diff options
-rw-r--r-- | modules/openssh/manifests/init.pp | 48 | ||||
-rw-r--r-- | modules/openssh/manifests/ssh_keys_from_ldap.pp | 45 |
2 files changed, 46 insertions, 47 deletions
diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp index 1d9b7f5c..bae0fa5c 100644 --- a/modules/openssh/manifests/init.pp +++ b/modules/openssh/manifests/init.pp @@ -1,47 +1 @@ -class openssh { - # root account authorized_keys will be symlinked - # if you want to add symlink on other accounts, use $symlink_users parameter - class ssh_keys_from_ldap($symlink_users = [], - $config = '') inherits server { - - File ['/etc/ssh/sshd_config'] { - content => template('openssh/sshd_config','openssh/sshd_config_ldap') - } - - package { 'python-ldap': } - - $pubkeys_directory = '/var/lib/pubkeys' - file { $pubkeys_directory: - ensure => directory, - } - - file { "$pubkeys_directory/root": - ensure => directory, - mode => '0700', - } - - file { "$pubkeys_directory/root/authorized_keys": - ensure => link, - target => "/root/.ssh/authorized_keys", - mode => '0700', - } - - symlink_user { $symlink_users: } - - $ldap_pwfile = '/etc/ldap.secret' - $ldap_servers = get_ldap_servers() - local_script { 'ldap-sshkey2file.py': - content => template('openssh/ldap-sshkey2file.py'), - require => Package['python-ldap'] - } - - cron { 'sshkey2file': - command => '/usr/local/bin/ldap-sshkey2file.py', - hour => '*', - minute => '*/10', - user => 'root', - environment => 'MAILTO=root', - require => Local_script['ldap-sshkey2file.py'], - } - } -} +class openssh { } diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp new file mode 100644 index 00000000..720f4481 --- /dev/null +++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp @@ -0,0 +1,45 @@ +class openssh::ssh_keys_from_ldap($symlink_users = [], + $config = '') inherits server { + # root account authorized_keys will be symlinked + # if you want to add symlink on other accounts, use $symlink_users parameter + + File ['/etc/ssh/sshd_config'] { + content => template('openssh/sshd_config','openssh/sshd_config_ldap') + } + + package { 'python-ldap': } + + $pubkeys_directory = '/var/lib/pubkeys' + file { $pubkeys_directory: + ensure => directory, + } + + file { "$pubkeys_directory/root": + ensure => directory, + mode => '0700', + } + + file { "$pubkeys_directory/root/authorized_keys": + ensure => link, + target => '/root/.ssh/authorized_keys', + mode => '0700', + } + + symlink_user { $symlink_users: } + + $ldap_pwfile = '/etc/ldap.secret' + $ldap_servers = get_ldap_servers() + local_script { 'ldap-sshkey2file.py': + content => template('openssh/ldap-sshkey2file.py'), + require => Package['python-ldap'] + } + + cron { 'sshkey2file': + command => '/usr/local/bin/ldap-sshkey2file.py', + hour => '*', + minute => '*/10', + user => 'root', + environment => 'MAILTO=root', + require => Local_script['ldap-sshkey2file.py'], + } +} |