Mercurial > repos > other > Puppet

view modules/ssh/manifests/init.pp @ 284:9431aec4d998

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to using IPv6 prefix and IP per site This is because the proxy seems to break SNI, so we need an IP per SSL cert. We're not short of IPv6 addresses, though! Also corrected to "4to6" naming, because we're letting IPv4 access an IPv6 site
author IBBoard <dev@ibboard.co.uk>
date Sun, 16 Feb 2020 12:07:35 +0000
parents c3fa3d65aa83
children d9009f54eb23
line wrap: on
line source

# This is an example proposed Puppet Common Module for SSH
#
# Usage Requirements:
# 1) Set $server in site.pp
#    Allows for a different fileserver than the real puppetmaster
# 2) Set $os to $operatingsystem
#    Saves typing, purely cosmetic
# 3) Set $osver to $operatingsystemrelease or $lsbdistrelease
#    $operatingsystemrelease is not available on all platforms
#
#Taken from the the Puppet Wiki - http://projects.puppetlabs.com/projects/1/wiki/puppet_common_modules_ssh

class ssh {
    # Distribution independent packages
    # See also our Operating System specific sub-classes
    @package { [
            "openssh-clients",
            "openssh-server",
#            "denyhosts"
        ]:
        ensure => installed
    }

    # Virtual Resources get defined before we include $operatingsystem specific
    # classes, so that there is at least something to add and/or override.
    # 
    # Additionally, this way we can realize() in sub-classes as much as we want
    # to, and not concern ourselves with duplicate type definitions
    #

#    @file { "/etc/denyhosts.conf":
#        notify => Service["denyhosts"],
#        require => Package["denyhosts"],
#        source => [
#            "puppet://$server/private/$domain/denyhosts/denyhosts.conf",
#            "puppet://$server/files/denyhosts/denyhosts.conf",
#            "puppet://$server/denyhosts/denyhosts.conf"
#        ]
#    }

    @file { "/etc/ssh/ssh_config":
        owner => "root",
        mode => '0644',
        require => Package["openssh-clients"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
           "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config",
            "puppet://$server/private/$domain/ssh/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config",
            "puppet://$server/files/ssh/ssh_config.$hostname",
            "puppet://$server/files/ssh/ssh_config",
            "puppet://$server/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/ssh/$operatingsystem/ssh_config",
            "puppet://$server/ssh/ssh_config"
        ],
        sourceselect => first
    }

    @file { "/etc/ssh/sshd_config":
        owner => "root",
        mode => '0644',
        notify => Service["openssh-server"],
        require => Package["openssh-server"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config",
            "puppet://$server/private/$domain/ssh/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config",
            "puppet://$server/files/ssh/sshd_config.$hostname",
            "puppet://$server/files/ssh/sshd_config",
            "puppet://$server/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/ssh/$operatingsystem/sshd_config",
            "puppet://$server/ssh/sshd_config"
        ],
        sourceselect => first
    }

    @service { "openssh-server":
        enable => true,
        ensure => running,
        require => [
            File["/etc/ssh/sshd_config"],

            Package["openssh-server"]
        ]
    }


    # Include operatingsystem specific subclass
    case $::osfamily {
        'Redhat': {
            include ssh::centos
        }
        default:{fail("Invalid OS type for SSH - $osfamily")}
    }
}

class ssh::client inherits ssh {
    realize(Package["openssh-clients"])
}

class ssh::server inherits ssh {
    realize(File["/etc/ssh/sshd_config"])
    realize(Package["openssh-server"])
    realize(Service["openssh-server"])
}

class ssh::centos inherits ssh {
    File["/etc/ssh/ssh_config"] {
        group => "root"
    }

    Service["openssh-server"] {
        name => "sshd",
        hasrestart => true,
        hasstatus => true,
#        restart => "/etc/init.d/sshd restart",
#        status => "/etc/init.d/sshd status"
    }
}