diff options
author | Michael Scherer <misc@mageia.org> | 2010-11-23 23:17:48 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-11-23 23:17:48 +0000 |
commit | d4a4c17d256855d350f87cb511136cf6e00cb726 (patch) | |
tree | 28680f2dedd63199896a663a241bb2c41cb87bf2 | |
parent | 0b64c47717c4483cc519e0f739bf0d4972f2277a (diff) | |
download | puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.gz puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.bz2 puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.tar.xz puppet-d4a4c17d256855d350f87cb511136cf6e00cb726.zip |
the previous trick didn't work as tags are dependent in the order of
declaration ( and that's bad (tm) ). This one is safer.
-rw-r--r-- | manifests/common.pp | 2 | ||||
-rw-r--r-- | modules/openssh/manifests/init.pp | 45 | ||||
-rw-r--r-- | modules/openssh/templates/sshd_config | 4 | ||||
-rw-r--r-- | modules/openssh/templates/sshd_config_ldap | 3 |
4 files changed, 29 insertions, 25 deletions
diff --git a/manifests/common.pp b/manifests/common.pp index 8f839c79..df9033c9 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -87,7 +87,7 @@ class urpmi_update { class default_mageia_server { include timezone - include openssh + include openssh::server include default_ssh_root_key include base_packages include ntp diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp index d3d0c78c..de33f72e 100644 --- a/modules/openssh/manifests/init.pp +++ b/modules/openssh/manifests/init.pp @@ -1,30 +1,35 @@ class openssh { + class server { + # some trick to manage sftp server, who is arch dependent on mdv + $path_to_sftp = "$lib_dir/ssh/" - # some trick to manage sftp server, who is arch dependent on mdv - $path_to_sftp = "$lib_dir/ssh/" + package { "openssh-server": + ensure => installed + } - package { "openssh-server": - ensure => installed - } + service { sshd: + ensure => running, + path => "/etc/init.d/sshd", + subscribe => [ Package["openssh-server"] ] + } - service { sshd: - ensure => running, - path => "/etc/init.d/sshd", - subscribe => [ Package["openssh-server"], File["sshd_config"] ] - } - file { "sshd_config": - path => "/etc/ssh/sshd_config", - ensure => present, - owner => root, - group => root, - mode => 644, - require => Package["openssh-server"], - content => template("openssh/sshd_config") + file { "/etc/ssh/sshd_config": + ensure => present, + owner => root, + group => root, + mode => 644, + require => Package["openssh-server"], + content => template("openssh/sshd_config"), + notify => Service["sshd"] + } } - - class ssh_keys_from_ldap { + class ssh_keys_from_ldap inherits server { + + File ["/etc/ssh/sshd_config"] { + content => template("openssh/sshd_config","openssh/sshd_config_ldap") + } package { 'python-ldap': ensure => installed, diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config index d3f776e1..f478e0e4 100644 --- a/modules/openssh/templates/sshd_config +++ b/modules/openssh/templates/sshd_config @@ -45,10 +45,6 @@ PermitRootLogin without-password #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -<% if all_tags.include?('openssh::ssh_keys_from_ldap') %> -AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys -<% end %> - # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no diff --git a/modules/openssh/templates/sshd_config_ldap b/modules/openssh/templates/sshd_config_ldap new file mode 100644 index 00000000..1291c8fe --- /dev/null +++ b/modules/openssh/templates/sshd_config_ldap @@ -0,0 +1,3 @@ + +AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys + |