opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

factor everything into its own file

Browse source
This commit is contained in:
mh 2009-09-29 19:53:04 +02:00 committed by Micah Anderson
parent 57eae8bc84
commit 5e20e07d1f
12 changed files with 196 additions and 203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
manifests/base.pp Normal file
View file

@ -0,0 +1,96 @@
class sshd::base {
# prepare variables to use in templates
case $sshd_listen_address {
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
}
case $sshd_allowed_users {
'': { $sshd_allowed_users = '' }
}
case $sshd_allowed_groups {
'': { $sshd_allowed_groups = '' }
}
case $sshd_use_pam {
'': { $sshd_use_pam = 'no' }
}
case $sshd_permit_root_login {
'': { $sshd_permit_root_login = 'without-password' }
}
case $sshd_password_authentication {
'': { $sshd_password_authentication = 'no' }
}
case $sshd_tcp_forwarding {
'': { $sshd_tcp_forwarding = 'no' }
}
case $sshd_x11_forwarding {
'': { $sshd_x11_forwarding = 'no' }
}
case $sshd_agent_forwarding {
'': { $sshd_agent_forwarding = 'no' }
}
case $sshd_challenge_response_authentication {
'': { $sshd_challenge_response_authentication = 'no' }
}
case $sshd_pubkey_authentication {
'': { $sshd_pubkey_authentication = 'yes' }
}
case $sshd_rsa_authentication {
'': { $sshd_rsa_authentication = 'no' }
}
case $sshd_strict_modes {
'': { $sshd_strict_modes = 'yes' }
}
case $sshd_ignore_rhosts {
'': { $sshd_ignore_rhosts = 'yes' }
}
case $sshd_rhosts_rsa_authentication {
'': { $sshd_rhosts_rsa_authentication = 'no' }
}
case $sshd_hostbased_authentication {
'': { $sshd_hostbased_authentication = 'no' }
}
case $sshd_permit_empty_passwords {
'': { $sshd_permit_empty_passwords = 'no' }
}
case $sshd_port {
'': { $sshd_port = 22 }
}
case $sshd_authorized_keys_file {
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
}
case $sshd_sftp_subsystem {
'': { $sshd_sftp_subsystem = '' }
}
case $sshd_additional_options {
'': { $sshd_additional_options = '' }
}
file { 'sshd_config':
path => '/etc/ssh/sshd_config',
owner => root,
group => 0,
mode => 600,
content => $lsbdistcodename ? {
'' => template("sshd/sshd_config/${operatingsystem}.erb"),
default => template ("sshd/sshd_config/${operatingsystem}_${lsbdistcodename}.erb"),
},
notify => Service[sshd],
}
# Now add the key, if we've got one
case $sshrsakey_key {
'': { info("no sshrsakey on $fqdn") }
default: {
@@sshkey{"$hostname.$domain":
type => ssh-rsa,
key => $sshrsakey_key,
ensure => present,
}
}
}
service{'sshd':
name => 'sshd',
enable => true,
ensure => running,
hasstatus => true,
require => File[sshd_config],
}
}

23
manifests/client.pp
View file

@ -10,26 +10,7 @@ class sshd::client {
}
}
}
}
class sshd::client::base {
# this is needed because the gid might have changed
file { '/etc/ssh/ssh_known_hosts':
mode => 0644, owner => root, group => 0;
}
# Now collect all server keys
Sshkey <<||>>
}
class sshd::client::linux inherits sshd::client::base {
package {'openssh-clients':
ensure => installed,
}
}
class sshd::client::debian inherits sshd::client::linux {
Package['openssh-clients']{
name => 'openssh-client',
if $use_shorewall{
include shorewall::rules::out::ssh
}
}

9
manifests/client/base.pp Normal file
View file

@ -0,0 +1,9 @@
class sshd::client::base {
# this is needed because the gid might have changed
file { '/etc/ssh/ssh_known_hosts':
mode => 0644, owner => root, group => 0;
}
# Now collect all server keys
Sshkey <<||>>
}

5
manifests/client/debian.pp Normal file
View file

@ -0,0 +1,5 @@
class sshd::client::debian inherits sshd::client::linux {
Package['openssh-clients']{
name => 'openssh-client',
}
}

5
manifests/client/linux.pp Normal file
View file

@ -0,0 +1,5 @@
class sshd::client::linux inherits sshd::client::base {
package {'openssh-clients':
ensure => installed,
}
}

13
manifests/debian.pp Normal file
View file

@ -0,0 +1,13 @@
class sshd::debian inherits sshd::linux {
# the templates for Debian need lsbdistcodename
include assert_lsbdistcodename
Package[openssh]{
name => 'openssh-server',
}
Service[sshd]{
name => 'ssh',
hasstatus => false,
}
}

5
manifests/gentoo.pp Normal file
View file

@ -0,0 +1,5 @@
class sshd::gentoo inherits sshd::linux {
Package[openssh]{
category => 'net-misc',
}
}

186
manifests/init.pp
View file

@ -123,198 +123,20 @@ class sshd {
case $operatingsystem {
gentoo: { include sshd::gentoo }
redhat: { include sshd::redhat }
redhat,centos: { include sshd::redhat }
centos: { include sshd::centos }
openbsd: { include sshd::openbsd }
debian: { include sshd::debian }
ubuntu: { include sshd::ubuntu }
debian,ubuntu: { include sshd::debian }
default: { include sshd::default }
}
}
class sshd::base {
# prepare variables to use in templates
case $sshd_listen_address {
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
}
case $sshd_allowed_users {
'': { $sshd_allowed_users = '' }
}
case $sshd_allowed_groups {
'': { $sshd_allowed_groups = '' }
}
case $sshd_use_pam {
'': { $sshd_use_pam = 'no' }
}
case $sshd_permit_root_login {
'': { $sshd_permit_root_login = 'without-password' }
}
case $sshd_password_authentication {
'': { $sshd_password_authentication = 'no' }
}
case $sshd_tcp_forwarding {
'': { $sshd_tcp_forwarding = 'no' }
}
case $sshd_x11_forwarding {
'': { $sshd_x11_forwarding = 'no' }
}
case $sshd_agent_forwarding {
'': { $sshd_agent_forwarding = 'no' }
}
case $sshd_challenge_response_authentication {
'': { $sshd_challenge_response_authentication = 'no' }
}
case $sshd_pubkey_authentication {
'': { $sshd_pubkey_authentication = 'yes' }
}
case $sshd_rsa_authentication {
'': { $sshd_rsa_authentication = 'no' }
}
case $sshd_strict_modes {
'': { $sshd_strict_modes = 'yes' }
}
case $sshd_ignore_rhosts {
'': { $sshd_ignore_rhosts = 'yes' }
}
case $sshd_rhosts_rsa_authentication {
'': { $sshd_rhosts_rsa_authentication = 'no' }
}
case $sshd_hostbased_authentication {
'': { $sshd_hostbased_authentication = 'no' }
}
case $sshd_permit_empty_passwords {
'': { $sshd_permit_empty_passwords = 'no' }
}
case $sshd_port {
'': { $sshd_port = 22 }
}
case $sshd_authorized_keys_file {
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
}
case $sshd_sftp_subsystem {
'': { $sshd_sftp_subsystem = '' }
}
case $sshd_additional_options {
'': { $sshd_additional_options = '' }
}
file { 'sshd_config':
path => '/etc/ssh/sshd_config',
owner => root,
group => 0,
mode => 600,
content => $lsbdistcodename ? {
'' => template("sshd/sshd_config/${operatingsystem}.erb"),
default => template ("sshd/sshd_config/${operatingsystem}_${lsbdistcodename}.erb"),
},
notify => Service[sshd],
}
# Now add the key, if we've got one
case $sshrsakey_key {
'': { info("no sshrsakey on $fqdn") }
default: {
@@sshkey{"$hostname.$domain":
type => ssh-rsa,
key => $sshrsakey_key,
ensure => present,
}
}
}
service{'sshd':
name => 'sshd',
enable => true,
ensure => running,
hasstatus => true,
require => File[sshd_config],
}
if $use_nagios {
if $nagios_check_ssh {
nagios::service{ "ssh_${fqdn}_port_${sshd_port}": check_command => "ssh_port!$sshd_port" }
}
}
}
class sshd::linux inherits sshd::base {
package{openssh:
ensure => present,
}
File[sshd_config]{
require +> Package[openssh],
}
}
class sshd::gentoo inherits sshd::linux {
Package[openssh]{
category => 'net-misc',
}
}
class sshd::debian inherits sshd::linux {
# the templates for Debian need lsbdistcodename
include assert_lsbdistcodename
Package[openssh]{
name => 'openssh-server',
}
Service[sshd]{
name => 'ssh',
hasstatus => false,
}
}
class sshd::ubuntu inherits sshd::debian {}
class sshd::redhat inherits sshd::linux {
Package[openssh]{
name => 'openssh-server',
}
}
class sshd::centos inherits sshd::redhat {}
class sshd::openbsd inherits sshd::base {
Service[sshd]{
restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
start => '/usr/sbin/sshd',
hasstatus => false,
}
}
### defines
# wrapper to have some defaults.
define sshd::ssh_authorized_key(
$type = 'ssh-dss',
$key,
$user = 'root',
$target = 'absent',
$options = 'absent'
){
case $target {
'absent': {
case $user {
'root': { $real_target = '/root/.ssh/authorized_keys' }
default: { $real_target = "/home/${user}/.ssh/authorized_keys" }
}
}
default: {
$real_target = $target
}
}
ssh_authorized_key{$name:
type => $type,
key => $key,
user => $user,
target => $real_target,
}
case $options {
'absent': { info("not setting any option for ssh_authorized_key: $name") }
default: {
Ssh_authorized_key[$name]{
options => $options,
}
}
if $use_shorewall{
include shorewall::rules::ssh
}
}

8
manifests/linux.pp Normal file
View file

@ -0,0 +1,8 @@
class sshd::linux inherits sshd::base {
package{openssh:
ensure => present,
}
File[sshd_config]{
require +> Package[openssh],
}
}

8
manifests/openbsd.pp Normal file
View file

@ -0,0 +1,8 @@
class sshd::openbsd inherits sshd::base {
Service[sshd]{
restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
start => '/usr/sbin/sshd',
hasstatus => false,
}
}

5
manifests/redhat.pp Normal file
View file

@ -0,0 +1,5 @@
class sshd::redhat inherits sshd::linux {
Package[openssh]{
name => 'openssh-server',
}
}

36
manifests/ssh_authorized_key.pp Normal file
View file

@ -0,0 +1,36 @@
# wrapper to have some defaults.
define sshd::ssh_authorized_key(
$type = 'ssh-dss',
$key,
$user = 'root',
$target = 'absent',
$options = 'absent'
){
case $target {
'absent': {
case $user {
'root': { $real_target = '/root/.ssh/authorized_keys' }
default: { $real_target = "/home/${user}/.ssh/authorized_keys" }
}
}
default: {
$real_target = $target
}
}
ssh_authorized_key{$name:
type => $type,
key => $key,
user => $user,
target => $real_target,
}
case $options {
'absent': { info("not setting any option for ssh_authorized_key: $name") }
default: {
Ssh_authorized_key[$name]{
options => $options,
}
}
}
}