Mercurial > repos > other > Puppet

view modules/ssh/manifests/init.pp @ 131:0dd899a10ee1 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Change all "latest" packages to "installed" Having Puppet update packages is dangerous and not correct sysadmin. We have a script for checking for updates. Let that run and let the sysadmin update when appropriate. This will prevent any potential issues from faulty service restarts in the middle of the night.
author IBBoard <dev@ibboard.co.uk>
date Wed, 26 Oct 2016 19:40:37 +0100
parents cd79745f0236
children c3fa3d65aa83
line wrap: on
line source

# This is an example proposed Puppet Common Module for SSH
#
# Usage Requirements:
# 1) Set $server in site.pp
#    Allows for a different fileserver than the real puppetmaster
# 2) Set $os to $operatingsystem
#    Saves typing, purely cosmetic
# 3) Set $osver to $operatingsystemrelease or $lsbdistrelease
#    $operatingsystemrelease is not available on all platforms
#
#Taken from the the Puppet Wiki - http://projects.puppetlabs.com/projects/1/wiki/puppet_common_modules_ssh

class ssh {
    # Distribution independent packages
    # See also our Operating System specific sub-classes
    @package { [
            "openssh-clients",
            "openssh-server",
#            "denyhosts"
        ]:
        ensure => installed
    }

    # Virtual Resources get defined before we include $operatingsystem specific
    # classes, so that there is at least something to add and/or override.
    # 
    # Additionally, this way we can realize() in sub-classes as much as we want
    # to, and not concern ourselves with duplicate type definitions
    #

#    @file { "/etc/denyhosts.conf":
#        notify => Service["denyhosts"],
#        require => Package["denyhosts"],
#        source => [
#            "puppet://$server/private/$domain/denyhosts/denyhosts.conf",
#            "puppet://$server/files/denyhosts/denyhosts.conf",
#            "puppet://$server/denyhosts/denyhosts.conf"
#        ]
#    }

    @file { "/etc/ssh/ssh_config":
        owner => "root",
        mode => 644,
        require => Package["openssh-clients"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
           "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config",
            "puppet://$server/private/$domain/ssh/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config",
            "puppet://$server/files/ssh/ssh_config.$hostname",
            "puppet://$server/files/ssh/ssh_config",
            "puppet://$server/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/ssh/$operatingsystem/ssh_config",
            "puppet://$server/ssh/ssh_config"
        ],
        sourceselect => first
    }

    @file { "/etc/ssh/sshd_config":
        owner => "root",
        mode => 644,
        notify => Service["openssh-server"],
        require => Package["openssh-server"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config",
            "puppet://$server/private/$domain/ssh/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config",
            "puppet://$server/files/ssh/sshd_config.$hostname",
            "puppet://$server/files/ssh/sshd_config",
            "puppet://$server/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/ssh/$operatingsystem/sshd_config",
            "puppet://$server/ssh/sshd_config"
        ],
        sourceselect => first
    }

    @service { "openssh-server":
        enable => true,
        ensure => running,
        require => [
            File["/etc/ssh/sshd_config"],

            Package["openssh-server"]
        ]
    }


    # Include operatingsystem specific subclass
    case $::osfamily {
        Redhat: {
            include ssh::centos
        }
        default:{fail("Invalid OS type for SSH - $osfamily")}
    }
}

class ssh::client inherits ssh {
    realize(Package["openssh-clients"])
}

class ssh::server inherits ssh {
    realize(File["/etc/ssh/sshd_config"])
    realize(Package["openssh-server"])
    realize(Service["openssh-server"])
}

class ssh::centos inherits ssh {
    File["/etc/ssh/ssh_config"] {
        group => "root"
    }

    Service["openssh-server"] {
        name => "sshd",
        hasrestart => true,
        hasstatus => true,
#        restart => "/etc/init.d/sshd restart",
#        status => "/etc/init.d/sshd status"
    }
}