puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove duplicate documentation from manifest

Browse Source
This commit is contained in:
Garrett Honeycutt 2013-09-25 16:38:20 +02:00
parent 4a67684240
commit cadc6472d3
2 changed files with 35 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
README.md
View File

@ -4,6 +4,8 @@ Manage ssh client and server.
The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys. The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.
===
# Compatability # # Compatability #
This module has been tested to work on the following systems. This module has been tested to work on the following systems.
@ -11,8 +13,16 @@ This module has been tested to work on the following systems.
* EL 5 * EL 5
* EL 6 * EL 6
===
# Parameters # # Parameters #
keys
----
Hash of keys for user's ~/.ssh/authorized_keys
- *Default*: undefined
packages packages
-------- --------
Array of package names used for installation. Array of package names used for installation.
@ -138,3 +148,24 @@ root_ssh_config_content
Content of root's ~/.ssh/config. Content of root's ~/.ssh/config.
- *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
===
# Manage user's ssh_authorized_keys
This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the [Type Reference](http://docs.puppetlabs.com/references/stable/type.html#ssh_authorized_key) for a complete list.
## Sample usage:
Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.
<pre>
ssh::keys:
root_for_userX:
ensure: present
user: root
type: dsa
key: AAAA...==
root_for_userY:
ensure: absent
user: root
</pre>

142
manifests/init.pp
View File

@ -1,141 +1,7 @@
# ## Class: ssh ## # == Class: ssh
# #
# Manage ssh client and server. # Manage ssh client and server.
# #
# ### Parameters ###
#
# packages
# --------
# Array of package names used for installation.
#
# - *Default*: 'openssh-server', 'openssh-server', 'openssh-clients'
#
# permit_root_login
# -----------------
# Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', 'no'.
#
# - *Default*: no
#
# purge_keys
# ----------
# Remove keys not managed by puppet.
#
# - *Default*: 'true'
#
# manage_firewall
# ---------------
# Open firewall for SSH service.
#
# - *Default*: false
#
# ssh_config_path
# ---------------
# Path to ssh_config.
#
# - *Default*: '/etc/ssh/ssh_config'
#
# ssh_config_owner
# ----------------
# ssh_config's owner.
#
# - *Default*: 'root'
#
# ssh_config_group
# ----------------
# ssh_config's group.
#
# - *Default*: 'root'
#
# ssh_config_mode
# ---------------
# ssh_config's mode.
#
# - *Default*: '0644'
#
# sshd_config_path
# ----------------
# Path to sshd_config.
#
# - *Default*: '/etc/ssh/sshd_config
#
# sshd_config_owner
# -----------------
# sshd_config's owner.
#
# - *Default*: 'root'
#
# sshd_config_group
# ----------------
# sshd_config's group.
#
# - *Default*: 'root'
#
# sshd_config_mode
# ---------------
# sshd_config's mode.
#
# - *Default*: '0600'
#
# service_ensure
# --------------
# Ensure SSH service is running. Valid values are 'stopped' and 'running'.
#
# - *Default*: 'running'
#
# service_name
# ------------
# Name of the SSH service.
#
# - *Default*: 'sshd'
#
# service_enable
# --------------
# Start SSH at boot. Valid values are 'true', 'false' and 'manual'.
#
# - *Default*: 'true'
#
# service_hasrestart
# ------------------
# Specify that the init script has a restart command. Valid values are 'true' and 'false'.
#
# - *Default*: 'true'
#
# service_hasstatus
# -----------------
# Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false'
#
# - *Default*: 'true'
#
# ssh_key_ensure
# --------------
# Export node SSH key. Valid values are 'present' and 'absent'.
#
# - *Default*: 'present'
#
# ssh_key_type
# ------------
# Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa'
#
# - *Default*: 'ssh-rsa'
#
# manage_root_ssh_config
# ----------------------
# Manage SSH config of root. Valid values are 'true' and 'false'.
#
# - *Default*: 'false'
#
# root_ssh_config_content
# -----------------------
# Content of root's ~/.ssh/config.
#
# - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
#
# keys
# ----
# Keys for user's ~/.ssh/authorized_keys
#
# - *Default*: undefined
#
# Sample usage: # Sample usage:
# # Push authorized key "root_for_userX" and remove key "root_for_userY" with hiera # # Push authorized key "root_for_userX" and remove key "root_for_userY" with hiera
# #
@ -297,10 +163,10 @@ class ssh (
purge => $purge_keys, purge => $purge_keys,
} }
# push ssh authorized keys # manage users' ssh authorized keys if present
if $keys != undef { if $keys != undef {
$keytype = type($keys) $keys_type = type($keys)
if $keytype == 'hash' { if $keys_type == 'hash' {
create_resources(ssh_authorized_key, $keys) create_resources(ssh_authorized_key, $keys)
} }
} }