39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# File 'manifests/profile/base/sshd.pp', line 39
class tripleo::profile::base::sshd (
$options = {},
$listen = [],
$port = [22],
$password_authentication = 'no',
) {
if $options['ListenAddress'] {
$sshd_options_listen = {'ListenAddress' => unique(concat(any2array($options['ListenAddress']), $listen))}
} elsif !empty($listen) {
$sshd_options_listen = {'ListenAddress' => unique(any2array($listen))}
} else {
$sshd_options_listen = {}
}
if $options['Port'] {
$sshd_options_port = {'Port' => unique(concat(any2array($options['Port']), $port))}
} else {
$sshd_options_port = {'Port' => unique(any2array($port))}
}
# Prevent error messages on sshd startup
$basic_options = {
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
}
$password_auth_options = {
'PasswordAuthentication' => $password_authentication
}
$sshd_options = merge(
$options,
$basic_options,
$sshd_options_port,
$sshd_options_listen,
$password_auth_options,
)
# NB (owalsh) in puppet-ssh hiera takes precedence over the class param
# we need to control this, so error if it's set in hiera
if lookup('ssh::server::options', undef, undef, undef) {
err('ssh::server::options must not be set, use tripleo::profile::base::sshd::options')
}
class { 'ssh':
storeconfigs_enabled => false,
server_options => $sshd_options,
# NOTE: Force disabling client configuration.
client_options => {},
}
}
|