migrate away from hiera stuff
This commit is contained in:
mh
parent
8aab254eaa
commit
d4db185c3f
3 changed files with 48 additions and 43 deletions
2
README
2
README
|
|
@ -24,7 +24,7 @@ Nagios
|
|||
------
|
||||
|
||||
To have nagios checks setup automatically for sshd services, simply set
|
||||
use_nagios to true in hiera. If you want to disable ssh
|
||||
manage_nagios to true for that class. If you want to disable ssh
|
||||
nagios checking for a particular node (such as when ssh is firewalled), then you
|
||||
can set the class parameter nagios_check_ssh to false and that node will not bei
|
||||
monitored.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
# manifests/client.pp
|
||||
|
||||
class sshd::client(
|
||||
$shared_ip = hiera('sshd_shared_ip','no'),
|
||||
$ensure_version = hiera('sshd_ensure_version','installed')
|
||||
$shared_ip = 'no',
|
||||
$ensure_version = 'installed',
|
||||
$manage_shorewall = false
|
||||
) {
|
||||
|
||||
case $::operatingsystem {
|
||||
|
|
@ -15,7 +16,7 @@ class sshd::client(
|
|||
}
|
||||
}
|
||||
|
||||
if hiera('use_shorewall',false) {
|
||||
if $manage_shorewall{
|
||||
include shorewall::rules::out::ssh
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,42 +1,45 @@
|
|||
class sshd(
|
||||
$nagios_check_ssh = hiera('nagios_check_ssh',true),
|
||||
$nagios_check_ssh_hostname = hiera('nagios_check_ssh_hostname','absent'),
|
||||
$ports = hiera('sshd_ports',[ 22 ]),
|
||||
$shared_ip = hiera('sshd_shared_ip','no'),
|
||||
$ensure_version = hiera('sshd_ensure_version','installed'),
|
||||
$listen_address = hiera('sshd_listen_address',[ '0.0.0.0', '::' ]),
|
||||
$allowed_users = hiera('sshd_allowed_users',''),
|
||||
$allowed_groups = hiera('sshd_allowed_groups',''),
|
||||
$use_pam = hiera('sshd_use_pam','no'),
|
||||
$permit_root_login = hiera('sshd_permit_root_login','without-password'),
|
||||
$password_authentication = hiera('sshd_password_authentication','no'),
|
||||
$kerberos_authentication = hiera('sshd_kerberos_authentication','no'),
|
||||
$kerberos_orlocalpasswd = hiera('sshd_sshd_kerberos_orlocalpasswd','yes'),
|
||||
$kerberos_ticketcleanup = hiera('sshd_kerberos_ticketcleanup','yes'),
|
||||
$gssapi_authentication = hiera('sshd_gssapi_authentication','no'),
|
||||
$gssapi_cleanupcredentials = hiera('sshd_gssapi_cleanupcredentials','yes'),
|
||||
$tcp_forwarding = hiera('sshd_tcp_forwarding','no'),
|
||||
$x11_forwarding = hiera('sshd_x11_forwarding','no'),
|
||||
$agent_forwarding = hiera('sshd_agent_forwarding','no'),
|
||||
$challenge_response_authentication = hiera('sshd_challenge_response_authentication','no'),
|
||||
$pubkey_authentication = hiera('sshd_pubkey_authentication','yes'),
|
||||
$rsa_authentication = hiera('rsa_authentication','no'),
|
||||
$strict_modes = hiera('sshd_strict_modes','yes'),
|
||||
$ignore_rhosts = hiera('sshd_ignore_rhosts','yes'),
|
||||
$rhosts_rsa_authentication = hiera('sshd_rhosts_rsa_authentication','no'),
|
||||
$hostbased_authentication = hiera('sshd_hostbased_authentication','no'),
|
||||
$permit_empty_passwords = hiera('sshd_permit_empty_passwords','no'),
|
||||
$authorized_keys_file = hiera('sshd_authorized_keys_file','%h/.ssh/authorized_keys'),
|
||||
$hardened_ssl = hiera('sshd_hardened_ssl','no'),
|
||||
$sftp_subsystem = hiera('sshd_sftp_subsystem',''),
|
||||
$head_additional_options = hiera('sshd_head_additional_options',''),
|
||||
$tail_additional_options = hiera('sshd_tail_additional_options',''),
|
||||
$print_motd = hiera('sshd_print_motd','yes')
|
||||
$manage_nagios = true,
|
||||
$nagios_check_ssh_hostname = 'absent',
|
||||
$ports = [ 22 ],
|
||||
$shared_ip = 'no',
|
||||
$ensure_version = 'installed',
|
||||
$listen_address = [ '0.0.0.0', '::' ],
|
||||
$allowed_users = '',
|
||||
$allowed_groups = '',
|
||||
$use_pam = 'no',
|
||||
$permit_root_login = 'without-password',
|
||||
$password_authentication = 'no',
|
||||
$kerberos_authentication = 'no',
|
||||
$kerberos_orlocalpasswd = 'yes',
|
||||
$kerberos_ticketcleanup = 'yes',
|
||||
$gssapi_authentication = 'no',
|
||||
$gssapi_cleanupcredentials = 'yes',
|
||||
$tcp_forwarding = 'no',
|
||||
$x11_forwarding = 'no',
|
||||
$agent_forwarding = 'no',
|
||||
$challenge_response_authentication = 'no',
|
||||
$pubkey_authentication = 'yes',
|
||||
$rsa_authentication = 'no',
|
||||
$strict_modes = 'yes',
|
||||
$ignore_rhosts = 'yes',
|
||||
$rhosts_rsa_authentication = 'no',
|
||||
$hostbased_authentication = 'no',
|
||||
$permit_empty_passwords = 'no',
|
||||
$authorized_keys_file = '%h/.ssh/authorized_keys',
|
||||
$hardened_ssl = 'no',
|
||||
$sftp_subsystem = '',
|
||||
$head_additional_options = '',
|
||||
$tail_additional_options = '',
|
||||
$print_motd = 'yes',
|
||||
$manage_shorewall = false,
|
||||
$shorewall_source = 'net'
|
||||
) {
|
||||
|
||||
class{'sshd::client':
|
||||
shared_ip => $sshd::shared_ip,
|
||||
ensure_version => $sshd::ensure_version
|
||||
ensure_version => $sshd::ensure_version,
|
||||
manage_shorewall => $manage_shorewall,
|
||||
}
|
||||
|
||||
case $::operatingsystem {
|
||||
|
|
@ -47,15 +50,16 @@ class sshd(
|
|||
default: { include sshd::base }
|
||||
}
|
||||
|
||||
if hiera('use_nagios',false) and $sshd::nagios_check_ssh {
|
||||
sshd::nagios{$sshd::ports:
|
||||
check_hostname => $sshd::nagios_check_ssh_hostname
|
||||
if $manage_nagios {
|
||||
sshd::nagios{$ports:
|
||||
check_hostname => $nagios_check_ssh_hostname
|
||||
}
|
||||
}
|
||||
|
||||
if hiera('use_shorewall', false) {
|
||||
if $manage_shorewall {
|
||||
class{'shorewall::rules::ssh':
|
||||
ports => $sshd::ports,
|
||||
ports => $ports,
|
||||
source => $shorewall_source
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue