Merge pull request redhat-openstack#20 from amateo/testing

Add ssh::server::host_key
strider · Mar 3, 2014 · 90f991b · 90f991b
2 parents 14d80d2 + 0506606
commit 90f991b
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 4 deletions.
diff --git a/README.markdown b/README.markdown
@@ -155,3 +155,26 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 UsePAM yes
 PasswordAuthentication no
 ```
+
+## Defining host keys for server
+You can define host keys your server will use
+
+```
+ssh::server::host_key {'ssh_host_rsa_key':
+  private_key_content => '<the private key>',
+  public_key_content  => '<the public key>',
+}
+```
+
+Alternately, you could create the host key providing the files, instead
+of the content:
+
+```
+ssh::server::host_key {'ssh_host_rsa_key':
+  private_key_source => 'puppet:///mymodule/ssh_host_rsa_key',
+  public_key_source  => 'puppet:///mymodule/ssh_host_rsa_key.pub',
+}
+```
+
+Both of these definitions will create ```/etc/ssh/ssh_host_rsa_key``` and
+```/etc/ssh/ssh_host_rsa_key.pub``` and restart sshd daemon.
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -3,6 +3,7 @@
     debian: {
       $server_package_name = 'openssh-server'
       $client_package_name = 'openssh-client'
+      $sshd_dir = '/etc/ssh'
       $sshd_config = '/etc/ssh/sshd_config'
       $ssh_config = '/etc/ssh/ssh_config'
       $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
@@ -11,6 +12,7 @@
     redhat: {
       $server_package_name = 'openssh-server'
       $client_package_name = 'openssh-clients'
+      $sshd_dir = '/etc/ssh'
       $sshd_config = '/etc/ssh/sshd_config'
       $ssh_config = '/etc/ssh/ssh_config'
       $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
@@ -29,6 +31,7 @@
         gentoo: {
           $server_package_name = 'openssh'
           $client_package_name = 'openssh'
+          $sshd_dir = '/etc/ssh'
           $sshd_config = '/etc/ssh/sshd_config'
           $ssh_config = '/etc/ssh/ssh_config'
           $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'

diff --git a/manifests/server/host_key.pp b/manifests/server/host_key.pp
@@ -0,0 +1,84 @@
+# == Define: ssh::server::host_key
+#
+# This module install a ssh host key in the server (basically, it is
+# a file resource but it also notifies to the ssh service)
+#
+# Important! This define does not modify any option in sshd_config, so
+# you have to manually define the HostKey option in the server options
+# if you haven't done yet.
+#
+# == Parameters
+#
+# [*ensure*]
+#   Set to 'absent' to remove host_key files
+#
+# [*public_key_source*]
+#   Sets the content of the source parameter for the public key file
+#   Note public_key_source and public_key_content are mutually exclusive.
+#
+# [*public_key_content*]
+#   Sets the content for the public key file.
+#   Note public_key_source and public_key_content are mutually exclusive.
+#
+# [*private_key_source*]
+#   Sets the content of the source parameter for the private key file
+#   Note private_key_source and private_key_content are mutually exclusive.
+#
+# [*private_key_content*]
+#   Sets the content for the private key file.
+#   Note private_key_source and private_key_content are mutually exclusive.
+#
+define ssh::server::host_key (
+  $ensure = 'present',
+  $public_key_source = '',
+  $public_key_content = '',
+  $private_key_source = '',
+  $private_key_content = '',
+) {
+  if $public_key_source == '' and $public_key_content == '' {
+    fail("You must provide either public_key_source or public_key_content parameter")
+  }
+  if $private_key_source == '' and $private_key_content == '' {
+    fail("You must provide either private_key_source or private_key_content parameter")
+  }
+
+  $manage_pub_key_content = $public_key_source ? {
+    ''      => $public_key_content,
+    default => undef,
+  }
+  $manage_pub_key_source = $public_key_source ? {
+    ''      => undef,
+    default => $public_key_source,
+  }
+
+  $manage_priv_key_content = $private_key_source ? {
+    ''      => $private_key_content,
+    default => undef,
+  }
+  $manage_priv_key_source = $private_key_source ? {
+    ''      => undef,
+    default => $private_key_source,
+  }
+
+  file {"${name}_pub":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    path    => "${::ssh::params::sshd_dir}/${name}.pub",
+    source  => $manage_pub_key_source,
+    content => $manage_pub_key_content,
+    notify  => Class['ssh::server::service'],
+  }
+
+  file {"${name}_priv":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600',
+    path    => "${::ssh::params::sshd_dir}/${name}",
+    source  => $manage_priv_key_source,
+    content => $manage_priv_key_content,
+    notify  => Class['ssh::server::service'],
+  }
+}
diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb
@@ -1,9 +1,9 @@
 # File managed by Puppet
 
-<%- scope.lookupvar('ssh::client::merged_options').each do |k, v| -%>
+<%- scope.lookupvar('ssh::client::merged_options').sort.each do |k, v| -%>
 <%- if v.is_a?(Hash) -%>
 <%= k %>
-<%- v.each do |key, value| -%>
+<%- v.sort.each do |key, value| -%>
     <%- if value.is_a?(Array) -%>
     <%- value.each do |a| -%>
     <%= key %> <%= a %>

diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
@@ -1,9 +1,9 @@
 # File is managed by Puppet
 
-<%- scope.lookupvar('ssh::server::merged_options').each do |k, v| -%>
+<%- scope.lookupvar('ssh::server::merged_options').sort.each do |k, v| -%>
 <%- if v.is_a?(Hash) -%>
 <%= k %>
-<%- v.each do |key, value| -%>
+<%- v.sort.each do |key, value| -%>
     <%- if value.is_a?(Array) -%>
     <%- value.each do |a| -%>
     <%= key %> <%= a %>