diff options
-rw-r--r-- | platform.rb | 4 | ||||
-rw-r--r-- | provider_base/common.json | 1 | ||||
-rw-r--r-- | provider_base/services/monitor.json | 2 | ||||
-rw-r--r-- | puppet/modules/site_sshd/manifests/init.pp | 18 | ||||
-rw-r--r-- | puppet/modules/site_sshd/templates/ssh_config.erb | 23 | ||||
-rw-r--r-- | puppet/modules/site_sshd/templates/ssh_known_hosts.erb | 7 |
6 files changed, 51 insertions, 4 deletions
diff --git a/platform.rb b/platform.rb index ee87789a..54590f4b 100644 --- a/platform.rb +++ b/platform.rb @@ -3,8 +3,8 @@ # Leap::Platform.define do - self.version = "0.3.0" - self.compatible_cli = "1.3.1".."1.99" + self.version = "0.4.0" + self.compatible_cli = "1.4.0".."1.99" # # the facter facts that should be gathered diff --git a/provider_base/common.json b/provider_base/common.json index 07a45972..07a58bba 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -16,7 +16,6 @@ }, "ssh": { "authorized_keys": "= authorized_keys", - "known_hosts": "=> known_hosts_file", "port": 22, "mosh": { "ports": "60000:61000", diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index cf117869..53e6b1f1 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,7 +1,7 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "hosts": "= nodes_like_me.pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" + "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" }, "hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])", "ssh": { diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index 90dd2d0e..d9bc1d51 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -1,5 +1,6 @@ class site_sshd { $ssh = hiera_hash('ssh') + $hosts = hiera('hosts', '') ## ## SETUP AUTHORIZED KEYS @@ -12,6 +13,23 @@ class site_sshd { } ## + ## SETUP KNOWN HOSTS and SSH_CONFIG + ## + + file { + '/etc/ssh/ssh_known_hosts': + owner => root, + group => root, + mode => '0644', + content => template('site_sshd/ssh_known_hosts.erb'); + '/etc/ssh/ssh_config': + owner => root, + group => root, + mode => '0644', + content => template('site_sshd/ssh_config.erb'); + } + + ## ## OPTIONAL MOSH SUPPORT ## diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb new file mode 100644 index 00000000..7e967413 --- /dev/null +++ b/puppet/modules/site_sshd/templates/ssh_config.erb @@ -0,0 +1,23 @@ +# This file is generated by Puppet +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +Host * + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes + GSSAPIDelegateCredentials no +<% if scope.lookupvar('::site_config::params::environment') == 'local' -%> + # + # Vagrant nodes should have strict host key checking + # turned off. The problem is that the host key for a vagrant + # node is specific to the particular instance of the vagrant + # node you have running locally. For this reason, we can't + # track the host keys, or your host key for vpn1 would conflict + # with my host key for vpn1. + # + StrictHostKeyChecking no +<% end -%> + diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb new file mode 100644 index 00000000..002ab732 --- /dev/null +++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb @@ -0,0 +1,7 @@ +# This file is generated by Puppet + +<% @hosts.sort.each do |name, hash| -%> +<% if hash['host_pub_key'] -%> +<%= name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%> +<% end -%> +<% end -%> |