Mercurial > repos > other > Puppet

view modules/ssh/manifests/init.pp @ 246:c3fa3d65aa83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update configs for Puppet 6 This *should* all be backward compatible
author IBBoard <dev@ibboard.co.uk>
date Sat, 21 Dec 2019 14:19:47 -0500
parents cd79745f0236
children d9009f54eb23
line wrap: on
line source

# This is an example proposed Puppet Common Module for SSH
#
# Usage Requirements:
# 1) Set $server in site.pp
#    Allows for a different fileserver than the real puppetmaster
# 2) Set $os to $operatingsystem
#    Saves typing, purely cosmetic
# 3) Set $osver to $operatingsystemrelease or $lsbdistrelease
#    $operatingsystemrelease is not available on all platforms
#
#Taken from the the Puppet Wiki - http://projects.puppetlabs.com/projects/1/wiki/puppet_common_modules_ssh

class ssh {
    # Distribution independent packages
    # See also our Operating System specific sub-classes
    @package { [
            "openssh-clients",
            "openssh-server",
#            "denyhosts"
        ]:
        ensure => installed
    }

    # Virtual Resources get defined before we include $operatingsystem specific
    # classes, so that there is at least something to add and/or override.
    # 
    # Additionally, this way we can realize() in sub-classes as much as we want
    # to, and not concern ourselves with duplicate type definitions
    #

#    @file { "/etc/denyhosts.conf":
#        notify => Service["denyhosts"],
#        require => Package["denyhosts"],
#        source => [
#            "puppet://$server/private/$domain/denyhosts/denyhosts.conf",
#            "puppet://$server/files/denyhosts/denyhosts.conf",
#            "puppet://$server/denyhosts/denyhosts.conf"
#        ]
#    }

    @file { "/etc/ssh/ssh_config":
        owner => "root",
        mode => '0644',
        require => Package["openssh-clients"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
           "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/ssh_config",
            "puppet://$server/private/$domain/ssh/ssh_config.$hostname",
            "puppet://$server/private/$domain/ssh/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/ssh_config",
            "puppet://$server/files/ssh/ssh_config.$hostname",
            "puppet://$server/files/ssh/ssh_config",
            "puppet://$server/ssh/$operatingsystem/$osver/ssh_config",
            "puppet://$server/ssh/$operatingsystem/ssh_config",
            "puppet://$server/ssh/ssh_config"
        ],
        sourceselect => first
    }

    @file { "/etc/ssh/sshd_config":
        owner => "root",
        mode => '0644',
        notify => Service["openssh-server"],
        require => Package["openssh-server"],
        source => [
            #
            # See rationale for an explanation on this list of sources
            # http://reductivelabs.com/trac/puppet/wiki/PuppetCommonModules/SSH
            #
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/$operatingsystem/sshd_config",
            "puppet://$server/private/$domain/ssh/sshd_config.$hostname",
            "puppet://$server/private/$domain/ssh/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config.$hostname",
            "puppet://$server/files/ssh/$operatingsystem/sshd_config",
            "puppet://$server/files/ssh/sshd_config.$hostname",
            "puppet://$server/files/ssh/sshd_config",
            "puppet://$server/ssh/$operatingsystem/$osver/sshd_config",
            "puppet://$server/ssh/$operatingsystem/sshd_config",
            "puppet://$server/ssh/sshd_config"
        ],
        sourceselect => first
    }

    @service { "openssh-server":
        enable => true,
        ensure => running,
        require => [
            File["/etc/ssh/sshd_config"],

            Package["openssh-server"]
        ]
    }


    # Include operatingsystem specific subclass
    case $::osfamily {
        'Redhat': {
            include ssh::centos
        }
        default:{fail("Invalid OS type for SSH - $osfamily")}
    }
}

class ssh::client inherits ssh {
    realize(Package["openssh-clients"])
}

class ssh::server inherits ssh {
    realize(File["/etc/ssh/sshd_config"])
    realize(Package["openssh-server"])
    realize(Service["openssh-server"])
}

class ssh::centos inherits ssh {
    File["/etc/ssh/ssh_config"] {
        group => "root"
    }

    Service["openssh-server"] {
        name => "sshd",
        hasrestart => true,
        hasstatus => true,
#        restart => "/etc/init.d/sshd restart",
#        status => "/etc/init.d/sshd status"
    }
}