summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/base.pp37
-rw-r--r--manifests/client/base.pp6
-rw-r--r--manifests/debian.pp8
-rw-r--r--manifests/init.pp6
-rw-r--r--manifests/linux.pp2
-rw-r--r--manifests/nagios.pp6
-rw-r--r--manifests/openbsd.pp6
-rw-r--r--manifests/redhat.pp8
-rw-r--r--manifests/ssh_authorized_key.pp12
9 files changed, 49 insertions, 42 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 4001985..ef066e0 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,12 +1,17 @@
class sshd::base {
+
+ $sshd_config_content = $::lsbdistcodename ? {
+ '' => template("sshd/sshd_config/${::operatingsystem}.erb"),
+ default => template ("sshd/sshd_config/${::operatingsystem}_${::lsbdistcodename}.erb"),
+ }
+
file { 'sshd_config':
- path => '/etc/ssh/sshd_config',
- content => $::lsbdistcodename ? {
- '' => template("sshd/sshd_config/${::operatingsystem}.erb"),
- default => template ("sshd/sshd_config/${::operatingsystem}_${::lsbdistcodename}.erb"),
- },
- notify => Service[sshd],
- owner => root, group => 0, mode => 600;
+ path => '/etc/ssh/sshd_config',
+ content => $sshd_config_content,
+ notify => Service[sshd],
+ owner => root,
+ group => 0,
+ mode => '0600';
}
# Now add the key, if we've got one
@@ -14,28 +19,28 @@ class sshd::base {
'': { info("no sshrsakey on ${::fqdn}") }
default: {
@@sshkey{$::fqdn:
- tag => "fqdn",
+ ensure => present,
+ tag => 'fqdn',
type => ssh-rsa,
key => $::sshrsakey,
- ensure => present,
}
# In case the node has uses a shared network address,
# we don't define a sshkey resource using an IP address
- if $sshd::shared_ip == "no" {
+ if $sshd::shared_ip == 'no' {
@@sshkey{$::ipaddress:
- tag => "ipaddress",
+ ensure => present,
+ tag => 'ipaddress',
type => ssh-rsa,
key => $::sshrsakey,
- ensure => present,
}
}
}
}
service{'sshd':
- name => 'sshd',
- enable => true,
- ensure => running,
+ ensure => running,
+ name => 'sshd',
+ enable => true,
hasstatus => true,
- require => File[sshd_config],
+ require => File[sshd_config],
}
}
diff --git a/manifests/client/base.pp b/manifests/client/base.pp
index c2580c1..6687d65 100644
--- a/manifests/client/base.pp
+++ b/manifests/client/base.pp
@@ -1,12 +1,14 @@
class sshd::client::base {
# this is needed because the gid might have changed
file { '/etc/ssh/ssh_known_hosts':
- mode => 0644, owner => root, group => 0;
+ mode => '0644',
+ owner => root,
+ group => 0;
}
# Now collect all server keys
case $sshd::client::shared_ip {
no: { Sshkey <<||>> }
- yes: { Sshkey <<| tag == "fqdn" |>> }
+ yes: { Sshkey <<| tag == fqdn |>> }
}
}
diff --git a/manifests/debian.pp b/manifests/debian.pp
index 45eb901..ced5db7 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -8,14 +8,14 @@ class sshd::debian inherits sshd::linux {
}
$sshd_restartandstatus = $::lsbdistcodename ? {
- etch => false,
+ etch => false,
default => true
}
Service[sshd]{
- name => 'ssh',
- pattern => 'sshd',
- hasstatus => $sshd_restartandstatus,
+ name => 'ssh',
+ pattern => 'sshd',
+ hasstatus => $sshd_restartandstatus,
hasrestart => $sshd_restartandstatus,
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 4d66b81..f12918b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -37,8 +37,8 @@ class sshd(
) {
class{'sshd::client':
- shared_ip => $sshd::shared_ip,
- ensure_version => $sshd::ensure_version,
+ shared_ip => $sshd::shared_ip,
+ ensure_version => $sshd::ensure_version,
manage_shorewall => $manage_shorewall,
}
@@ -58,7 +58,7 @@ class sshd(
if $manage_shorewall {
class{'shorewall::rules::ssh':
- ports => $ports,
+ ports => $ports,
source => $shorewall_source
}
}
diff --git a/manifests/linux.pp b/manifests/linux.pp
index f071ada..8628ff5 100644
--- a/manifests/linux.pp
+++ b/manifests/linux.pp
@@ -1,5 +1,5 @@
class sshd::linux inherits sshd::base {
- package{openssh:
+ package{'openssh':
ensure => $sshd::ensure_version,
}
File[sshd_config]{
diff --git a/manifests/nagios.pp b/manifests/nagios.pp
index ef5fe10..6921de9 100644
--- a/manifests/nagios.pp
+++ b/manifests/nagios.pp
@@ -5,18 +5,18 @@ define sshd::nagios(
) {
$real_port = $port ? {
'absent' => $name,
- default => $port,
+ default => $port,
}
case $check_hostname {
'absent': {
nagios::service{"ssh_port_${name}":
- ensure => $ensure,
+ ensure => $ensure,
check_command => "check_ssh_port!${real_port}"
}
}
default: {
nagios::service{"ssh_port_host_${name}":
- ensure => $ensure,
+ ensure => $ensure,
check_command => "check_ssh_port_host!${real_port}!${check_hostname}"
}
}
diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp
index f1379d7..1ad37cc 100644
--- a/manifests/openbsd.pp
+++ b/manifests/openbsd.pp
@@ -1,8 +1,8 @@
class sshd::openbsd inherits sshd::base {
Service[sshd]{
- restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
- stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
- start => '/usr/sbin/sshd',
+ restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`',
+ stop => '/bin/kill `/bin/cat /var/run/sshd.pid`',
+ start => '/usr/sbin/sshd',
hasstatus => false,
}
}
diff --git a/manifests/redhat.pp b/manifests/redhat.pp
index e9bf1d1..d720177 100644
--- a/manifests/redhat.pp
+++ b/manifests/redhat.pp
@@ -1,5 +1,5 @@
-class sshd::redhat inherits sshd::linux {
- Package[openssh]{
- name => 'openssh-server',
- }
+class sshd::redhat inherits sshd::linux {
+ Package[openssh]{
+ name => 'openssh-server',
+ }
}
diff --git a/manifests/ssh_authorized_key.pp b/manifests/ssh_authorized_key.pp
index 40649b0..7201f8b 100644
--- a/manifests/ssh_authorized_key.pp
+++ b/manifests/ssh_authorized_key.pp
@@ -13,8 +13,8 @@ define sshd::ssh_authorized_key(
}
$real_user = $user ? {
- false => $name,
- '' => $name,
+ false => $name,
+ '' => $name,
default => $user,
}
@@ -31,14 +31,14 @@ define sshd::ssh_authorized_key(
}
ssh_authorized_key{$name:
ensure => $ensure,
- type => $type,
- key => $key,
- user => $real_user,
+ type => $type,
+ key => $key,
+ user => $real_user,
target => $real_target,
}
case $options {
- 'absent': { info("not setting any option for ssh_authorized_key: $name") }
+ 'absent': { info("not setting any option for ssh_authorized_key: ${name}") }
default: {
Ssh_authorized_key[$name]{
options => $options,