From 52a42d0c43fc0b6cb46d91f7e52cfc22f1941a71 Mon Sep 17 00:00:00 2001 From: Martin Hagstrom Date: Tue, 21 May 2013 10:57:09 +0200 Subject: [PATCH] Added documentation --- README.md | 140 ++++++++++++++++++++++++++++++++++++++++++++- manifests/init.pp | 141 +++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 269 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 6b3aed0..c52912c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,138 @@ -puppet-module-ssh -================= +# puppet-module-ssh # -Puppet module to manage SSH +Puppet module to manage SSH. + +# Compatability # + +This module has been tested to work on the following systems. + + * EL 5 + * EL 6 + +# Parameters # + +packages +-------- +Array of package names used for installation. + +- *Default*: 'openssh-server', 'openssh-server', 'openssh-clients' + +permit_root_login +----------------- +Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', 'no'. + +- *Default*: no + +purge_keys +---------- +Remove keys not managed by puppet. + +- *Default*: 'true' + +manage_firewall +--------------- +Open firewall for SSH service. + +- *Default*: false + +ssh_config_path +--------------- +Path to ssh_config. + +- *Default*: '/etc/ssh/ssh_config' + +ssh_config_owner +---------------- +ssh_config's owner. + +- *Default*: 'root' + +ssh_config_group +---------------- +ssh_config's group. + +- *Default*: 'root' + +ssh_config_mode +--------------- +ssh_config's mode. + +- *Default*: '0644' + +sshd_config_path +---------------- +Path to sshd_config. + +- *Default*: '/etc/ssh/sshd_config + +sshd_config_owner +----------------- +sshd_config's owner. + +- *Default*: 'root' + +sshd_config_group +---------------- +sshd_config's group. + +- *Default*: 'root' + +sshd_config_mode +--------------- +sshd_config's mode. + +- *Default*: '0600' + +service_ensure +-------------- +Ensure SSH service is running. Valid values are 'stopped' and 'running'. + +- *Default*: 'running' + +service_name +------------ +Name of the SSH service. + +- *Default*: 'sshd' + +service_enable +-------------- +Start SSH at boot. Valid values are 'true', 'false' and 'manual'. + +- *Default*: 'true' + +service_hasrestart +------------------ +Specify that the init script has a restart command. Valid values are 'true' and 'false'. + +- *Default*: 'true' + +service_hasstatus +----------------- +Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false' + +- *Default*: 'true' + +ssh_key_ensure +-------------- +Export node SSH key. Valid values are 'present' and 'absent'. + +- *Default*: 'present' + +ssh_key_type +------------ +Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa' + +- *Default*: 'ssh-rsa' + +manage_root_ssh_config +---------------------- +Manage SSH config of root. Valid values are 'true' and 'false'. + +- *Default*: 'false' + +root_ssh_config_content +----------------------- +Content of root's ~/.ssh/config. + +- *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" diff --git a/manifests/init.pp b/manifests/init.pp index ac21aac..5ee50d1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,12 +1,135 @@ -# == Class: ssh -# -# Manage ssh client and server -# -# == Parameters: -# -# $permit_root_login: defaults to 'no', -# valid values = yes/without-password/forced-commands-only/no -# +# ## Class: ssh ## +# +# Puppet module to manage SSH. +# +# ### Parameters ### +# +# packages +# -------- +# Array of package names used for installation. +# +# - *Default*: 'openssh-server', 'openssh-server', 'openssh-clients' +# +# permit_root_login +# ----------------- +# Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', 'no'. +# +# - *Default*: no +# +# purge_keys +# ---------- +# Remove keys not managed by puppet. +# +# - *Default*: 'true' +# +# manage_firewall +# --------------- +# Open firewall for SSH service. +# +# - *Default*: false +# +# ssh_config_path +# --------------- +# Path to ssh_config. +# +# - *Default*: '/etc/ssh/ssh_config' +# +# ssh_config_owner +# ---------------- +# ssh_config's owner. +# +# - *Default*: 'root' +# +# ssh_config_group +# ---------------- +# ssh_config's group. +# +# - *Default*: 'root' +# +# ssh_config_mode +# --------------- +# ssh_config's mode. +# +# - *Default*: '0644' +# +# sshd_config_path +# ---------------- +# Path to sshd_config. +# +# - *Default*: '/etc/ssh/sshd_config +# +# sshd_config_owner +# ----------------- +# sshd_config's owner. +# +# - *Default*: 'root' +# +# sshd_config_group +# ---------------- +# sshd_config's group. +# +# - *Default*: 'root' +# +# sshd_config_mode +# --------------- +# sshd_config's mode. +# +# - *Default*: '0600' +# +# service_ensure +# -------------- +# Ensure SSH service is running. Valid values are 'stopped' and 'running'. +# +# - *Default*: 'running' +# +# service_name +# ------------ +# Name of the SSH service. +# +# - *Default*: 'sshd' +# +# service_enable +# -------------- +# Start SSH at boot. Valid values are 'true', 'false' and 'manual'. +# +# - *Default*: 'true' +# +# service_hasrestart +# ------------------ +# Specify that the init script has a restart command. Valid values are 'true' and 'false'. +# +# - *Default*: 'true' +# +# service_hasstatus +# ----------------- +# Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false' +# +# - *Default*: 'true' +# +# ssh_key_ensure +# -------------- +# Export node SSH key. Valid values are 'present' and 'absent'. +# +# - *Default*: 'present' +# +# ssh_key_type +# ------------ +# Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa' +# +# - *Default*: 'ssh-rsa' +# +# manage_root_ssh_config +# ---------------------- +# Manage SSH config of root. Valid values are 'true' and 'false'. +# +# - *Default*: 'false' +# +# root_ssh_config_content +# ----------------------- +# Content of root's ~/.ssh/config. +# +# - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" +# class ssh ( $packages = ['openssh-server', 'openssh-server',