fa71d35cab
We need to expose the ability to override the type of match we want to do. For example, we want to do match address 1.2.3.4 in sshd_config. Change-Id: I28c5d71e62a62bd27f289a8bd70b235eac213e5c Signed-off-by: Paul Belanger <pabelanger@redhat.com>
32 lines
780 B
Puppet
32 lines
780 B
Puppet
# == Class: ssh
|
|
#
|
|
class ssh (
|
|
$trusted_ssh_type = 'host',
|
|
$trusted_ssh_source = 'puppetmaster.openstack.org',
|
|
$permit_root_login = 'no',
|
|
) {
|
|
include ::ssh::params
|
|
package { $::ssh::params::package_name:
|
|
ensure => present,
|
|
}
|
|
if ($::in_chroot) {
|
|
notify { 'sshd in chroot':
|
|
message => 'sshd not refreshed, running in chroot',
|
|
}
|
|
} else {
|
|
service { $::ssh::params::service_name:
|
|
ensure => running,
|
|
hasrestart => true,
|
|
subscribe => File['/etc/ssh/sshd_config'],
|
|
}
|
|
}
|
|
file { '/etc/ssh/sshd_config':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0444',
|
|
content => template('ssh/sshd_config.erb'),
|
|
replace => true,
|
|
}
|
|
}
|