh],
|
||||
}
|
||||
package{openssh:
|
||||
ensure => present,
|
||||
}
|
||||
File[sshd_config]{
|
||||
require +> Package[openssh],
|
||||
}
|
||||
}
|
||||
|
||||
class sshd::gentoo inherits sshd::linux {
|
||||
Package[openssh]{
|
||||
category => 'net-misc',
|
||||
}
|
||||
Package[openssh]{
|
||||
category => 'net-misc',
|
||||
}
|
||||
}
|
||||
|
||||
class sshd::debian inherits sshd::linux {
|
||||
|
||||
|
||||
# the templates for Debian need lsbdistcodename
|
||||
include assert_lsbdistcodename
|
||||
|
||||
Package[openssh]{
|
||||
name => 'openssh-server',
|
||||
}
|
||||
Service[sshd]{
|
||||
name => 'ssh',
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
}
|
||||
Package[openssh]{
|
||||
name => 'openssh-server',
|
||||
}
|
||||
Service[sshd]{
|
||||
name => 'ssh',
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
}
|
||||
}
|
||||
class sshd::ubuntu inherits sshd::debian {}
|
||||
|
||||
class sshd::redhat inherits sshd::linux {
|
||||
Package[openssh]{
|
||||
name => 'openssh-server',
|
||||
}
|
||||
Package[openssh]{
|
||||
name => 'openssh-server',
|
||||
}
|
||||
}
|
||||
class sshd::centos inherits sshd::redhat {}
|
||||
|
||||
class sshd::openbsd inherits sshd::base {
|
||||
Service[sshd]{
|
||||
restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
|
||||
stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
|
||||
start => '/usr/sbin/sshd',
|
||||
hasstatus => false,
|
||||
}
|
||||
Service[sshd]{
|
||||
restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
|
||||
stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
|
||||
start => '/usr/sbin/sshd',
|
||||
hasstatus => false,
|
||||
}
|
||||
}
|
||||
|
||||
### defines
|
||||
# wrapper to have some defaults.
|
||||
define sshd::ssh_authorized_key(
|
||||
$type = 'ssh-dss',
|
||||
$key,
|
||||
$user = 'root',
|
||||
$target = undef,
|
||||
$options = 'absent'
|
||||
){
|
||||
ssh_authorized_key{$name:
|
||||
type => $type,
|
||||
key => $key,
|
||||
user => $user,
|
||||
target => $target,
|
||||
}
|
||||
|
||||
case $options {
|
||||
'absent': { info("not setting any option for ssh_authorized_key: $name") }
|
||||
default: {
|
||||
Ssh_authorized_key[$name]{
|
||||
options => $options,
|
||||
}
|
||||
}
|
||||
$type = 'ssh-dss',
|
||||
$key,
|
||||
$user = 'root',
|
||||
$target = undef,
|
||||
$options = 'absent'
|
||||
)
|
||||
{
|
||||
ssh_authorized_key{$name:
|
||||
type => $type,
|
||||
key => $key,
|
||||
user => $user,
|
||||
target => $target,
|
||||
}
|
||||
|
||||
case $options {
|
||||
'absent': { info("not setting any option for ssh_authorized_key: $name") }
|
||||
default: {
|
||||
Ssh_authorized_key[$name]{
|
||||
options => $options,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue