From 120cbfd46b79cfec36c17ae6deb7fc51f9094594 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 27 May 2014 15:11:45 -0400
Subject: Switch away from site_config::sshd and instead just include site_sshd

The existing site_config::sshd had a non-functioning 'include sshd' line
in it that was not doing what was expected (this was supposed to include
the sshd module, but due to scoping was including itself).

It seemed better to eliminate some of the unused pieces and consolidate
into one config location.

Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
---
 puppet/modules/site_sshd/manifests/init.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'puppet/modules/site_sshd/manifests/init.pp')

diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index d9bc1d51..e81780ef 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -22,6 +22,7 @@ class site_sshd {
       group   => root,
       mode    => '0644',
       content => template('site_sshd/ssh_known_hosts.erb');
+
     '/etc/ssh/ssh_config':
       owner => root,
       group => root,
-- 
cgit v1.2.3


From 382d1cb4aea6e4a2e6fb101346e46bb8a01dbc10 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 27 May 2014 19:45:00 -0400
Subject: Add missing scope to top-level sshd class, passing necessary
 parameters for configuration (#3108)

Change-Id: I4f94a47d47a40bfc6835359e7781707f96e91db0
---
 puppet/modules/site_sshd/manifests/init.pp | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'puppet/modules/site_sshd/manifests/init.pp')

diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index e81780ef..400c21ea 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,5 +1,5 @@
 class site_sshd {
-  $ssh = hiera_hash('ssh')
+  $ssh   = hiera_hash('ssh')
   $hosts = hiera('hosts', '')
 
   ##
@@ -24,9 +24,9 @@ class site_sshd {
       content => template('site_sshd/ssh_known_hosts.erb');
 
     '/etc/ssh/ssh_config':
-      owner => root,
-      group => root,
-      mode => '0644',
+      owner   => root,
+      group   => root,
+      mode    => '0644',
       content => template('site_sshd/ssh_config.erb');
   }
 
@@ -47,4 +47,16 @@ class site_sshd {
       ensure => absent
     }
   }
+
+  ##
+  ## SSHD SERVER CONFIGURATION
+  ##
+  class { '::sshd':
+    manage_nagios => 'no',
+    ports         => $ssh['port'],
+    use_pam       => 'yes',
+    hardened_ssl  => 'yes',
+    print_motd    => 'no',
+    manage_client => false
+  }
 }
-- 
cgit v1.2.3