aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-04-18 12:51:36 +0100
committerOliver Walsh <owalsh@redhat.com>2017-04-21 14:08:00 +0100
commit7d13719ab09a148aec7fac2930a0209c04611d8d (patch)
treec2fa57cc6ba9f428b59cd0834a676b693eb85dfe /manifests/profile
parentf01cef046df57d5257560d3f83bef2e91c3c722e (diff)
Refactor SSHD config to allow both SSHD options and banner/motd to be set
In https://review.openstack.org/#/c/444622/7 the sshd_options and banner/motd are mutually exclusive. This patch, and the next patchset of that review, resolves the conflict. Related-Bug: 1668543 Change-Id: I1d09530d69e42c0c36311789166554a889e46556 (cherry picked from commit 3c49f51c8f42472d0d1cb2986b46a6c96821293a)
Diffstat (limited to 'manifests/profile')
-rw-r--r--manifests/profile/base/sshd.pp34
1 files changed, 30 insertions, 4 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index 2b86032..3f0245d 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -27,14 +27,19 @@
# The text used within SSH Banner
# Defaults to hiera('MOTD')
#
+# [*options*]
+# Hash of SSHD options to set. See the puppet-ssh module documentation for
+# details.
+# Defaults to {}
+
class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef),
$motd = hiera('MOTD', undef),
+ $options = {}
) {
- include ::ssh::server
-
- if $bannertext {
+ if $bannertext and $bannertext != '' {
+ $sshd_options_banner = {'Banner' => '/etc/issue.net'}
$filelist = [ '/etc/issue', '/etc/issue.net', ]
file { $filelist:
ensure => file,
@@ -44,9 +49,12 @@ class tripleo::profile::base::sshd (
group => 'root',
mode => '0644'
}
+ } else {
+ $sshd_options_banner = {}
}
- if $motd {
+ if $motd and $motd != '' {
+ $sshd_options_motd = {'PrintMotd' => 'yes'}
file { '/etc/motd':
ensure => file,
backup => false,
@@ -55,5 +63,23 @@ class tripleo::profile::base::sshd (
group => 'root',
mode => '0644'
}
+ } else {
+ $sshd_options_motd = {}
+ }
+
+ $sshd_options = merge(
+ $options,
+ $sshd_options_banner,
+ $sshd_options_motd
+ )
+
+ # NB (owalsh) in puppet-ssh hiera takes precedence over the class param
+ # we need to control this, so error if it's set in hiera
+ if hiera('ssh:server::options', undef) {
+ err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options')
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => $sshd_options
}
}