diff options
| author |   lhinds <lhinds@redhat.com> | 2017-03-08 12:32:57 +0000 |
|---|---|---|
| committer | lhinds <lhinds@redhat.com> | 2017-04-04 16:18:26 +0100 |
| commit | b35bc80ac2acf18463e4c18c8360862749aa0964 (patch) | |
| tree | e9a71e311c0b7b4d01d7720d31876bdf0fd3939c /manifests/profile/base | |
| parent | d9916ce77373f0f754486da73014e815f8ae7b54 (diff) | |
SSHD Service extensions
This change adds an `include` statement to bring in the extra
functionality available from the existing puppet-ssh module in
already available in RDO.
By using puppet-ssh it provides a framework to allow the passing in of
server options using just hiera values under ssh::server_options.
For example, sshd_config banner can now be passed a server option, as
well as all the new parameters outlined in the launchpad issue that
the patch references for Closing. For this reason, the former augeas
setting for `Banner /etc/issue` is now managed by the main puppet-ssh
module instead.
The change also allows population of MOTD text to `/etc/motd` as
well as `issue.net`.
$bannertext is refactored in accordance with patch [1]
[1] https://review.openstack.org/#/c/442406/
Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c
Closes-Bug: 1668543
Diffstat (limited to 'manifests/profile/base')
| -rw-r--r-- | manifests/profile/base/sshd.pp | 56 |
1 files changed, 27 insertions, 29 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index e7916c1..f43089c 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -15,47 +15,45 @@ # # == Class: tripleo::profile::base::sshd # -# SSH profile for tripleo +# SSH composable service for TripleO # # === Parameters # # [*bannertext*] -# The text used within SSH Banner +# The text used within /etc/issue and /etc/issue.net # Defaults to hiera('BannerText') # +# [*motd*] +# The text used within SSH Banner +# Defaults to hiera('MOTD') +# class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), + $motd = hiera('MOTD', undef), ) { - if $bannertext { - $action = 'set' - } else { - $action = 'rm' - } - - package {'openssh-server': - ensure => installed, - } + include ::ssh - augeas { 'sshd_config_banner': - context => '/files/etc/ssh/sshd_config', - changes => [ "${action} Banner /etc/issue" ], - notify => Service['sshd'] - } - - file { '/etc/issue': - ensure => file, - backup => false, - content => $bannertext, - owner => 'root', - group => 'root', - mode => '0600' + if $bannertext { + $filelist = [ '/etc/issue', '/etc/issue.net', ] + file { $filelist: + ensure => file, + backup => false, + content => $bannertext, + owner => 'root', + group => 'root', + mode => '0644' + } } - service { 'sshd': - ensure => 'running', - enable => true, - hasstatus => false, - require => Package['openssh-server'], + if $motd { + file { '/etc/motd': + ensure => file, + backup => false, + content => $motd, + owner => 'root', + group => 'root', + mode => '0644' + } } } |