Puppet Class: ssh::server

Inherits:
ssh::params
Defined in:
manifests/server.pp

Summary

This class managed ssh server

Overview

Examples:

Puppet usage

class { 'ssh::server':
  ensure               => present,
  storeconfigs_enabled => true,
  use_issue_net        => false,
}

Parameters:

  • ensure (String) (defaults to: present)

    Ensurable param to ssh server

  • storeconfigs_enabled (Boolean) (defaults to: true)

    Host keys will be collected and distributed unless storeconfigs_enabled is false.

  • options (Hash) (defaults to: {})

    Dynamic hash for openssh server option

  • validate_sshd_file (Boolean) (defaults to: false)

    Add sshd file validate cmd

  • use_augeas (Boolean) (defaults to: false)

    Use augeas for configuration (default concat)

  • options_absent (Array) (defaults to: [])

    Remove options (with augeas style)

  • match_block (Hash) (defaults to: {})

    Add sshd match_block (with concat)

  • use_issue_net (Boolean) (defaults to: false) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'manifests/server.pp', line 35

class ssh::server (
  String  $ensure               = present,
  Boolean $storeconfigs_enabled = true,
  Hash    $options              = {},
  Boolean $validate_sshd_file   = false,
  Boolean $use_augeas           = false,
  Array   $options_absent       = [],
  Hash    $match_block          = {},
  Boolean $use_issue_net        = false
) inherits ssh::params {
  # Merge hashes from multiple layer of hierarchy in hiera
  $hiera_options = lookup("${module_name}::server::options", Optional[Hash], 'deep', {})
  $hiera_match_block = lookup("${module_name}::server::match_block", Optional[Hash], 'deep', {})

  $fin_options = deep_merge($hiera_options, $options)
  $fin_match_block = deep_merge($hiera_match_block, $match_block)

  if $use_augeas {
    $merged_options = sshserver_options_to_augeas_sshd_config($fin_options, $options_absent, { 'target' => $ssh::params::sshd_config })
  } else {
    $merged_options = deep_merge($ssh::params::sshd_default_options, $fin_options)
  }

  include ssh::server::install
  include ssh::server::config
  include ssh::server::service

  # Provide option to *not* use storeconfigs/puppetdb, which means not managing
  #  hostkeys and knownhosts
  if ($storeconfigs_enabled) {
    include ssh::hostkeys
    include ssh::knownhosts

    Class['ssh::server::install']
    -> Class['ssh::server::config']
    ~> Class['ssh::server::service']
    -> Class['ssh::hostkeys']
    -> Class['ssh::knownhosts']
  } else {
    Class['ssh::server::install']
    -> Class['ssh::server::config']
    ~> Class['ssh::server::service']
  }

  create_resources('ssh::server::match_block', $fin_match_block)
}