diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-04-21 05:00:27 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-04-21 05:00:27 +0000 |
commit | caed3cc067225cddb4a552e6a78b4f5257268b1b (patch) | |
tree | 62316bf540a1e7da4e057eee647ef13d3ad61b34 /manifests | |
parent | 69e717566844062ca220e760d3ea97e1d4526c17 (diff) | |
parent | 3c49f51c8f42472d0d1cb2986b46a6c96821293a (diff) |
Merge "Refactor SSHD config to allow both SSHD options and banner/motd to be set"
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/profile/base/sshd.pp | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index 2b86032..3f0245d 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -27,14 +27,19 @@ # The text used within SSH Banner # Defaults to hiera('MOTD') # +# [*options*] +# Hash of SSHD options to set. See the puppet-ssh module documentation for +# details. +# Defaults to {} + class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), $motd = hiera('MOTD', undef), + $options = {} ) { - include ::ssh::server - - if $bannertext { + if $bannertext and $bannertext != '' { + $sshd_options_banner = {'Banner' => '/etc/issue.net'} $filelist = [ '/etc/issue', '/etc/issue.net', ] file { $filelist: ensure => file, @@ -44,9 +49,12 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_banner = {} } - if $motd { + if $motd and $motd != '' { + $sshd_options_motd = {'PrintMotd' => 'yes'} file { '/etc/motd': ensure => file, backup => false, @@ -55,5 +63,23 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_motd = {} + } + + $sshd_options = merge( + $options, + $sshd_options_banner, + $sshd_options_motd + ) + + # NB (owalsh) in puppet-ssh hiera takes precedence over the class param + # we need to control this, so error if it's set in hiera + if hiera('ssh:server::options', undef) { + err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options') + } + class { '::ssh::server': + storeconfigs_enabled => false, + options => $sshd_options } } |