diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base.pp | 37 | ||||
-rw-r--r-- | manifests/client/base.pp | 6 | ||||
-rw-r--r-- | manifests/debian.pp | 8 | ||||
-rw-r--r-- | manifests/init.pp | 6 | ||||
-rw-r--r-- | manifests/linux.pp | 2 | ||||
-rw-r--r-- | manifests/nagios.pp | 6 | ||||
-rw-r--r-- | manifests/openbsd.pp | 6 | ||||
-rw-r--r-- | manifests/redhat.pp | 8 | ||||
-rw-r--r-- | manifests/ssh_authorized_key.pp | 12 |
9 files changed, 49 insertions, 42 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 4001985..ef066e0 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,12 +1,17 @@ class sshd::base { + + $sshd_config_content = $::lsbdistcodename ? { + '' => template("sshd/sshd_config/${::operatingsystem}.erb"), + default => template ("sshd/sshd_config/${::operatingsystem}_${::lsbdistcodename}.erb"), + } + file { 'sshd_config': - path => '/etc/ssh/sshd_config', - content => $::lsbdistcodename ? { - '' => template("sshd/sshd_config/${::operatingsystem}.erb"), - default => template ("sshd/sshd_config/${::operatingsystem}_${::lsbdistcodename}.erb"), - }, - notify => Service[sshd], - owner => root, group => 0, mode => 600; + path => '/etc/ssh/sshd_config', + content => $sshd_config_content, + notify => Service[sshd], + owner => root, + group => 0, + mode => '0600'; } # Now add the key, if we've got one @@ -14,28 +19,28 @@ class sshd::base { '': { info("no sshrsakey on ${::fqdn}") } default: { @@sshkey{$::fqdn: - tag => "fqdn", + ensure => present, + tag => 'fqdn', type => ssh-rsa, key => $::sshrsakey, - ensure => present, } # In case the node has uses a shared network address, # we don't define a sshkey resource using an IP address - if $sshd::shared_ip == "no" { + if $sshd::shared_ip == 'no' { @@sshkey{$::ipaddress: - tag => "ipaddress", + ensure => present, + tag => 'ipaddress', type => ssh-rsa, key => $::sshrsakey, - ensure => present, } } } } service{'sshd': - name => 'sshd', - enable => true, - ensure => running, + ensure => running, + name => 'sshd', + enable => true, hasstatus => true, - require => File[sshd_config], + require => File[sshd_config], } } diff --git a/manifests/client/base.pp b/manifests/client/base.pp index c2580c1..6687d65 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -1,12 +1,14 @@ class sshd::client::base { # this is needed because the gid might have changed file { '/etc/ssh/ssh_known_hosts': - mode => 0644, owner => root, group => 0; + mode => '0644', + owner => root, + group => 0; } # Now collect all server keys case $sshd::client::shared_ip { no: { Sshkey <<||>> } - yes: { Sshkey <<| tag == "fqdn" |>> } + yes: { Sshkey <<| tag == fqdn |>> } } } diff --git a/manifests/debian.pp b/manifests/debian.pp index 45eb901..ced5db7 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -8,14 +8,14 @@ class sshd::debian inherits sshd::linux { } $sshd_restartandstatus = $::lsbdistcodename ? { - etch => false, + etch => false, default => true } Service[sshd]{ - name => 'ssh', - pattern => 'sshd', - hasstatus => $sshd_restartandstatus, + name => 'ssh', + pattern => 'sshd', + hasstatus => $sshd_restartandstatus, hasrestart => $sshd_restartandstatus, } } diff --git a/manifests/init.pp b/manifests/init.pp index 4d66b81..f12918b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -37,8 +37,8 @@ class sshd( ) { class{'sshd::client': - shared_ip => $sshd::shared_ip, - ensure_version => $sshd::ensure_version, + shared_ip => $sshd::shared_ip, + ensure_version => $sshd::ensure_version, manage_shorewall => $manage_shorewall, } @@ -58,7 +58,7 @@ class sshd( if $manage_shorewall { class{'shorewall::rules::ssh': - ports => $ports, + ports => $ports, source => $shorewall_source } } diff --git a/manifests/linux.pp b/manifests/linux.pp index f071ada..8628ff5 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,5 +1,5 @@ class sshd::linux inherits sshd::base { - package{openssh: + package{'openssh': ensure => $sshd::ensure_version, } File[sshd_config]{ diff --git a/manifests/nagios.pp b/manifests/nagios.pp index ef5fe10..6921de9 100644 --- a/manifests/nagios.pp +++ b/manifests/nagios.pp @@ -5,18 +5,18 @@ define sshd::nagios( ) { $real_port = $port ? { 'absent' => $name, - default => $port, + default => $port, } case $check_hostname { 'absent': { nagios::service{"ssh_port_${name}": - ensure => $ensure, + ensure => $ensure, check_command => "check_ssh_port!${real_port}" } } default: { nagios::service{"ssh_port_host_${name}": - ensure => $ensure, + ensure => $ensure, check_command => "check_ssh_port_host!${real_port}!${check_hostname}" } } diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index f1379d7..1ad37cc 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -1,8 +1,8 @@ class sshd::openbsd inherits sshd::base { Service[sshd]{ - restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`', - stop => '/bin/kill `/bin/cat /var/run/sshd.pid`', - start => '/usr/sbin/sshd', + restart => '/bin/kill -HUP `/bin/cat /var/run/sshd.pid`', + stop => '/bin/kill `/bin/cat /var/run/sshd.pid`', + start => '/usr/sbin/sshd', hasstatus => false, } } diff --git a/manifests/redhat.pp b/manifests/redhat.pp index e9bf1d1..d720177 100644 --- a/manifests/redhat.pp +++ b/manifests/redhat.pp @@ -1,5 +1,5 @@ -class sshd::redhat inherits sshd::linux { - Package[openssh]{ - name => 'openssh-server', - } +class sshd::redhat inherits sshd::linux { + Package[openssh]{ + name => 'openssh-server', + } } diff --git a/manifests/ssh_authorized_key.pp b/manifests/ssh_authorized_key.pp index 40649b0..7201f8b 100644 --- a/manifests/ssh_authorized_key.pp +++ b/manifests/ssh_authorized_key.pp @@ -13,8 +13,8 @@ define sshd::ssh_authorized_key( } $real_user = $user ? { - false => $name, - '' => $name, + false => $name, + '' => $name, default => $user, } @@ -31,14 +31,14 @@ define sshd::ssh_authorized_key( } ssh_authorized_key{$name: ensure => $ensure, - type => $type, - key => $key, - user => $real_user, + type => $type, + key => $key, + user => $real_user, target => $real_target, } case $options { - 'absent': { info("not setting any option for ssh_authorized_key: $name") } + 'absent': { info("not setting any option for ssh_authorized_key: ${name}") } default: { Ssh_authorized_key[$name]{ options => $options, |