aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/openssh/manifests/init.pp48
-rw-r--r--modules/openssh/manifests/ssh_keys_from_ldap.pp45
2 files changed, 46 insertions, 47 deletions
diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp
index 1d9b7f5c..bae0fa5c 100644
--- a/modules/openssh/manifests/init.pp
+++ b/modules/openssh/manifests/init.pp
@@ -1,47 +1 @@
-class openssh {
- # root account authorized_keys will be symlinked
- # if you want to add symlink on other accounts, use $symlink_users parameter
- class ssh_keys_from_ldap($symlink_users = [],
- $config = '') inherits server {
-
- File ['/etc/ssh/sshd_config'] {
- content => template('openssh/sshd_config','openssh/sshd_config_ldap')
- }
-
- package { 'python-ldap': }
-
- $pubkeys_directory = '/var/lib/pubkeys'
- file { $pubkeys_directory:
- ensure => directory,
- }
-
- file { "$pubkeys_directory/root":
- ensure => directory,
- mode => '0700',
- }
-
- file { "$pubkeys_directory/root/authorized_keys":
- ensure => link,
- target => "/root/.ssh/authorized_keys",
- mode => '0700',
- }
-
- symlink_user { $symlink_users: }
-
- $ldap_pwfile = '/etc/ldap.secret'
- $ldap_servers = get_ldap_servers()
- local_script { 'ldap-sshkey2file.py':
- content => template('openssh/ldap-sshkey2file.py'),
- require => Package['python-ldap']
- }
-
- cron { 'sshkey2file':
- command => '/usr/local/bin/ldap-sshkey2file.py',
- hour => '*',
- minute => '*/10',
- user => 'root',
- environment => 'MAILTO=root',
- require => Local_script['ldap-sshkey2file.py'],
- }
- }
-}
+class openssh { }
diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp
new file mode 100644
index 00000000..720f4481
--- /dev/null
+++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp
@@ -0,0 +1,45 @@
+class openssh::ssh_keys_from_ldap($symlink_users = [],
+ $config = '') inherits server {
+ # root account authorized_keys will be symlinked
+ # if you want to add symlink on other accounts, use $symlink_users parameter
+
+ File ['/etc/ssh/sshd_config'] {
+ content => template('openssh/sshd_config','openssh/sshd_config_ldap')
+ }
+
+ package { 'python-ldap': }
+
+ $pubkeys_directory = '/var/lib/pubkeys'
+ file { $pubkeys_directory:
+ ensure => directory,
+ }
+
+ file { "$pubkeys_directory/root":
+ ensure => directory,
+ mode => '0700',
+ }
+
+ file { "$pubkeys_directory/root/authorized_keys":
+ ensure => link,
+ target => '/root/.ssh/authorized_keys',
+ mode => '0700',
+ }
+
+ symlink_user { $symlink_users: }
+
+ $ldap_pwfile = '/etc/ldap.secret'
+ $ldap_servers = get_ldap_servers()
+ local_script { 'ldap-sshkey2file.py':
+ content => template('openssh/ldap-sshkey2file.py'),
+ require => Package['python-ldap']
+ }
+
+ cron { 'sshkey2file':
+ command => '/usr/local/bin/ldap-sshkey2file.py',
+ hour => '*',
+ minute => '*/10',
+ user => 'root',
+ environment => 'MAILTO=root',
+ require => Local_script['ldap-sshkey2file.py'],
+ }
+}