[Mageia-sysadm] [437] the previous trick didn't work as tags are dependent in the order of

root at mageia.org root at mageia.org
Wed Nov 24 00:17:49 CET 2010


Revision: 437
Author:   misc
Date:     2010-11-24 00:17:48 +0100 (Wed, 24 Nov 2010)
Log Message:
-----------
the previous trick didn't work as tags are dependent in the order of
declaration ( and that's bad (tm) ). This one is safer.

Modified Paths:
--------------
    puppet/manifests/common.pp
    puppet/modules/openssh/manifests/init.pp
    puppet/modules/openssh/templates/sshd_config

Added Paths:
-----------
    puppet/modules/openssh/templates/sshd_config_ldap

Modified: puppet/manifests/common.pp
===================================================================
--- puppet/manifests/common.pp	2010-11-23 23:17:47 UTC (rev 436)
+++ puppet/manifests/common.pp	2010-11-23 23:17:48 UTC (rev 437)
@@ -87,7 +87,7 @@
 class default_mageia_server {
     include timezone
 
-    include openssh
+    include openssh::server
     include default_ssh_root_key
     include base_packages
     include ntp

Modified: puppet/modules/openssh/manifests/init.pp
===================================================================
--- puppet/modules/openssh/manifests/init.pp	2010-11-23 23:17:47 UTC (rev 436)
+++ puppet/modules/openssh/manifests/init.pp	2010-11-23 23:17:48 UTC (rev 437)
@@ -1,31 +1,36 @@
 class openssh {
+    class server {
+        # some trick to manage sftp server, who is arch dependent on mdv    
+        $path_to_sftp = "$lib_dir/ssh/"
 
-    # some trick to manage sftp server, who is arch dependent on mdv    
-    $path_to_sftp = "$lib_dir/ssh/"
+        package { "openssh-server":
+            ensure => installed
+        }
 
-    package { "openssh-server":
-        ensure => installed
-    }
+        service { sshd:
+            ensure => running,
+            path => "/etc/init.d/sshd",
+            subscribe => [ Package["openssh-server"] ]
+        }
 
-    service { sshd:
-        ensure => running,
-        path => "/etc/init.d/sshd",
-        subscribe => [ Package["openssh-server"], File["sshd_config"] ]
-    }
 
-    file { "sshd_config":
-        path => "/etc/ssh/sshd_config",
-        ensure => present,
-        owner => root,
-        group => root,
-        mode => 644,
-        require => Package["openssh-server"],
-        content => template("openssh/sshd_config")
+        file { "/etc/ssh/sshd_config":
+            ensure => present,
+            owner => root,
+            group => root,
+            mode => 644,
+            require => Package["openssh-server"],
+            content => template("openssh/sshd_config"),
+            notify => Service["sshd"]
+        }
     }
 
- 
-    class ssh_keys_from_ldap {
+    class ssh_keys_from_ldap inherits server {
 
+        File ["/etc/ssh/sshd_config"] {
+            content => template("openssh/sshd_config","openssh/sshd_config_ldap")
+        }
+
         package { 'python-ldap':
             ensure => installed,
         }

Modified: puppet/modules/openssh/templates/sshd_config
===================================================================
--- puppet/modules/openssh/templates/sshd_config	2010-11-23 23:17:47 UTC (rev 436)
+++ puppet/modules/openssh/templates/sshd_config	2010-11-23 23:17:48 UTC (rev 437)
@@ -45,11 +45,7 @@
 #PubkeyAuthentication yes
 #AuthorizedKeysFile	.ssh/authorized_keys
 
-<% if all_tags.include?('openssh::ssh_keys_from_ldap')  %>
-AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
-<% end %>
 
-
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no
 # similar for protocol version 2

Added: puppet/modules/openssh/templates/sshd_config_ldap
===================================================================
--- puppet/modules/openssh/templates/sshd_config_ldap	                        (rev 0)
+++ puppet/modules/openssh/templates/sshd_config_ldap	2010-11-23 23:17:48 UTC (rev 437)
@@ -0,0 +1,3 @@
+
+AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101124/ed0d31e3/attachment.html>


More information about the Mageia-sysadm mailing list