aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Scherer <misc@mageia.org>2010-11-23 23:17:48 +0000
committerMichael Scherer <misc@mageia.org>2010-11-23 23:17:48 +0000
commitd4a4c17d256855d350f87cb511136cf6e00cb726 (patch)
tree28680f2dedd63199896a663a241bb2c41cb87bf2
parent0b64c47717c4483cc519e0f739bf0d4972f2277a (diff)
downloadpuppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar
puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.gz
puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.bz2
puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.xz
puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.zip
the previous trick didn't work as tags are dependent in the order of
declaration ( and that's bad (tm) ). This one is safer.
-rw-r--r--manifests/common.pp2
-rw-r--r--modules/openssh/manifests/init.pp45
-rw-r--r--modules/openssh/templates/sshd_config4
-rw-r--r--modules/openssh/templates/sshd_config_ldap3
4 files changed, 29 insertions, 25 deletions
diff --git a/manifests/common.pp b/manifests/common.pp
index 8f839c79..df9033c9 100644
--- a/manifests/common.pp
+++ b/manifests/common.pp
@@ -87,7 +87,7 @@ class urpmi_update {
class default_mageia_server {
include timezone
- include openssh
+ include openssh::server
include default_ssh_root_key
include base_packages
include ntp
diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp
index d3d0c78c..de33f72e 100644
--- a/modules/openssh/manifests/init.pp
+++ b/modules/openssh/manifests/init.pp
@@ -1,30 +1,35 @@
class openssh {
+ class server {
+ # some trick to manage sftp server, who is arch dependent on mdv
+ $path_to_sftp = "$lib_dir/ssh/"
- # some trick to manage sftp server, who is arch dependent on mdv
- $path_to_sftp = "$lib_dir/ssh/"
+ package { "openssh-server":
+ ensure => installed
+ }
- package { "openssh-server":
- ensure => installed
- }
+ service { sshd:
+ ensure => running,
+ path => "/etc/init.d/sshd",
+ subscribe => [ Package["openssh-server"] ]
+ }
- service { sshd:
- ensure => running,
- path => "/etc/init.d/sshd",
- subscribe => [ Package["openssh-server"], File["sshd_config"] ]
- }
- file { "sshd_config":
- path => "/etc/ssh/sshd_config",
- ensure => present,
- owner => root,
- group => root,
- mode => 644,
- require => Package["openssh-server"],
- content => template("openssh/sshd_config")
+ file { "/etc/ssh/sshd_config":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 644,
+ require => Package["openssh-server"],
+ content => template("openssh/sshd_config"),
+ notify => Service["sshd"]
+ }
}
-
- class ssh_keys_from_ldap {
+ class ssh_keys_from_ldap inherits server {
+
+ File ["/etc/ssh/sshd_config"] {
+ content => template("openssh/sshd_config","openssh/sshd_config_ldap")
+ }
package { 'python-ldap':
ensure => installed,
diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config
index d3f776e1..f478e0e4 100644
--- a/modules/openssh/templates/sshd_config
+++ b/modules/openssh/templates/sshd_config
@@ -45,10 +45,6 @@ PermitRootLogin without-password
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-<% if all_tags.include?('openssh::ssh_keys_from_ldap') %>
-AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
-<% end %>
-
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
diff --git a/modules/openssh/templates/sshd_config_ldap b/modules/openssh/templates/sshd_config_ldap
new file mode 100644
index 00000000..1291c8fe
--- /dev/null
+++ b/modules/openssh/templates/sshd_config_ldap
@@ -0,0 +1,3 @@
+
+AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
+