Merge pull request #2 from xaque208/cleanup

Remove dead templates and clean
opus-codium · Feb 7, 2015 · 925d8bc · 925d8bc
2 parents 08cdb95 + ec0d9c4
commit 925d8bc
Show file tree

Hide file tree

Showing 11 changed files with 199 additions and 154 deletions.
diff --git a/manifests/allowgroup.pp b/manifests/allowgroup.pp
@@ -14,17 +14,18 @@
 
   if $chroot == true {
     include ssh::chroot
-    file {
-      "/var/chroot/${name}":
-        ensure => directory,
-        owner  => root,
-        group  => root,
-        mode   => '0755';
-      "/var/chroot/${name}/drop":
-        ensure => directory,
-        owner  => root,
-        group  => $name,
-        mode   => '0775';
+    file { "/var/chroot/${name}":
+      ensure => directory,
+      owner  => root,
+      group  => root,
+      mode   => '0755',
+    }
+
+    file { "/var/chroot/${name}/drop":
+      ensure => directory,
+      owner  => root,
+      group  => $name,
+      mode   => '0775';
     }
 
     $allowtcp = $tcpforwarding ? {

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -14,30 +14,15 @@
 
   include ssh::params
 
-  $client_package  = $ssh::params::client_package
-  $ssh_config      = $ssh::params::ssh_config
-  $sshd_config     = $ssh::params::sshd_config
-  $ssh_service     = $ssh::params::ssh_service
-  $syslog_facility = $ssh::params::syslog_facility
+  $ssh_config     = $ssh::params::ssh_config
 
-  if $::kernel == 'Linux' or $::kernel == 'SunOS' {
-    package { $client_package:
-      ensure => latest,
-    }
-  }
+  include ssh::install
 
   file { $ssh_config:
-    ensure    => file,
-    owner     => root,
-    group     => 0,
-    mode      => '0644',
-    require   => $kernel ? {
-      "Darwin"  => undef,
-      'freebsd' => undef,
-      'openbsd' => undef,
-      'solaris' => undef,
-      'SunOS'   => undef,
-      default   => Package[$client_package],
-    }
+    ensure  => file,
+    owner   => 'root',
+    group   => '0',
+    mode    => '0644',
+    require => Class['ssh::install'],
   }
 }
diff --git a/manifests/install.pp b/manifests/install.pp
@@ -0,0 +1,17 @@
+# Class: ssh::install
+#
+# Install the OpenSSH client and server packages.
+#
+class ssh::install (
+  $ensure        = 'latest',
+  $needs_install = $ssh::params::needs_install,
+  $ssh_packages  = $ssh::params::ssh_packages,
+) inherits ssh::params {
+
+  if $needs_install == true {
+    package { $ssh_packages:
+      ensure => $ensure,
+      notify => Service['sshd'],
+    }
+  }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -4,56 +4,61 @@
 #
 class ssh::params {
 
-  $ssh_dir           = '/etc/ssh'
-  $sshd_config       = "${ssh_dir}/sshd_config"
-  $ssh_config        = "${ssh_dir}/ssh_config"
-  $known_hosts       = "${ssh_dir}/ssh_known_hosts"
+  $ssh_dir     = '/etc/ssh'
+  $sshd_config = "${ssh_dir}/sshd_config"
+  $ssh_config  = "${ssh_dir}/ssh_config"
+  $known_hosts = "${ssh_dir}/ssh_known_hosts"
+
+  case $::kernel {
+    'openbsd': {
+      $root_group = 'wheel'
+    }
+    'freebsd': {
+      $root_group = 'wheel'
+    }
+    default: {
+      $root_group = 'root'
+    }
+  }
 
   case $::operatingsystem {
     'centos', 'redhat', 'fedora': {
-      $client_package  = 'openssh-clients'
-      $server_package  = 'openssh-server'
-      $ssh_service     = 'sshd'
-      $syslog_facility = 'AUTHPRIV'
+      $needs_install  = true
+      $ssh_packages   = [ 'openssh-clients', 'openssh-server' ]
+      $ssh_service    = 'sshd'
     }
     'sles': {
-      $client_package  = 'openssh'
-      $server_package  = 'openssh'
-      $ssh_service     = 'sshd'
-      $syslog_facility = 'AUTHPRIV'
+      $needs_install  = true
+      $ssh_packages   = 'openssh'
+      $ssh_service    = 'sshd'
     }
     'ubuntu', 'debian': {
-      $client_package  = 'openssh-client'
-      $server_package  = 'openssh-server'
-      $ssh_service     = 'ssh'
-      $syslog_facility = 'AUTHPRIV'
+      $needs_install  = true
+      $ssh_packages   = [ 'openssh-client', 'openssh-server' ]
+      $ssh_service    = 'ssh'
     }
     'darwin': {
-      $ssh_service     = 'com.openssh.sshd'
-      $syslog_facility = 'AUTHPRIV'
+      $needs_install = false
+      $ssh_packages  = undef
+      $ssh_service   = 'com.openssh.sshd'
     }
     'freebsd': {
-      $ssh_service     = 'sshd'
-      $syslog_facility = 'AUTHPRIV'
+      $needs_install = false
+      $ssh_packages  = undef
+      $ssh_service   = 'sshd'
+    }
+    'openbsd': {
+      $needs_install = false
+      $ssh_packages  = undef
+      $ssh_service   = 'sshd'
     }
     'solaris','sunos': {
-      case $operatingsystemrelease {
-        '5.10': {
-          $client_package  = 'openssh'
-          $server_package  = 'openssh'
-          $ssh_service     = 'svc:/network/cswopenssh:default'
-          $syslog_facility = 'AUTH'
-        }
-        '5.11': {
-          $client_package  = 'service/network/ssh'
-          $server_package  = 'service/network/ssh'
-          $ssh_service     = 'network/ssh'
-          $syslog_facility = 'AUTH'
-        }
-      }
+      $needs_install  = true
+      $ssh_packages   = 'network/ssh'
+      $ssh_service    = 'ssh'
     }
     default: {
-      fail("module ssh does not support operatingsystem ${::operatingsystem}")
+      fail("${module_name} does not support ${::operatingsystem}")
     }
   }
 }
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -11,59 +11,37 @@
 # Sample Usage:
 #
 class ssh::server(
-  $permit_root_login     = 'no',
-  $permit_x11_forwarding = 'no',
 ) {
+
   include ssh
+  include ssh::install
+  include ssh::server::config
+
   include ssh::params
   include concat::setup
 
-  $permit_root_login_values     = [
-    'no',
-    'without-password',
-    'forced-commands-only',
-    'yes'
-  ]
-
-  $permit_x11_forwarding_values = [ 'no', 'yes' ]
-
-  unless $permit_root_login in $permit_root_login_values {
-    fail("Invalid value '${permit_root_login}' for permit_root_login")
-  }
-  unless $permit_x11_forwarding in $permit_x11_forwarding_values {
-    fail("Invalid value '${permit_x11_forwarding}' for permit_x11_forwarding")
-  }
-
   $ssh_service     = $ssh::params::ssh_service
-  $server_package  = $ssh::params::server_package
+  $ssh_packages    = $ssh::params::ssh_pckages
   $sshd_config     = $ssh::params::sshd_config
-  $syslog_facility = $ssh::params::syslog_facility
+  $needs_install   = $ssh::params::needs_install
+  $root_group      = $ssh::params::root_group
 
-  if $::kernel == 'Linux' {
-    if !defined(Package[$server_package]) {
-      package { $server_package:
-        ensure  => latest,
-        notify  => Service['sshd'],
-      }
-    }
+  concat { $sshd_config:
+    owner   => '0',
+    group   => '0',
+    mode    => '0640',
+    require => Class['ssh::install'],
+    notify  => Service['sshd'],
   }
 
   concat::fragment { 'sshd_config-header':
     order   => '00',
     target  => $sshd_config,
-    content => template('ssh/sshd_config.erb'),
-  }
-  concat { $sshd_config:
-    mode    => '0640',
-    require => $::kernel ? {
-      'Darwin'  => undef,
-      'freebsd' => undef,
-      'openbsd' => undef,
-      'sunos'   => undef,
-      default   => Package[$server_package],
-    },
-    notify  => Service['sshd'],
+    content => template('ssh/sshd_config-header.erb'),
   }
+
+  include ssh::server::config
+
   service { 'sshd':
     ensure     => running,
     name       => $ssh_service,
@@ -74,15 +52,22 @@
 
   file { $ssh::params::ssh_dir:
     ensure => directory,
-    owner  => 0,
-    group  => 0,
+    owner  => 'root',
+    group  => '0',
     mode   => '0755',
   }
 
   file { $ssh::params::known_hosts:
     ensure => present,
-    owner  => 0,
-    group  => 0,
+    owner  => 'root',
+    group  => '0',
     mode   => '0644',
   }
+
+  # If root login is permitted, then the root group granted access.
+  $permitrootlogin = $ssh::server::config::permitrootlogin
+
+  if $permitrootlogin != 'no' {
+    ssh::allowgroup { $root_group: }
+  }
 }
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -0,0 +1,33 @@
+# Class: ssh::server::config
+#
+# Provide the configuration paramaters necessary to configure the sshd(8)
+# server and inject variables into the sshd_config file through the use of the
+# concat erb template..
+#
+class ssh::server::config (
+  $port                     = '22',
+  $protocol                 = '2',
+  $useprivilegeseparation   = 'yes',
+  $syslogfacility           = 'AUTH',
+  $log_level                = 'INFO', # underscore here because puppet
+  $passwordauthentication   = 'no',
+  $permitemptypasswords     = 'no',
+  $usepam                   = 'yes',
+  $permitrootlogin          = 'no',
+  $gssapiauthentication     = 'no',
+  $gssapicleanupcredentials = 'yes',
+  $subsystem                = {},
+  $has_pam                  = false,
+  $has_gssapi               = false,
+){
+
+  include concat::setup
+
+  $sshd_config   = $ssh::params::sshd_config
+
+  concat::fragment { 'sshd_config':
+    order   => '10',
+    target  => $sshd_config,
+    content => template('ssh/sshd_config.erb'),
+  }
+}
diff --git a/spec/classes/ssh_spec.rb b/spec/classes/ssh_spec.rb
@@ -1,12 +1,26 @@
 require 'spec_helper'
 
 describe 'ssh' do
-  let(:facts) {
-    {
-      :operatingsystem => 'OpenBSD',
-      :concat_basedir => '/dne'
+  context "when on openbsd" do
+    let(:facts) {
+      {
+        :operatingsystem => 'OpenBSD',
+        :kernel => 'OpenBSD',
+        :concat_basedir => '/dne'
+      }
     }
-  }
-  it { should contain_class('ssh') }
+    it { should contain_class('ssh') }
+  end
+
+  context "when on debian" do
+    let(:facts) {
+      {
+        :operatingsystem => 'Debian',
+        :kernel => 'Debian',
+        :concat_basedir => '/dne'
+      }
+    }
+    it { should contain_class('ssh') }
+  end
 end
 
diff --git a/templates/_linux_config.erb b/templates/_linux_config.erb
diff --git a/templates/_solaris_config.erb b/templates/_solaris_config.erb
diff --git a/templates/sshd_config-header.erb b/templates/sshd_config-header.erb
@@ -0,0 +1,3 @@
+# sshd_config: Managed by Puppet
+#
+