diff options
-rw-r--r-- | modules/openssh/manifests/init.pp | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp index 32cc4ec9..b12a78aa 100644 --- a/modules/openssh/manifests/init.pp +++ b/modules/openssh/manifests/init.pp @@ -4,58 +4,60 @@ class openssh { class ssh_keys_from_ldap($symlink_users = [], $config = '') inherits server { - File ["/etc/ssh/sshd_config"] { - content => template("openssh/sshd_config","openssh/sshd_config_ldap") + File ['/etc/ssh/sshd_config'] { + content => template('openssh/sshd_config','openssh/sshd_config_ldap') } package { 'python-ldap': } - $pubkeys_directory = "/var/lib/pubkeys" + $pubkeys_directory = '/var/lib/pubkeys' file { $pubkeys_directory: ensure => directory, } file { "$pubkeys_directory/root": ensure => directory, - mode => 700, + mode => '0700', } file { "$pubkeys_directory/root/authorized_keys": - ensure => "/root/.ssh/authorized_keys", - mode => 700, + ensure => link + target => "/root/.ssh/authorized_keys", + mode => '0700', } define symlink_user() { - file { "$pubkeys_directory/$name": - ensure => directory, - owner => $name, - group => $name, - mode => 700, - } - - file { "$pubkeys_directory/$name/authorized_keys": - # FIXME : fragile approximation for $HOME - ensure => "/home/$name/.ssh/authorized_keys", - mode => 700, - } + file { "$pubkeys_directory/$name": + ensure => directory, + owner => $name, + group => $name, + mode => '0700', + } + + file { "$pubkeys_directory/$name/authorized_keys": + # FIXME : fragile approximation for $HOME + ensure => link, + target => "/home/$name/.ssh/authorized_keys", + mode => '0700', + } } - symlink_user { $symlink_users: } + symlink_user { $symlink_users: } - $ldap_pwfile = "/etc/ldap.secret" + $ldap_pwfile = '/etc/ldap.secret' $ldap_servers = get_ldap_servers() - local_script { "ldap-sshkey2file.py": - content => template("openssh/ldap-sshkey2file.py"), + local_script { 'ldap-sshkey2file.py': + content => template('openssh/ldap-sshkey2file.py'), require => Package['python-ldap'] } cron { 'sshkey2file': - command => "/usr/local/bin/ldap-sshkey2file.py", - hour => "*", - minute => "*/10", - user => root, - environment => "MAILTO=root", - require => Local_script['ldap-sshkey2file.py'], + command => '/usr/local/bin/ldap-sshkey2file.py', + hour => '*', + minute => '*/10', + user => 'root', + environment => 'MAILTO=root', + require => Local_script['ldap-sshkey2file.py'], } } } |