From ab5757c5aef1da1dd9d9d00ec5f19d8ae0d2a7e9 Mon Sep 17 00:00:00 2001 From: Ramy Asselin Date: Wed, 28 Jan 2015 11:24:44 -0800 Subject: [PATCH] Split out ssh module Change-Id: I9dc877434a64691a4e4e516159cdd153cb892982 --- modules.env | 1 + modules/ssh/manifests/init.pp | 21 ------- modules/ssh/manifests/params.pp | 26 -------- modules/ssh/templates/sshd_config.erb | 90 --------------------------- 4 files changed, 1 insertion(+), 137 deletions(-) delete mode 100644 modules/ssh/manifests/init.pp delete mode 100644 modules/ssh/manifests/params.pp delete mode 100644 modules/ssh/templates/sshd_config.erb diff --git a/modules.env b/modules.env index 1721825c7e..d40a132469 100644 --- a/modules.env +++ b/modules.env @@ -73,6 +73,7 @@ INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-github"]=" INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-httpd"]="origin/master" INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-openstackid"]="origin/master" INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-redis"]="origin/master" +INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-ssh"]="origin/master" INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-drupal"]="origin/master" INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-mediawiki"]="origin/master" diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp deleted file mode 100644 index a3fc66e7a8..0000000000 --- a/modules/ssh/manifests/init.pp +++ /dev/null @@ -1,21 +0,0 @@ -# == Class: ssh -# -class ssh { - include ssh::params - package { $::ssh::params::package_name: - ensure => present, - } - service { $::ssh::params::service_name: - ensure => running, - hasrestart => true, - subscribe => File['/etc/ssh/sshd_config'], - } - file { '/etc/ssh/sshd_config': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - content => template('ssh/sshd_config.erb'), - replace => true, - } -} diff --git a/modules/ssh/manifests/params.pp b/modules/ssh/manifests/params.pp deleted file mode 100644 index ba443fd4bc..0000000000 --- a/modules/ssh/manifests/params.pp +++ /dev/null @@ -1,26 +0,0 @@ -# Class: ssh::params -# -# This class holds parameters that need to be -# accessed by other classes. -class ssh::params { - case $::osfamily { - 'RedHat': { - $package_name = 'openssh-server' - $service_name = 'sshd' - $sftp_path = '/usr/libexec/openssh/sftp-server' - } - 'Debian': { - $package_name = 'openssh-server' - $service_name = 'ssh' - $sftp_path = '/usr/lib/openssh/sftp-server' - } - 'Suse': { - $package_name = 'openssh' - $service_name = 'sshd' - $sftp_path = '/usr/lib/ssh/sftp-server' - } - default: { - fail("Unsupported osfamily: ${::osfamily} The 'ssh' module only supports osfamily Debian, RedHat or SUSE (slaves only).") - } - } -} diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb deleted file mode 100644 index b55fd2fc62..0000000000 --- a/modules/ssh/templates/sshd_config.erb +++ /dev/null @@ -1,90 +0,0 @@ -# Package generated configuration file -# See the sshd_config(5) manpage for details - -# What ports, IPs and protocols we listen for -Port 22 -# Use these options to restrict which interfaces/protocols sshd will bind to -#ListenAddress :: -#ListenAddress 0.0.0.0 -Protocol 2 -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation yes - -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 - -# Logging -SyslogFacility AUTH -LogLevel INFO - -# Authentication: -LoginGraceTime 120 -PermitRootLogin no -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys - -# Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no -# similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes - -# To enable empty passwords, change to yes (NOT RECOMMENDED) -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Change to no to disable tunnelled clear text passwords -PasswordAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosGetAFSToken no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -X11Forwarding yes -X11DisplayOffset 10 -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -#UseLogin no - -#MaxStartups 10:30:60 -#Banner /etc/issue.net - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %> - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -# allow ansible connections from puppetmaster host -Match host puppetmaster.openstack.org - PermitRootLogin without-password