Mercurial > repos > other > Puppet

diff modules/ssh/manifests/init.pp @ 0:956e484adc12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial public release of Puppet configs
author IBBoard <dev@ibboard.co.uk>
date Sat, 16 Aug 2014 19:47:38 +0000
parents
children 7411baa55c01
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/ssh/manifests/init.pp	Sat Aug 16 19:47:38 2014 +0000
@@ -0,0 +1,140 @@
+# This is an example proposed Puppet Common Module for SSH
+#
+# Usage Requirements:
+# 1) Set $server in site.pp
+#    Allows for a different fileserver than the real puppetmaster
+# 2) Set $os to $operatingsystem
+#    Saves typing, purely cosmetic
+# 3) Set $osver to $operatingsystemrelease or $lsbdistrelease
+#    $operatingsystemrelease is not available on all platforms
+#
+#Taken from the the Puppet Wiki - http://projects.puppetlabs.com/projects/1/wiki/puppet_common_modules_ssh
+
+class ssh {
+    # Distribution independent packages
+    # See also our Operating System specific sub-classes
+    @package { [
+            "openssh-clients",
+            "openssh-server",
+            "denyhosts"
+        ]:
+        ensure => installed
+    }
+
+    # Virtual Resources get defined before we include $operatingsystem specific
+    # classes, so that there is at least something to add and/or override.
+    # 
+    # Additionally, this way we can realize() in sub-classes as much as we want
+    # to, and not concern ourselves with duplicate type definitions
+    #
+
+    @file { "/etc/denyhosts.conf":
+        notify => Service["denyhosts"],
+        require => Package["denyhosts"],
+        source => [
+            "puppet://$server/private/$domain/denyhosts/denyhosts.conf",
+            "puppet://$server/files/denyhosts/denyhosts.conf",
+            "puppet://$server/denyhosts/denyhosts.conf"
+        ]
+    }
+
+    @file { "/etc/ssh/ssh_config":
+        owner => "root",
+        mode => 644,
+        require => Package["openssh-clients"],
+        source => [
+            #
+            # See rationale for an explanation on this list of sources
+            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
+            #
+            "puppet://$server/private/$domain/ssh/$os/$osver/ssh_config.$hostname",
+            "puppet://$server/private/$domain/ssh/$os/$osver/ssh_config",
+            "puppet://$server/private/$domain/ssh/$os/ssh_config.$hostname",
+            "puppet://$server/private/$domain/ssh/$os/ssh_config",
+            "puppet://$server/private/$domain/ssh/ssh_config.$hostname",
+            "puppet://$server/private/$domain/ssh/ssh_config",
+            "puppet://$server/files/ssh/$os/$osver/ssh_config.$hostname",
+            "puppet://$server/files/ssh/$os/$osver/ssh_config",
+            "puppet://$server/files/ssh/$os/ssh_config.$hostname",
+            "puppet://$server/files/ssh/$os/ssh_config",
+            "puppet://$server/files/ssh/ssh_config.$hostname",
+            "puppet://$server/files/ssh/ssh_config",
+            "puppet://$server/ssh/$os/$osver/ssh_config",
+            "puppet://$server/ssh/$os/ssh_config",
+            "puppet://$server/ssh/ssh_config"
+        ],
+        sourceselect => first
+    }
+
+    @file { "/etc/ssh/sshd_config":
+        owner => "root",
+        mode => 644,
+        notify => Service["openssh-server"],
+        require => Package["openssh-server"],
+        source => [
+            #
+            # See rationale for an explanation on this list of sources
+            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
+            #
+            "puppet://$server/private/$domain/ssh/$os/$osver/sshd_config.$hostname",
+            "puppet://$server/private/$domain/ssh/$os/$osver/sshd_config",
+            "puppet://$server/private/$domain/ssh/$os/sshd_config.$hostname",
+            "puppet://$server/private/$domain/ssh/$os/sshd_config",
+            "puppet://$server/private/$domain/ssh/sshd_config.$hostname",
+            "puppet://$server/private/$domain/ssh/sshd_config",
+            "puppet://$server/files/ssh/$os/$osver/sshd_config.$hostname",
+            "puppet://$server/files/ssh/$os/$osver/sshd_config",
+            "puppet://$server/files/ssh/$os/sshd_config.$hostname",
+            "puppet://$server/files/ssh/$os/sshd_config",
+            "puppet://$server/files/ssh/sshd_config.$hostname",
+            "puppet://$server/files/ssh/sshd_config",
+            "puppet://$server/ssh/$os/$osver/sshd_config",
+            "puppet://$server/ssh/$os/sshd_config",
+            "puppet://$server/ssh/sshd_config"
+        ],
+        sourceselect => first
+    }
+
+    @service { "openssh-server":
+        enable => true,
+        ensure => running,
+        require => [
+            File["/etc/ssh/sshd_config"],
+
+            Package["openssh-server"]
+        ]
+    }
+
+
+    # Include operatingsystem specific subclass
+    case $::osfamily {
+        Redhat: {
+            include ssh::centos
+        }
+        default:{fail("Invalid OS type for SSH - $osfamily")}
+    }
+}
+
+class ssh::client inherits ssh {
+    realize(Package["openssh-clients"])
+}
+
+class ssh::server inherits ssh {
+    realize(File["/etc/ssh/sshd_config"])
+    realize(Package["openssh-server"])
+    realize(Service["openssh-server"])
+}
+
+class ssh::centos inherits ssh {
+    File["/etc/ssh/ssh_config"] {
+        group => "root"
+    }
+
+    Service["openssh-server"] {
+        name => "sshd",
+        hasrestart => true,
+        hasstatus => true,
+        restart => "/etc/init.d/sshd restart",
+        status => "/etc/init.d/sshd status"
+    }
+}