|
13 | 13 | $ssh_config_hash_known_hosts = 'USE_DEFAULTS', |
14 | 14 | $ssh_config_path = '/etc/ssh/ssh_config', |
15 | 15 | $ssh_config_owner = 'root', |
16 | | - $ssh_config_group = 'root', |
| 16 | + $ssh_config_group = 'USE_DEFAULTS', |
17 | 17 | $ssh_config_mode = '0644', |
18 | 18 | $ssh_config_forward_x11 = undef, |
19 | 19 | $ssh_config_forward_x11_trusted = 'USE_DEFAULTS', |
|
31 | 31 | $ssh_gssapidelegatecredentials = undef, |
32 | 32 | $sshd_config_path = '/etc/ssh/sshd_config', |
33 | 33 | $sshd_config_owner = 'root', |
34 | | - $sshd_config_group = 'root', |
| 34 | + $sshd_config_group = 'USE_DEFAULTS', |
35 | 35 | $sshd_config_loglevel = 'INFO', |
36 | 36 | $sshd_config_mode = 'USE_DEFAULTS', |
37 | 37 | $sshd_config_permitemptypasswords = undef, |
|
99 | 99 | $ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts', |
100 | 100 | $ssh_config_global_known_hosts_list = undef, |
101 | 101 | $ssh_config_global_known_hosts_owner = 'root', |
102 | | - $ssh_config_global_known_hosts_group = 'root', |
| 102 | + $ssh_config_global_known_hosts_group = 'USE_DEFAULTS', |
103 | 103 | $ssh_config_global_known_hosts_mode = '0644', |
104 | 104 | $ssh_config_user_known_hosts_file = undef, |
105 | 105 | $keys = undef, |
106 | 106 | $manage_root_ssh_config = false, |
107 | 107 | $root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n", |
108 | 108 | ) { |
109 | 109 |
|
| 110 | + if $::osfamily == 'FreeBSD' { |
| 111 | + $default_ssh_config_group = 'wheel' |
| 112 | + $default_sshd_config_group = 'wheel' |
| 113 | + $default_ssh_config_global_known_hosts_group = 'wheel' |
| 114 | + } else { |
| 115 | + $default_ssh_config_group = 'root' |
| 116 | + $default_sshd_config_group = 'root' |
| 117 | + $default_ssh_config_global_known_hosts_group = 'root' |
| 118 | + } |
| 119 | + |
110 | 120 | case $::osfamily { |
| 121 | + 'FreeBSD': { |
| 122 | + $default_packages = undef |
| 123 | + $default_service_name = 'sshd' |
| 124 | + $default_ssh_config_hash_known_hosts = 'no' |
| 125 | + $default_ssh_config_forward_x11_trusted = 'yes' |
| 126 | + $default_ssh_package_source = undef |
| 127 | + $default_ssh_package_adminfile = undef |
| 128 | + $default_ssh_sendenv = true |
| 129 | + $default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server' |
| 130 | + $default_sshd_config_mode = '0600' |
| 131 | + $default_sshd_config_use_dns = 'yes' |
| 132 | + $default_sshd_config_xauth_location = '/usr/bin/xauth' |
| 133 | + $default_sshd_use_pam = 'yes' |
| 134 | + $default_sshd_gssapikeyexchange = undef |
| 135 | + $default_sshd_pamauthenticationviakbdint = undef |
| 136 | + $default_sshd_gssapicleanupcredentials = 'yes' |
| 137 | + $default_sshd_acceptenv = true |
| 138 | + $default_service_hasstatus = true |
| 139 | + $default_sshd_config_serverkeybits = '1024' |
| 140 | + $default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ] |
| 141 | + $default_sshd_addressfamily = 'any' |
| 142 | + } |
111 | 143 | 'RedHat': { |
112 | 144 | $default_packages = ['openssh-server', |
113 | 145 | 'openssh-clients'] |
|
242 | 274 | } |
243 | 275 | } |
244 | 276 | default: { |
245 | | - fail("ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is <${::osfamily}>.") |
| 277 | + fail("ssh supports osfamilies Debian, FreeBSD, RedHat, Solaris and Suse. Detected osfamily is <${::osfamily}>.") |
246 | 278 | } |
247 | 279 | } |
248 | 280 |
|
|
267 | 299 | $packages_real = $packages |
268 | 300 | } |
269 | 301 |
|
| 302 | + if $ssh_config_group == 'USE_DEFAULTS' { |
| 303 | + $ssh_config_group_real = $default_ssh_config_group |
| 304 | + } else { |
| 305 | + $ssh_config_group_real = $ssh_config_group |
| 306 | + } |
| 307 | + validate_string($ssh_config_group_real) |
| 308 | + |
| 309 | + if $sshd_config_group == 'USE_DEFAULTS' { |
| 310 | + $sshd_config_group_real = $default_sshd_config_group |
| 311 | + } else { |
| 312 | + $sshd_config_group_real = $sshd_config_group |
| 313 | + } |
| 314 | + validate_string($sshd_config_group_real) |
| 315 | + |
| 316 | + if $ssh_config_global_known_hosts_group == 'USE_DEFAULTS' { |
| 317 | + $ssh_config_global_known_hosts_group_real = $default_ssh_config_global_known_hosts_group |
| 318 | + } else { |
| 319 | + $ssh_config_global_known_hosts_group_real = $ssh_config_global_known_hosts_group |
| 320 | + } |
| 321 | + validate_string($ssh_config_global_known_hosts_group_real) |
| 322 | + |
270 | 323 | if $ssh_config_hash_known_hosts == 'USE_DEFAULTS' { |
271 | 324 | $ssh_config_hash_known_hosts_real = $default_ssh_config_hash_known_hosts |
272 | 325 | } else { |
|
672 | 725 | } |
673 | 726 |
|
674 | 727 | validate_string($ssh_config_global_known_hosts_owner) |
675 | | - validate_string($ssh_config_global_known_hosts_group) |
676 | 728 | validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$', |
677 | 729 | "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.") |
678 | 730 |
|
|
750 | 802 | validate_array($sshd_config_allowgroups_real) |
751 | 803 | } |
752 | 804 |
|
753 | | - package { $packages_real: |
754 | | - ensure => installed, |
755 | | - source => $ssh_package_source_real, |
756 | | - adminfile => $ssh_package_adminfile_real, |
| 805 | + if $packages_real != undef { |
| 806 | + package { $packages_real: |
| 807 | + ensure => installed, |
| 808 | + source => $ssh_package_source_real, |
| 809 | + adminfile => $ssh_package_adminfile_real, |
| 810 | + before => [ |
| 811 | + File['ssh_config'], |
| 812 | + File['sshd_config'], |
| 813 | + ], |
| 814 | + } |
757 | 815 | } |
758 | 816 |
|
759 | 817 | file { 'ssh_config' : |
760 | 818 | ensure => file, |
761 | 819 | path => $ssh_config_path, |
762 | 820 | owner => $ssh_config_owner, |
763 | | - group => $ssh_config_group, |
| 821 | + group => $ssh_config_group_real, |
764 | 822 | mode => $ssh_config_mode, |
765 | 823 | content => template($ssh_config_template), |
766 | | - require => Package[$packages_real], |
767 | 824 | } |
768 | 825 |
|
769 | 826 | file { 'sshd_config' : |
770 | 827 | ensure => file, |
771 | 828 | path => $sshd_config_path, |
772 | 829 | mode => $sshd_config_mode_real, |
773 | 830 | owner => $sshd_config_owner, |
774 | | - group => $sshd_config_group, |
| 831 | + group => $sshd_config_group_real, |
775 | 832 | content => template($sshd_config_template), |
776 | | - require => Package[$packages_real], |
777 | 833 | } |
778 | 834 |
|
779 | 835 | if $sshd_config_banner != 'none' and $sshd_banner_content != undef { |
780 | | - file { 'sshd_banner' : |
781 | | - ensure => file, |
782 | | - path => $sshd_config_banner, |
783 | | - owner => $sshd_banner_owner, |
784 | | - group => $sshd_banner_group, |
785 | | - mode => $sshd_banner_mode, |
786 | | - content => $sshd_banner_content, |
787 | | - require => Package[$packages_real], |
| 836 | + if $packages_real == undef { |
| 837 | + file { 'sshd_banner' : |
| 838 | + ensure => file, |
| 839 | + path => $sshd_config_banner, |
| 840 | + owner => $sshd_banner_owner, |
| 841 | + group => $sshd_banner_group, |
| 842 | + mode => $sshd_banner_mode, |
| 843 | + content => $sshd_banner_content, |
| 844 | + require => undef, |
| 845 | + } |
| 846 | + } else { |
| 847 | + file { 'sshd_banner' : |
| 848 | + ensure => file, |
| 849 | + path => $sshd_config_banner, |
| 850 | + owner => $sshd_banner_owner, |
| 851 | + group => $sshd_banner_group, |
| 852 | + mode => $sshd_banner_mode, |
| 853 | + content => $sshd_banner_content, |
| 854 | + require => Package[$packages_real], |
| 855 | + } |
788 | 856 | } |
789 | 857 | } |
790 | 858 |
|
|
844 | 912 | ensure => file, |
845 | 913 | path => $ssh_config_global_known_hosts_file, |
846 | 914 | owner => $ssh_config_global_known_hosts_owner, |
847 | | - group => $ssh_config_global_known_hosts_group, |
| 915 | + group => $ssh_config_global_known_hosts_group_real, |
848 | 916 | mode => $ssh_config_global_known_hosts_mode, |
849 | 917 | } |
850 | 918 |
|
|
0 commit comments