summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-04-21 05:00:27 +0000
committerGerrit Code Review <review@openstack.org>2017-04-21 05:00:27 +0000
commitcaed3cc067225cddb4a552e6a78b4f5257268b1b (patch)
tree62316bf540a1e7da4e057eee647ef13d3ad61b34 /manifests
parent69e717566844062ca220e760d3ea97e1d4526c17 (diff)
parent3c49f51c8f42472d0d1cb2986b46a6c96821293a (diff)
Merge "Refactor SSHD config to allow both SSHD options and banner/motd to be set"
Diffstat (limited to 'manifests')
-rw-r--r--manifests/profile/base/sshd.pp34
1 files changed, 30 insertions, 4 deletions
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index 2b86032..3f0245d 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -27,14 +27,19 @@
# The text used within SSH Banner
# Defaults to hiera('MOTD')
#
+# [*options*]
+# Hash of SSHD options to set. See the puppet-ssh module documentation for
+# details.
+# Defaults to {}
+
class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef),
$motd = hiera('MOTD', undef),
+ $options = {}
) {
- include ::ssh::server
-
- if $bannertext {
+ if $bannertext and $bannertext != '' {
+ $sshd_options_banner = {'Banner' => '/etc/issue.net'}
$filelist = [ '/etc/issue', '/etc/issue.net', ]
file { $filelist:
ensure => file,
@@ -44,9 +49,12 @@ class tripleo::profile::base::sshd (
group => 'root',
mode => '0644'
}
+ } else {
+ $sshd_options_banner = {}
}
- if $motd {
+ if $motd and $motd != '' {
+ $sshd_options_motd = {'PrintMotd' => 'yes'}
file { '/etc/motd':
ensure => file,
backup => false,
@@ -55,5 +63,23 @@ class tripleo::profile::base::sshd (
group => 'root',
mode => '0644'
}
+ } else {
+ $sshd_options_motd = {}
+ }
+
+ $sshd_options = merge(
+ $options,
+ $sshd_options_banner,
+ $sshd_options_motd
+ )
+
+ # NB (owalsh) in puppet-ssh hiera takes precedence over the class param
+ # we need to control this, so error if it's set in hiera
+ if hiera('ssh:server::options', undef) {
+ err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options')
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => $sshd_options
}
}