diff options
| author | mh <mh@immerda.ch> | 2012-06-05 18:23:03 -0300 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2012-06-05 18:23:03 -0300 |
| commit | 2204eb01f6cf10992ccdd7e092d1fc522e5ec3e1 (patch) | |
| tree | 3f778bf16c6da3585e087454527a45afd3ea3871 /manifests/init.pp | |
| parent | d5404bbdbaeaea4178eb854f5890be471000785f (diff) | |
new style for 2.7
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 167 |
1 files changed, 45 insertions, 122 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 8b3361c..f183acd 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,138 +1,61 @@ -class sshd { - # prepare variables to use in templates - case $sshd_listen_address { - '': { $sshd_listen_address = [ '0.0.0.0', '::' ] } - } - case $sshd_allowed_users { - '': { $sshd_allowed_users = '' } - } - case $sshd_allowed_groups { - '': { $sshd_allowed_groups = '' } - } - case $sshd_use_pam { - '': { $sshd_use_pam = 'no' } - } - case $sshd_permit_root_login { - '': { $sshd_permit_root_login = 'without-password' } - } - case $sshd_password_authentication { - '': { $sshd_password_authentication = 'no' } - } - case $sshd_kerberos_authentication { - '': { $sshd_kerberos_authentication = 'no' } - } - case $sshd_kerberos_orlocalpasswd { - '': { $sshd_kerberos_orlocalpasswd = 'yes' } - } - case $sshd_kerberos_ticketcleanup { - '': { $sshd_kerberos_ticketcleanup = 'yes' } - } - case $sshd_gssapi_authentication { - '': { $sshd_gssapi_authentication = 'no' } - } - case $sshd_gssapi_cleanupcredentials { - '': { $sshd_gssapi_cleanupcredentials = 'yes' } - } - case $sshd_tcp_forwarding { - '': { $sshd_tcp_forwarding = 'no' } - } - case $sshd_x11_forwarding { - '': { $sshd_x11_forwarding = 'no' } - } - case $sshd_agent_forwarding { - '': { $sshd_agent_forwarding = 'no' } - } - case $sshd_challenge_response_authentication { - '': { $sshd_challenge_response_authentication = 'no' } - } - case $sshd_pubkey_authentication { - '': { $sshd_pubkey_authentication = 'yes' } - } - case $sshd_rsa_authentication { - '': { $sshd_rsa_authentication = 'no' } - } - case $sshd_strict_modes { - '': { $sshd_strict_modes = 'yes' } - } - case $sshd_ignore_rhosts { - '': { $sshd_ignore_rhosts = 'yes' } - } - case $sshd_rhosts_rsa_authentication { - '': { $sshd_rhosts_rsa_authentication = 'no' } - } - case $sshd_hostbased_authentication { - '': { $sshd_hostbased_authentication = 'no' } - } - case $sshd_permit_empty_passwords { - '': { $sshd_permit_empty_passwords = 'no' } - } - if ( $sshd_port != '' ) and ( $sshd_ports != []) { - err("Cannot use sshd_port and sshd_ports at the same time.") - } - if $sshd_port != '' { - $sshd_ports = [ $sshd_port ] - } elsif ! $sshd_ports { - $sshd_ports = [ 22 ] - } - case $sshd_authorized_keys_file { - '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } - } - case $sshd_hardened_ssl { - '': { $sshd_hardened_ssl = 'no' } - } - case $sshd_sftp_subsystem { - '': { $sshd_sftp_subsystem = '' } - } - case $sshd_head_additional_options { - '': { $sshd_head_additional_options = '' } - } - case $sshd_tail_additional_options { - '': { $sshd_tail_additional_options = '' } - } - case $sshd_ensure_version { - '': { $sshd_ensure_version = "present" } - } - case $sshd_print_motd { - '': { - case $operatingsystem { - debian,ubuntu: { $sshd_print_motd = "no" } - default: { $sshd_print_motd = "yes" } - } - } - } - case $sshd_shared_ip { - '': { $sshd_shared_ip = "no" } - } +class sshd( + $nagios_check_ssh = hiera('nagios_check_ssh',true), + $nagios_check_ssh_hostname = hiera('nagios_check_ssh_hostname','absent'), + $ports = hiera('sshd_ports',[ 22 ]), + $shared_ip = hiera('sshd_shared_ip','no'), + $ensure_version = hiera('sshd_ensure_version','installed'), + $listen_address = hiera('sshd_listen_address',[ '0.0.0.0', '::' ]), + $allowed_users = hiera('sshd_allowed_users',''), + $allowed_groups = hiera('sshd_allowed_groups',''), + $use_pam = hiera('sshd_use_pam','no'), + $permit_root_login = hiera('sshd_permit_root_login','without-password'), + $password_authentication = hiera('sshd_password_authentication','no'), + $kerberos_authentication = hiera('sshd_kerberos_authentication','no'), + $kerberos_orlocalpasswd = hiera('sshd_sshd_kerberos_orlocalpasswd','yes'), + $kerberos_ticketcleanup = hiera('sshd_kerberos_ticketcleanup','yes'), + $gssapi_authentication = hiera('sshd_gssapi_authentication','no'), + $gssapi_cleanupcredentials = hiera('sshd_gssapi_cleanupcredentials','yes'), + $tcp_forwarding = hiera('sshd_tcp_forwarding','no'), + $x11_forwarding = hiera('sshd_x11_forwarding','no'), + $agent_forwarding = hiera('sshd_agent_forwarding','no'), + $challenge_response_authentication = hiera('sshd_challenge_response_authentication','no'), + $pubkey_authentication = hiera('sshd_pubkey_authentication','yes'), + $rsa_authentication = hiera('rsa_authentication','no'), + $strict_modes = hiera('sshd_strict_modes','yes'), + $ignore_rhosts = hiera('sshd_ignore_rhosts','yes'), + $rhosts_rsa_authentication = hiera('sshd_rhosts_rsa_authentication','no'), + $hostbased_authentication = hiera('sshd_hostbased_authentication','no'), + $permit_empty_passwords = hiera('sshd_permit_empty_passwords','no'), + $authorized_keys_file = hiera('sshd_authorized_keys_file','%h/.ssh/authorized_keys'), + $hardened_ssl = hiera('sshd_hardened_ssl','no'), + $sftp_subsystem = hiera('sshd_sftp_subsystem',''), + $head_additional_options = hiera('sshd_head_additional_options',''), + $tail_additional_options = hiera('sshd_tail_additional_options',''), + $print_motd = hiera('sshd_print_motd','yes') +) { - include sshd::client + class{'sshd::client': + shared_ip => $sshd::shared_ip, + ensure_version => $sshd::ensure_version + } - case $operatingsystem { + case $::operatingsystem { gentoo: { include sshd::gentoo } redhat,centos: { include sshd::redhat } - centos: { include sshd::centos } openbsd: { include sshd::openbsd } debian,ubuntu: { include sshd::debian } default: { include sshd::base } } - if $use_nagios { - case $nagios_check_ssh { - false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) } - default: { - sshd::nagios{$sshd_ports: - check_hostname => $nagios_check_ssh_hostname ? { - '' => 'absent', - undef => 'absent', - default => $nagios_check_ssh_hostname - } - } - } + if hiera('use_nagios',false) and $sshd::nagios_check_ssh { + sshd::nagios{$sshd::ports: + check_hostname => $sshd::nagios_check_ssh_hostname } } - if $use_shorewall{ + if hiera('use_shorewall', false) { class{'shorewall::rules::ssh': - ports => $sshd_ports, + ports => $sshd::ports, } } } |