puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #134 from dfairhurst/feature/manageservice

Browse Source 
Add a parameter to allow disabling management of the ssh service
This commit is contained in:
Garrett Honeycutt 2015-10-15 14:31:32 -04:00
commit 9ffa33c028
3 changed files with 65 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -606,6 +606,11 @@ Content of root's ~/.ssh/config.
- *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
manage_service
--------------
Manage the sshd service through this module or not. Valid values are 'true' and 'false'.
- *Default*: 'true'
=== ===
# Manage user's ssh_authorized_keys # Manage user's ssh_authorized_keys

10
manifests/init.pp
View File

@ -78,6 +78,7 @@ class ssh (
$sshd_hostbasedauthentication = 'no', $sshd_hostbasedauthentication = 'no',
$sshd_ignoreuserknownhosts = 'no', $sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes', $sshd_ignorerhosts = 'yes',
$manage_service = true,
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = true, $service_enable = true,
@ -580,6 +581,13 @@ class ssh (
} }
validate_bool($purge_keys_real) validate_bool($purge_keys_real)
if type3x($manage_service) == 'string' {
$manage_service_real = str2bool($manage_service)
} else {
$manage_service_real = $manage_service
}
validate_bool($manage_service_real)
if type3x($service_enable) == 'string' { if type3x($service_enable) == 'string' {
$service_enable_real = str2bool($service_enable) $service_enable_real = str2bool($service_enable)
} else { } else {
@ -703,6 +711,7 @@ class ssh (
} }
} }
if $manage_service_real {
service { 'sshd_service' : service { 'sshd_service' :
ensure => $service_ensure, ensure => $service_ensure,
name => $service_name_real, name => $service_name_real,
@ -711,6 +720,7 @@ class ssh (
hasstatus => $service_hasstatus_real, hasstatus => $service_hasstatus_real,
subscribe => File['sshd_config'], subscribe => File['sshd_config'],
} }
}
if $manage_firewall == true { if $manage_firewall == true {
firewall { '22 open port 22 for SSH': firewall { '22 open port 22 for SSH':

43
spec/classes/init_spec.rb
View File

@ -3371,4 +3371,47 @@ describe 'ssh' do
end end
end end
end end
describe 'with parameter manage_service' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
['YES','badvalue',2.42,['array'],a = { 'ha' => 'sh' }].each do |value|
context "specified as invalid value #{value} (as #{value.class})" do
let(:params) { { :manage_service => value } }
it do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/(is not a boolean|Unknown type of boolean)/)
end
end
end
['true', true].each do |value|
context "specified as valid true value #{value} (as #{value.class})" do
let(:params) { { :manage_service => value } }
it do
expect {
should contain_service('sshd_service')
}
end
end
end
['false', false].each do |value|
context "specified as valid false value #{value} (as #{value.class})" do
let(:params) { { :manage_service => value } }
it do
expect {
should_not contain_service('sshd_service')
}
end
end
end
end
end end