Allow ssh on master node only from admin interface

DocImpact
Closes-Bug: 1523445
Change-Id: I3dbeaf71b8d0613fb608bf7f997421aabdac6746

deployment/puppet/nailgun/examples/host-only.pp

@@ -101,6 +101,7 @@ class { 'nailgun::bootstrap_cli':
 
 class { 'osnailyfacter::ssh':
   password_auth  => 'yes',
+  listen_address => [$::fuel_settings['ADMIN_NETWORK']['ipaddress']],
 }
 
 if $use_systemd {

deployment/puppet/osnailyfacter/manifests/ssh.pp

@@ -23,6 +23,8 @@
 # [*password_auth*]
 #   Use password authentication. Defaults to no
 #
+# [*listen_address*]
+#   Array of the local addresses sshd should listen on.
 
 class osnailyfacter::ssh(
   $ciphers        = 'aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,arcfour128',
@@ -30,7 +32,8 @@ class osnailyfacter::ssh(
   $protocol_ver   = '2',
   $ports          = '22',
   $log_lvl        = 'VERBOSE',
-  $password_auth = 'no'
+  $password_auth  = 'no',
+  $listen_address = [],
 ){
 
   case $::osfamily {
@@ -55,6 +58,7 @@ class osnailyfacter::ssh(
       'LogLevel'                        => $log_lvl,
       'Subsystem'                       => $subsystem,
       'PasswordAuthentication'          => $password_auth,
+      'ListenAddress'                   => $listen_address,
       'AllowTcpForwarding'              => 'yes',
       'X11Forwarding'                   => 'no',
       'UsePAM'                          => 'yes',