Puppet Class: tripleo::profile::base::sshd

Defined in:
manifests/profile/base/sshd.pp

Overview

Parameters:

  • options (Any) (defaults to: {})
  • listen (Any) (defaults to: [])
  • port (Any) (defaults to: [22])
  • password_authentication (Any) (defaults to: 'no')


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'manifests/profile/base/sshd.pp', line 39

class tripleo::profile::base::sshd (
  $options                 = {},
  $listen                  = [],
  $port                    = [22],
  $password_authentication = 'no',
) {

  if $options['ListenAddress'] {
    $sshd_options_listen = {'ListenAddress' => unique(concat(any2array($options['ListenAddress']), $listen))}
  } elsif !empty($listen) {
    $sshd_options_listen = {'ListenAddress' => unique(any2array($listen))}
  } else {
    $sshd_options_listen = {}
  }

  if $options['Port'] {
    $sshd_options_port = {'Port' => unique(concat(any2array($options['Port']), $port))}
  } else {
    $sshd_options_port = {'Port' => unique(any2array($port))}
  }

  # Prevent error messages on sshd startup
  $basic_options = {
    'HostKey' => [
      '/etc/ssh/ssh_host_rsa_key',
      '/etc/ssh/ssh_host_ecdsa_key',
      '/etc/ssh/ssh_host_ed25519_key',
    ]
  }

  $password_auth_options = {
    'PasswordAuthentication' => $password_authentication
  }

  $sshd_options = merge(
    $options,
    $basic_options,
    $sshd_options_port,
    $sshd_options_listen,
    $password_auth_options,
  )

  # NB (owalsh) in puppet-ssh hiera takes precedence over the class param
  # we need to control this, so error if it's set in hiera
  if lookup('ssh::server::options', undef, undef, undef) {
    err('ssh::server::options must not be set, use tripleo::profile::base::sshd::options')
  }
  class { 'ssh':
    storeconfigs_enabled => false,
    server_options       => $sshd_options,
    # NOTE: Force disabling client configuration.
    client_options       => {},
  }
}