summaryrefslogtreecommitdiff
path: root/puppet/modules/site_sshd
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_sshd')
-rw-r--r--puppet/modules/site_sshd/manifests/authorized_keys.pp3
-rw-r--r--puppet/modules/site_sshd/manifests/init.pp9
-rw-r--r--puppet/modules/site_sshd/manifests/known_hosts.pp11
-rw-r--r--puppet/modules/site_sshd/templates/ssh_known_hosts.erb5
4 files changed, 28 insertions, 0 deletions
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index c18f691c..f36fe20f 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,4 +1,7 @@
define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
+ # We use a custom define here to deploy the authorized_keys file
+ # cause puppet doesn't allow purgin before populating this file
+ # (see https://tickets.puppetlabs.com/browse/PUP-1174)
# This line allows default homedir based on $title variable.
# If $home is empty, the default is used.
$homedir = $home ? {'' => "/home/${title}", default => $home}
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 90dd2d0e..d2de41c8 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,5 +1,6 @@
class site_sshd {
$ssh = hiera_hash('ssh')
+ $hosts = hiera('hosts', '')
##
## SETUP AUTHORIZED KEYS
@@ -12,6 +13,14 @@ class site_sshd {
}
##
+ ## SETUP KNOWN HOSTS
+ ##
+
+ class { 'site_sshd::known_hosts':
+ hosts => $hosts
+ }
+
+ ##
## OPTIONAL MOSH SUPPORT
##
diff --git a/puppet/modules/site_sshd/manifests/known_hosts.pp b/puppet/modules/site_sshd/manifests/known_hosts.pp
new file mode 100644
index 00000000..290ffd0b
--- /dev/null
+++ b/puppet/modules/site_sshd/manifests/known_hosts.pp
@@ -0,0 +1,11 @@
+class site_sshd::known_hosts ($hosts) {
+ # these owner and permissions seem odd to me, but it is what is defined
+ # in modules/sshd/manifests/client/base.pp, so we are going to stick with it.
+ file { '/etc/ssh/ssh_known_hosts':
+ ensure => present,
+ owner => root,
+ group => 0,
+ mode => '0644',
+ content => template('site_sshd/ssh_known_hosts.erb');
+ }
+}
diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
new file mode 100644
index 00000000..c5a71378
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
@@ -0,0 +1,5 @@
+# This file is generated by Puppet
+
+<% hosts.sort.each do |name, hash| -%>
+<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% end -%>