summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--platform.rb4
-rw-r--r--provider_base/common.json1
-rw-r--r--provider_base/services/monitor.json2
-rw-r--r--puppet/modules/site_sshd/manifests/init.pp18
-rw-r--r--puppet/modules/site_sshd/templates/ssh_config.erb23
-rw-r--r--puppet/modules/site_sshd/templates/ssh_known_hosts.erb7
6 files changed, 51 insertions, 4 deletions
diff --git a/platform.rb b/platform.rb
index ee87789a..54590f4b 100644
--- a/platform.rb
+++ b/platform.rb
@@ -3,8 +3,8 @@
#
Leap::Platform.define do
- self.version = "0.3.0"
- self.compatible_cli = "1.3.1".."1.99"
+ self.version = "0.4.0"
+ self.compatible_cli = "1.4.0".."1.99"
#
# the facter facts that should be gathered
diff --git a/provider_base/common.json b/provider_base/common.json
index 07a45972..07a58bba 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -16,7 +16,6 @@
},
"ssh": {
"authorized_keys": "= authorized_keys",
- "known_hosts": "=> known_hosts_file",
"port": 22,
"mosh": {
"ports": "60000:61000",
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index cf117869..53e6b1f1 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -1,7 +1,7 @@
{
"nagios": {
"nagiosadmin_pw": "= secret :nagios_admin_password",
- "hosts": "= nodes_like_me.pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')"
+ "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')"
},
"hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])",
"ssh": {
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 90dd2d0e..d9bc1d51 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,5 +1,6 @@
class site_sshd {
$ssh = hiera_hash('ssh')
+ $hosts = hiera('hosts', '')
##
## SETUP AUTHORIZED KEYS
@@ -12,6 +13,23 @@ class site_sshd {
}
##
+ ## SETUP KNOWN HOSTS and SSH_CONFIG
+ ##
+
+ file {
+ '/etc/ssh/ssh_known_hosts':
+ owner => root,
+ group => root,
+ mode => '0644',
+ content => template('site_sshd/ssh_known_hosts.erb');
+ '/etc/ssh/ssh_config':
+ owner => root,
+ group => root,
+ mode => '0644',
+ content => template('site_sshd/ssh_config.erb');
+ }
+
+ ##
## OPTIONAL MOSH SUPPORT
##
diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb
new file mode 100644
index 00000000..7e967413
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_config.erb
@@ -0,0 +1,23 @@
+# This file is generated by Puppet
+# This is the ssh client system-wide configuration file. See
+# ssh_config(5) for more information. This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+Host *
+ SendEnv LANG LC_*
+ HashKnownHosts yes
+ GSSAPIAuthentication yes
+ GSSAPIDelegateCredentials no
+<% if scope.lookupvar('::site_config::params::environment') == 'local' -%>
+ #
+ # Vagrant nodes should have strict host key checking
+ # turned off. The problem is that the host key for a vagrant
+ # node is specific to the particular instance of the vagrant
+ # node you have running locally. For this reason, we can't
+ # track the host keys, or your host key for vpn1 would conflict
+ # with my host key for vpn1.
+ #
+ StrictHostKeyChecking no
+<% end -%>
+
diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
new file mode 100644
index 00000000..002ab732
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
@@ -0,0 +1,7 @@
+# This file is generated by Puppet
+
+<% @hosts.sort.each do |name, hash| -%>
+<% if hash['host_pub_key'] -%>
+<%= name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% end -%>
+<% end -%>