Puppet Class: ssh::server

Defined in:
manifests/server.pp

Summary

This class managed ssh server

Overview

Examples:

Puppet usage

class { 'ssh::server':
  ensure               => present,
  storeconfigs_enabled => true,
  use_issue_net        => false,
}

Parameters:

  • service_name (String[1])

    Name of the sshd service

  • sshd_config (Stdlib::Absolutepath)

    Path to the sshd_config file

  • sshd_dir (Stdlib::Absolutepath)

    Path to the sshd dir (e.g. /etc/ssh)

  • sshd_binary (Stdlib::Absolutepath)

    Path to the sshd binary

  • host_priv_key_group (Integer)

    Name of the group for the private host key

  • default_options (Hash)

    Default options to set, will be merged with options parameter

  • ensure (Enum[present,absent]) (defaults to: present)

    Ensurable param to ssh server

  • storeconfigs_enabled (Boolean) (defaults to: true)

    Host keys will be collected and distributed unless storeconfigs_enabled is false.

  • options (Hash) (defaults to: {})

    Dynamic hash for openssh server option

  • validate_sshd_file (Boolean) (defaults to: false)

    Add sshd file validate cmd

  • use_augeas (Boolean) (defaults to: false)

    Use augeas for configuration (default concat)

  • options_absent (Array) (defaults to: [])

    Remove options (with augeas style)

  • match_block (Hash) (defaults to: {})

    Add sshd match_block (with concat)

  • use_issue_net (Boolean) (defaults to: false)

    Add issue_net banner

  • sshd_environments_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to a sshd environments file (e.g. /etc/defaults/ssh on Debian)

  • server_package_name (Optional[String[1]]) (defaults to: undef)

    Name of the server package to install



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'manifests/server.pp', line 59

class ssh::server (
  String[1]                      $service_name,
  Stdlib::Absolutepath           $sshd_config,
  Stdlib::Absolutepath           $sshd_dir,
  Stdlib::Absolutepath           $sshd_binary,
  Integer                        $host_priv_key_group,
  Hash                           $default_options,
  Enum[present,absent]           $ensure                 = present,
  Boolean                        $storeconfigs_enabled   = true,
  Hash                           $options                = {},
  Boolean                        $validate_sshd_file     = false,
  Boolean                        $use_augeas             = false,
  Array                          $options_absent         = [],
  Hash                           $match_block            = {},
  Boolean                        $use_issue_net          = false,
  Optional[Stdlib::Absolutepath] $sshd_environments_file = undef,
  Optional[String[1]]            $server_package_name    = undef,
) {
  if $use_augeas {
    $merged_options = sshserver_options_to_augeas_sshd_config($options, $options_absent, { 'target' => $ssh::server::sshd_config })
  } else {
    $merged_options = deep_merge($default_options, $options)
  }

  include ssh::server::install
  include ssh::server::config
  include ssh::server::service

  # Provide option to *not* use storeconfigs/puppetdb, which means not managing
  #  hostkeys and knownhosts
  if ($storeconfigs_enabled) {
    include ssh::hostkeys
    include ssh::knownhosts

    Class['ssh::server::install']
    -> Class['ssh::server::config']
    ~> Class['ssh::server::service']
    -> Class['ssh::hostkeys']
    -> Class['ssh::knownhosts']
  } else {
    Class['ssh::server::install']
    -> Class['ssh::server::config']
    ~> Class['ssh::server::service']
  }

  $match_block.each |String $k, Hash $v| {
    ssh::server::match_block { $k:
      * => $v,
    }
  }
}