1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# @summary
# This class managed ssh server
#
# @example Puppet usage
# class { 'ssh::server':
# ensure => present,
# storeconfigs_enabled => true,
# use_issue_net => false,
# }
#
# @param service_name
# Name of the sshd service
#
# @param sshd_config
# Path to the sshd_config file
#
# @param sshd_dir
# Path to the sshd dir (e.g. /etc/ssh)
#
# @param sshd_binary
# Path to the sshd binary
#
# @param sshd_config_mode
# Mode to set on the sshd config file
#
# @param host_priv_key_group
# Name of the group for the private host key
#
# @param default_options
# Default options to set, will be merged with options parameter
#
# @param ensure
# Ensurable param to ssh server
#
# @param include_dir
# Path to sshd include directory.
#
# @param include_dir_mode
# Mode to set on the sshd include directory.
#
# @param include_dir_purge
# Purge the include directory if true.
#
# @param config_files
# Hash of config files to add to the ssh include directory.
#
# @param storeconfigs_enabled
# Host keys will be collected and distributed unless storeconfigs_enabled is false.
#
# @param options
# Dynamic hash for openssh server option
#
# @param validate_sshd_file
# Add sshd file validate cmd
#
# @param use_augeas
# Use augeas for configuration (default concat)
#
# @param options_absent
# Remove options (with augeas style)
#
# @param match_block
# Add sshd match_block (with concat)
#
# @param use_issue_net
# Add issue_net banner
#
# @param sshd_environments_file
# Path to a sshd environments file (e.g. /etc/defaults/ssh on Debian)
#
# @param server_package_name
# Name of the server package to install
#
class ssh::server (
String[1] $service_name = 'sshd',
Stdlib::Absolutepath $sshd_config = '/etc/ssh/sshd_config',
Stdlib::Absolutepath $sshd_dir = '/etc/ssh',
Stdlib::Absolutepath $sshd_binary = '/usr/sbin/sshd',
Stdlib::Filemode $sshd_config_mode = '0600',
String $host_priv_key_group = 'root',
$default_options = {},
Enum[present,absent,latest] $ensure = present,
Optional[Stdlib::Absolutepath] $include_dir = undef,
Stdlib::Filemode $include_dir_mode = '0700',
Boolean $include_dir_purge = true,
Hash[String, Hash] $config_files = {},
Boolean $storeconfigs_enabled = false,
$options = {},
Boolean $validate_sshd_file = false,
Boolean $use_augeas = false,
Array $options_absent = [],
Hash $match_block = {},
Boolean $use_issue_net = false,
Optional[Stdlib::Absolutepath] $sshd_environments_file = undef,
Optional[String[1]] $server_package_name = undef,
) {
if $use_augeas {
$merged_options = sshserver_options_to_augeas_sshd_config($options, $options_absent, { 'target' => $ssh::server::sshd_config })
} else {
$merged_options = deep_merge($default_options, $options)
}
contain ssh::server::install
contain ssh::server::config
contain ssh::server::service
# Provide option to *not* use storeconfigs/puppetdb, which means not managing
# hostkeys and knownhosts
if ($storeconfigs_enabled) {
contain ssh::hostkeys
contain ssh::knownhosts
Class['ssh::server::install']
-> Class['ssh::server::config']
~> Class['ssh::server::service']
-> Class['ssh::hostkeys']
-> Class['ssh::knownhosts']
} else {
Class['ssh::server::install']
-> Class['ssh::server::config']
~> Class['ssh::server::service']
}
$match_block.each |String $k, Hash $v| {
ssh::server::match_block { $k:
* => $v,
}
}
}
|
