From 5d55606789cf2f1b92935aab83c6d97ecee71987 Mon Sep 17 00:00:00 2001
From: Derek Higgins <derekh@redhat.com>
Date: Fri, 8 Jul 2016 23:44:25 +0100
Subject: [PATCH] Make sshd PermitRootLogin configurable

Make this configurable so that it can be enabled for images used
by nodepool.

Change-Id: I704453c6d3091a24e68509650c61efb638aea601
---
 manifests/init.pp         | 5 ++++-
 templates/sshd_config.erb | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 1e71c6f..6f1c8d1 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,9 @@
 # == Class: ssh
 #
-class ssh ($trusted_ssh_source = 'puppetmaster.openstack.org') {
+class ssh (
+    $trusted_ssh_source = 'puppetmaster.openstack.org',
+    $permit_root_login = 'no',
+) {
     include ::ssh::params
     package { $::ssh::params::package_name:
       ensure => present,
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 9304fe3..4592a86 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -23,7 +23,7 @@ LogLevel INFO
 
 # Authentication:
 LoginGraceTime 120
-PermitRootLogin no
+PermitRootLogin <%= @permit_root_login %>
 StrictModes yes
 
 RSAAuthentication yes