3c49f51c8f
In https://review.openstack.org/#/c/444622/7 the sshd_options and banner/motd are mutually exclusive. This patch, and the next patchset of that review, resolves the conflict. Related-Bug: 1668543 Change-Id: I1d09530d69e42c0c36311789166554a889e46556
86 lines
2.2 KiB
Puppet
86 lines
2.2 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::sshd
|
|
#
|
|
# SSH composable service for TripleO
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*bannertext*]
|
|
# The text used within /etc/issue and /etc/issue.net
|
|
# Defaults to hiera('BannerText')
|
|
#
|
|
# [*motd*]
|
|
# The text used within SSH Banner
|
|
# Defaults to hiera('MOTD')
|
|
#
|
|
# [*options*]
|
|
# Hash of SSHD options to set. See the puppet-ssh module documentation for
|
|
# details.
|
|
# Defaults to {}
|
|
|
|
class tripleo::profile::base::sshd (
|
|
$bannertext = hiera('BannerText', undef),
|
|
$motd = hiera('MOTD', undef),
|
|
$options = {}
|
|
) {
|
|
|
|
if $bannertext and $bannertext != '' {
|
|
$sshd_options_banner = {'Banner' => '/etc/issue.net'}
|
|
$filelist = [ '/etc/issue', '/etc/issue.net', ]
|
|
file { $filelist:
|
|
ensure => file,
|
|
backup => false,
|
|
content => $bannertext,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644'
|
|
}
|
|
} else {
|
|
$sshd_options_banner = {}
|
|
}
|
|
|
|
if $motd and $motd != '' {
|
|
$sshd_options_motd = {'PrintMotd' => 'yes'}
|
|
file { '/etc/motd':
|
|
ensure => file,
|
|
backup => false,
|
|
content => $motd,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644'
|
|
}
|
|
} else {
|
|
$sshd_options_motd = {}
|
|
}
|
|
|
|
$sshd_options = merge(
|
|
$options,
|
|
$sshd_options_banner,
|
|
$sshd_options_motd
|
|
)
|
|
|
|
# NB (owalsh) in puppet-ssh hiera takes precedence over the class param
|
|
# we need to control this, so error if it's set in hiera
|
|
if hiera('ssh:server::options', undef) {
|
|
err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options')
|
|
}
|
|
class { '::ssh::server':
|
|
storeconfigs_enabled => false,
|
|
options => $sshd_options
|
|
}
|
|
}
|