Fix sftp access on CentOS machines

The sshd_config file that we put everywhere has an invalid value for
where the sftp command is. On RedHat, it's in /usr/libexec - which means
that it is not possible to use SFTP to interact with our CentOS
machines.

Replace the static file with a template so that we can substitute the
correct value based on which distro it is.

Change-Id: Ia9ba88199f4ff024a904431821926dbb26f35ad6

modules/ssh/manifests/init.pp

@@ -15,10 +15,7 @@ class ssh {
       owner   => 'root',
       group   => 'root',
       mode    => '0444',
-      source  => [
+      content => template('ssh/sshd_config.erb'),
-        "puppet:///modules/ssh/sshd_config.${::osfamily}",
-        'puppet:///modules/ssh/sshd_config',
-      ],
       replace => true,
     }
 }

modules/ssh/manifests/params.pp

@@ -7,10 +7,12 @@ class ssh::params {
     'RedHat': {
       $package_name = 'openssh-server'
       $service_name = 'sshd'
+      $sftp_path    = '/usr/libexec/openssh/sftp-server'
     }
     'Debian': {
       $package_name = 'openssh-server'
       $service_name = 'ssh'
+      $sftp_path    = '/usr/lib/openssh/sftp-server'
     }
     default: {
       fail("Unsupported osfamily: ${::osfamily} The 'ssh' module only supports osfamily Debian or RedHat (slaves only).")

modules/ssh/templates/sshd_config.erb

@@ -72,7 +72,7 @@ TCPKeepAlive yes
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
 
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will