diff options
Diffstat (limited to 'puppet/modules')
| -rw-r--r-- | puppet/modules/site_sshd/manifests/init.pp | 15 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/known_hosts.pp | 11 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/templates/ssh_config.erb | 23 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/templates/ssh_known_hosts.erb | 6 | 
4 files changed, 39 insertions, 16 deletions
| diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index d2b13822..2bcde603 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -13,11 +13,20 @@ class site_sshd {    }    ## -  ## SETUP KNOWN HOSTS +  ## SETUP KNOWN HOSTS and SSH_CONFIG    ## -  class { 'site_sshd::known_hosts': -    hosts => $hosts +  file { +    '/etc/ssh/ssh_known_hosts': +      owner   => root, +      group   => root, +      mode    => '0644', +      content => template('site_sshd/ssh_known_hosts.erb'); +    '/etc/ssh/ssh_config': +      owner => root, +      group => root, +      mode => '0644', +      content => template('site_sshd/ssh_config.erb');    }    ## diff --git a/puppet/modules/site_sshd/manifests/known_hosts.pp b/puppet/modules/site_sshd/manifests/known_hosts.pp deleted file mode 100644 index 290ffd0b..00000000 --- a/puppet/modules/site_sshd/manifests/known_hosts.pp +++ /dev/null @@ -1,11 +0,0 @@ -class site_sshd::known_hosts ($hosts) { -  # these owner and permissions seem odd to me, but it is what is defined -  # in modules/sshd/manifests/client/base.pp, so we are going to stick with it. -  file { '/etc/ssh/ssh_known_hosts': -    ensure  => present, -    owner   => root, -    group   => 0, -    mode    => '0644', -    content => template('site_sshd/ssh_known_hosts.erb'); -  } -} diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb new file mode 100644 index 00000000..7e967413 --- /dev/null +++ b/puppet/modules/site_sshd/templates/ssh_config.erb @@ -0,0 +1,23 @@ +# This file is generated by Puppet +# This is the ssh client system-wide configuration file.  See +# ssh_config(5) for more information.  This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +Host * +    SendEnv LANG LC_* +    HashKnownHosts yes +    GSSAPIAuthentication yes +    GSSAPIDelegateCredentials no +<% if scope.lookupvar('::site_config::params::environment') == 'local' -%> +    # +    # Vagrant nodes should have strict host key checking +    # turned off. The problem is that the host key for a vagrant +    # node is specific to the particular instance of the vagrant +    # node you have running locally. For this reason, we can't +    # track the host keys, or your host key for vpn1 would conflict +    # with my host key for vpn1. +    # +    StrictHostKeyChecking no +<% end -%> + diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb index c5a71378..002ab732 100644 --- a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb +++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb @@ -1,5 +1,7 @@  # This file is generated by Puppet -<% hosts.sort.each do |name, hash| -%> -<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%> +<% @hosts.sort.each do |name, hash| -%> +<%   if hash['host_pub_key'] -%> +<%=    name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%> +<%   end -%>  <% end -%> | 
