From d4a4c17d256855d350f87cb511136cf6e00cb726 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Tue, 23 Nov 2010 23:17:48 +0000 Subject: the previous trick didn't work as tags are dependent in the order of declaration ( and that's bad (tm) ). This one is safer. --- manifests/common.pp | 2 +- modules/openssh/manifests/init.pp | 45 +++++++++++++++++------------- modules/openssh/templates/sshd_config | 4 --- modules/openssh/templates/sshd_config_ldap | 3 ++ 4 files changed, 29 insertions(+), 25 deletions(-) create mode 100644 modules/openssh/templates/sshd_config_ldap diff --git a/manifests/common.pp b/manifests/common.pp index 8f839c79..df9033c9 100644 --- a/manifests/common.pp +++ b/manifests/common.pp @@ -87,7 +87,7 @@ class urpmi_update { class default_mageia_server { include timezone - include openssh + include openssh::server include default_ssh_root_key include base_packages include ntp diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp index d3d0c78c..de33f72e 100644 --- a/modules/openssh/manifests/init.pp +++ b/modules/openssh/manifests/init.pp @@ -1,30 +1,35 @@ class openssh { + class server { + # some trick to manage sftp server, who is arch dependent on mdv + $path_to_sftp = "$lib_dir/ssh/" - # some trick to manage sftp server, who is arch dependent on mdv - $path_to_sftp = "$lib_dir/ssh/" + package { "openssh-server": + ensure => installed + } - package { "openssh-server": - ensure => installed - } + service { sshd: + ensure => running, + path => "/etc/init.d/sshd", + subscribe => [ Package["openssh-server"] ] + } - service { sshd: - ensure => running, - path => "/etc/init.d/sshd", - subscribe => [ Package["openssh-server"], File["sshd_config"] ] - } - file { "sshd_config": - path => "/etc/ssh/sshd_config", - ensure => present, - owner => root, - group => root, - mode => 644, - require => Package["openssh-server"], - content => template("openssh/sshd_config") + file { "/etc/ssh/sshd_config": + ensure => present, + owner => root, + group => root, + mode => 644, + require => Package["openssh-server"], + content => template("openssh/sshd_config"), + notify => Service["sshd"] + } } - - class ssh_keys_from_ldap { + class ssh_keys_from_ldap inherits server { + + File ["/etc/ssh/sshd_config"] { + content => template("openssh/sshd_config","openssh/sshd_config_ldap") + } package { 'python-ldap': ensure => installed, diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config index d3f776e1..f478e0e4 100644 --- a/modules/openssh/templates/sshd_config +++ b/modules/openssh/templates/sshd_config @@ -45,10 +45,6 @@ PermitRootLogin without-password #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -<% if all_tags.include?('openssh::ssh_keys_from_ldap') %> -AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys -<% end %> - # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no diff --git a/modules/openssh/templates/sshd_config_ldap b/modules/openssh/templates/sshd_config_ldap new file mode 100644 index 00000000..1291c8fe --- /dev/null +++ b/modules/openssh/templates/sshd_config_ldap @@ -0,0 +1,3 @@ + +AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys + -- cgit v1.2.1