File: host_key.pp

package info (click to toggle)
puppet-module-saz-ssh 13.1.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 564 kB
  • sloc: ruby: 1,511; sh: 10; makefile: 7
file content (154 lines) | stat: -rw-r--r-- 4,877 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# @summary
#   Manage a ssh host key
#
#   This module install a ssh host key in the server (basically, it is
#   a file resource but it also notifies to the ssh service)
#
#   Important! This define does not modify any option in sshd_config, so
#   you have to manually define the HostKey option in the server options
#   if you haven't done yet.
#
# @param ensure
#   Set to 'absent' to remove host_key files
#
# @param public_key_source
#   Sets the content of the source parameter for the public key file
#   Note public_key_source and public_key_content are mutually exclusive.
#
# @param public_key_content
#   Sets the content for the public key file.
#   Note public_key_source and public_key_content are mutually exclusive.
#
# @param private_key_source
#   Sets the content of the source parameter for the private key file
#   Note private_key_source and private_key_content are mutually exclusive.
#
# @param private_key_content
#   Sets the content for the private key file.
#   Note private_key_source and private_key_content are mutually exclusive.
#
# @param certificate_source
#   Sets the content of the source parameter for the host key certificate.
#   Note certificate_source and certificate_content are mutually exclusive.
#
# @param certificate_content
#   Sets the content for the host key certificate.
#   Note certificate_source and certificate_content are mutually exclusive.
#
define ssh::server::host_key (
  Enum[present, absent] $ensure              = 'present',
  Optional[String[1]]   $public_key_source   = undef,
  Optional[String[1]]   $public_key_content  = undef,
  Optional[String[1]]   $private_key_source  = undef,
  Optional[String[1]]   $private_key_content = undef,
  Optional[String[1]]   $certificate_source  = undef,
  Optional[String[1]]   $certificate_content = undef,
) {
  # Ensure the ssh::server class is included in the manifest
  contain ssh::server

  if $ensure == 'present' {
    if ! $public_key_source and ! $public_key_content {
      fail('You must provide either public_key_source or public_key_content parameter')
    }

    if ! $private_key_source and ! $private_key_content {
      fail('You must provide either private_key_source or private_key_content parameter')
    }
  }

  $manage_pub_key_content = $public_key_source ? {
    undef   => $public_key_content,
    default => undef,
  }
  $manage_pub_key_source = $public_key_source ? {
    undef   => undef,
    default => $public_key_source,
  }

  $manage_priv_key_content = $private_key_source ? {
    undef   => $private_key_content,
    default => undef,
  }
  $manage_priv_key_source = $private_key_source ? {
    undef   => undef,
    default => $private_key_source,
  }

  $manage_cert_content = $certificate_source ? {
    undef   => $certificate_content,
    default => undef,
  }
  $manage_cert_source = $certificate_source ? {
    undef   => undef,
    default => $certificate_source,
  }

  if $ensure == 'present' {
    file { "${name}_pub":
      ensure  => $ensure,
      owner   => 0,
      group   => 0,
      mode    => '0644',
      path    => "${ssh::server::sshd_dir}/${name}.pub",
      source  => $manage_pub_key_source,
      content => $manage_pub_key_content,
      notify  => Class['ssh::server::service'],
    }

    file { "${name}_priv":
      ensure    => $ensure,
      owner     => 0,
      group     => $ssh::server::host_priv_key_group,
      mode      => '0600',
      path      => "${ssh::server::sshd_dir}/${name}",
      source    => $manage_priv_key_source,
      content   => $manage_priv_key_content,
      show_diff => false,
      notify    => Class['ssh::server::service'],
    }
  } else {
    file { "${name}_pub":
      ensure => $ensure,
      owner  => 0,
      group  => 0,
      mode   => '0644',
      path   => "${ssh::server::sshd_dir}/${name}.pub",
      notify => Class['ssh::server::service'],
    }

    file { "${name}_priv":
      ensure    => $ensure,
      owner     => 0,
      group     => $ssh::server::host_priv_key_group,
      mode      => '0600',
      path      => "${ssh::server::sshd_dir}/${name}",
      show_diff => false,
      notify    => Class['ssh::server::service'],
    }
  }

  if !empty($certificate_source) or !empty($certificate_content) {
    if $ensure == 'present' {
      file { "${name}_cert":
        ensure  => $ensure,
        owner   => 0,
        group   => 0,
        mode    => '0644',
        path    => "${ssh::server::sshd_dir}/${name}-cert.pub",
        source  => $manage_cert_source,
        content => $manage_cert_content,
        notify  => Class['ssh::server::service'],
      }
    } else {
      file { "${name}_cert":
        ensure => $ensure,
        owner  => 0,
        group  => 0,
        mode   => '0644',
        path   => "${ssh::server::sshd_dir}/${name}-cert.pub",
        notify => Class['ssh::server::service'],
      }
    }
  }
}