diff options
| -rw-r--r-- | modules/openssh/manifests/pubkeys_directory.pp | 17 | ||||
| -rw-r--r-- | modules/openssh/manifests/ssh_keys_from_ldap.pp | 17 | ||||
| -rw-r--r-- | modules/openssh/manifests/symlink_user.pp | 2 |
3 files changed, 20 insertions, 16 deletions
diff --git a/modules/openssh/manifests/pubkeys_directory.pp b/modules/openssh/manifests/pubkeys_directory.pp new file mode 100644 index 00000000..cbcaeb88 --- /dev/null +++ b/modules/openssh/manifests/pubkeys_directory.pp @@ -0,0 +1,17 @@ +class openssh::pubkeys_directory { + $pubkeys_directory = '/var/lib/pubkeys' + file { $pubkeys_directory: + ensure => directory, + } + + file { "$pubkeys_directory/root": + ensure => directory, + mode => '0700', + } + + file { "$pubkeys_directory/root/authorized_keys": + ensure => link, + target => '/root/.ssh/authorized_keys', + mode => '0700', + } +} diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp index 720f4481..b466bab3 100644 --- a/modules/openssh/manifests/ssh_keys_from_ldap.pp +++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp @@ -9,22 +9,7 @@ class openssh::ssh_keys_from_ldap($symlink_users = [], package { 'python-ldap': } - $pubkeys_directory = '/var/lib/pubkeys' - file { $pubkeys_directory: - ensure => directory, - } - - file { "$pubkeys_directory/root": - ensure => directory, - mode => '0700', - } - - file { "$pubkeys_directory/root/authorized_keys": - ensure => link, - target => '/root/.ssh/authorized_keys', - mode => '0700', - } - + include openssh::pubkeys_directory symlink_user { $symlink_users: } $ldap_pwfile = '/etc/ldap.secret' diff --git a/modules/openssh/manifests/symlink_user.pp b/modules/openssh/manifests/symlink_user.pp index f4ec942f..f2e107b1 100644 --- a/modules/openssh/manifests/symlink_user.pp +++ b/modules/openssh/manifests/symlink_user.pp @@ -1,4 +1,6 @@ define openssh::symlink_user() { + include openssh::pubkeys_directory + $pubkeys_directory = $openssh::pubkeys_directory::pubkeys_directory file { "$pubkeys_directory/$name": ensure => directory, owner => $name, |