diff options
Diffstat (limited to 'modules/openssh/manifests')
| -rw-r--r-- | modules/openssh/manifests/init.pp | 80 | ||||
| -rw-r--r-- | modules/openssh/manifests/server.pp | 17 | ||||
| -rw-r--r-- | modules/openssh/manifests/ssh_keys_from_ldap.pp | 20 |
3 files changed, 38 insertions, 79 deletions
diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp index f05341b3..bae0fa5c 100644 --- a/modules/openssh/manifests/init.pp +++ b/modules/openssh/manifests/init.pp @@ -1,79 +1 @@ -class openssh { - class server { - # some trick to manage sftp server, who is arch dependent on mdv - $path_to_sftp = "$lib_dir/ssh/" - - package { "openssh-server": } - - service { sshd: - subscribe => Package["openssh-server"], - } - - - file { "/etc/ssh/sshd_config": - require => Package["openssh-server"], - content => template("openssh/sshd_config"), - notify => Service["sshd"] - } - } - - # root account authorized_keys will be symlinked - # if you want to add symlink on other accounts, use $symlink_users parameter - class ssh_keys_from_ldap($symlink_users = [], - $config = '') inherits server { - - File ["/etc/ssh/sshd_config"] { - content => template("openssh/sshd_config","openssh/sshd_config_ldap") - } - - package { 'python-ldap': } - - $pubkeys_directory = "/var/lib/pubkeys" - file { $pubkeys_directory: - ensure => directory, - } - - file { "$pubkeys_directory/root": - ensure => directory, - mode => 700, - } - - file { "$pubkeys_directory/root/authorized_keys": - ensure => "/root/.ssh/authorized_keys", - mode => 700, - } - - define symlink_user() { - file { "$pubkeys_directory/$name": - ensure => directory, - owner => $name, - group => $name, - mode => 700, - } - - file { "$pubkeys_directory/$name/authorized_keys": - # FIXME : fragile approximation for $HOME - ensure => "/home/$name/.ssh/authorized_keys", - mode => 700, - } - } - - symlink_user { $symlink_users: } - - $ldap_pwfile = "/etc/ldap.secret" - $ldap_servers = get_ldap_servers() - local_script { "ldap-sshkey2file.py": - content => template("openssh/ldap-sshkey2file.py"), - require => Package['python-ldap'] - } - - cron { 'sshkey2file': - command => "/usr/local/bin/ldap-sshkey2file.py", - hour => "*", - minute => "*/10", - user => root, - environment => "MAILTO=root", - require => Local_script['ldap-sshkey2file.py'], - } - } -} +class openssh { } diff --git a/modules/openssh/manifests/server.pp b/modules/openssh/manifests/server.pp new file mode 100644 index 00000000..c45268d2 --- /dev/null +++ b/modules/openssh/manifests/server.pp @@ -0,0 +1,17 @@ +class openssh::server { + # some trick to manage sftp server, who is arch dependent on mdv + # TODO: the path changed on Mageia 6 to /usr/libexec/openssh/sftp-server + $path_to_sftp = "${::lib_dir}/ssh/" + + package { 'openssh-server': } + + service { 'sshd': + subscribe => Package['openssh-server'], + } + + file { '/etc/ssh/sshd_config': + require => Package['openssh-server'], + content => template('openssh/sshd_config'), + notify => Service['sshd'] + } +} diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp new file mode 100644 index 00000000..9ea6c139 --- /dev/null +++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp @@ -0,0 +1,20 @@ +class openssh::ssh_keys_from_ldap inherits server { + package { 'python3-ldap': } + + $ldap_pwfile = '/etc/ldap.secret' + $nslcd_conf_file = '/etc/nslcd.conf' + $ldap_servers = get_ldap_servers() + mga_common::local_script { 'ldap-sshkey2file.py': + content => template('openssh/ldap-sshkey2file.py'), + require => Package['python3-ldap'] + } + + cron { 'sshkey2file': + command => '/bin/bash -c "/usr/local/bin/ldap-sshkey2file.py && ( [[ -f /usr/bin/mgagit && -d /var/lib/git/.gitolite ]] && /bin/su -c \'/usr/bin/mgagit glrun\' - git ) ||:"', + hour => '*', + minute => '*/10', + user => 'root', + environment => 'MAILTO=root', + require => Mga_common::Local_script['ldap-sshkey2file.py'], + } +} |