diff options
| -rw-r--r-- | manifests/base.pp | 22 | ||||
| -rw-r--r-- | manifests/client.pp | 2 | ||||
| -rw-r--r-- | manifests/client/base.pp | 5 | ||||
| -rw-r--r-- | manifests/init.pp | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_etch.erb | 4 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_lenny.erb | 2 |
6 files changed, 30 insertions, 11 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 2ac2385..9aed1ba 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -10,18 +10,24 @@ class sshd::base { } # Now add the key, if we've got one - case $sshrsakey_key { + case $sshrsakey { '': { info("no sshrsakey on $fqdn") } default: { - @@sshkey{"$hostname.$domain": - type => ssh-rsa, - key => $sshrsakey_key, + @@sshkey{"$fqdn": + tag => "fqdn", + type => ssh-rsa, + key => $sshrsakey, ensure => present, } - @@sshkey{"$ipaddress": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, + # In case the node has an internal network address, + # we don't define a sshkey resource using an IP address + if $sshd_internal_ip == "no" { + @@sshkey{"$ipaddress": + tag => "ipaddress", + type => ssh-rsa, + key => $sshrsakey, + ensure => present, + } } } } diff --git a/manifests/client.pp b/manifests/client.pp index b650244..ad05d43 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -6,7 +6,7 @@ class sshd::client { default: { case $kernel { linux: { include sshd::client::linux } - default: { include sshd::client::base } + default: { include sshd::client::base } } } } diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 33d9f9e..b1dc99d 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -5,5 +5,8 @@ class sshd::client::base { } # Now collect all server keys - Sshkey <<||>> + case $sshd_internal_ip { + no: { Sshkey <<||>> } + yes: { Sshkey <<| tag == "fqdn" |>> } + } } diff --git a/manifests/init.pp b/manifests/init.pp index 04769e9..f20c0d2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -211,6 +211,12 @@ class sshd { case $sshd_ensure_version { '': { $sshd_ensure_version = "present" } } + case $sshd_print_motd { + '': { $sshd_print_motd = "yes" } + } + case $sshd_internal_ip { + '': { $sshd_internal_ip = "no" } + } include sshd::client diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 746a447..7a38cc4 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -176,7 +176,9 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> -PrintMotd no +<%- if sshd_print_motd.to_s == 'no' then -%> + PrintMotd no +<%- end -%> <%- unless sshd_tail_additional_options.to_s.empty? then %> <%= sshd_tail_additional_options %> diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 18f3e4d..5f7afb4 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -182,7 +182,9 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> +<%- if sshd_print_motd.to_s == 'no' then -%> PrintMotd no +<%- end -%> <%- unless sshd_tail_additional_options.to_s.empty? then %> <%= sshd_tail_additional_options %> |