modules/ssh/manifests/init.pp

   1 class ssh {
   2
   3         nodes = hiera('nodes', nil, {'cluster' => hiera('cluster')})
   4         $rootkeys = nodes.collect{|x| hiera('rootkey', nil, {'hostname' => x})}
   5
   6         package { [ 'openssh-client', 'openssh-server']:
   7                 ensure => installed
   8         }
   9
  10         service { 'ssh':
  11                 ensure  => running,
  12                 require => Package['openssh-server']
  13         }
  14
  15         @ferm::rule { 'dsa-ssh':
  16                 description => 'Allow SSH from DSA',
  17                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
  18         }
  19         @ferm::rule { 'dsa-ssh-v6':
  20                 description => 'Allow SSH from DSA',
  21                 domain      => 'ip6',
  22                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
  23         }
  24
  25         file { '/etc/ssh/ssh_config':
  26                 content => template('ssh/ssh_config.erb'),
  27                 require => Package['openssh-client']
  28         }
  29         file { '/etc/ssh/sshd_config':
  30                 content => template('ssh/sshd_config.erb'),
  31                 require => Package['openssh-server'],
  32                 notify  => Service['ssh']
  33         }
  34         file { '/etc/ssh/userkeys':
  35                 ensure  => directory,
  36                 mode    => '0755',
  37                 require => Package['openssh-server']
  38         }
  39         file { '/etc/ssh/userkeys/root':
  40                 content => template('ssh/authorized_keys.erb'),
  41         }
  42 }