Merge pull request #325 from SimonHoenscheid/shoenscheid_data_in_modules

Implement Data in Modules
saz · Apr 13, 2022 · de847bd · de847bd
2 parents 013ea65 + f518b38
commit de847bd
Show file tree

Hide file tree

Showing 38 changed files with 293 additions and 508 deletions.
diff --git a/data/Amazon.yaml b/data/Amazon.yaml
@@ -0,0 +1,12 @@
+---
+ssh::server_package_name: 'openssh-server'
+ssh::client_package_name: 'openssh-clients'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/sbin/sshd'
+ssh::sshd_environments_file: '/etc/sysconfig/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/libexec/openssh/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/Archlinux.yaml b/data/Archlinux.yaml
@@ -0,0 +1,11 @@
+---
+ssh::server_package_name: 'openssh'
+ssh::client_package_name: 'openssh'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/bin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd.service'
+ssh::sftp_server_path: '/usr/lib/ssh/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/Darwin.yaml b/data/Darwin.yaml
@@ -0,0 +1,8 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'com.openssh.sshd'
+ssh::sftp_server_path: '/usr/libexec/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/Debian.yaml b/data/Debian.yaml
@@ -0,0 +1,12 @@
+---
+ssh::server_package_name: 'openssh-server'
+ssh::client_package_name: 'openssh-client'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::sshd_environments_file: '/etc/default/ssh'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'ssh'
+ssh::sftp_server_path: '/usr/lib/openssh/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/DragonFly.yaml b/data/DragonFly.yaml
@@ -0,0 +1,9 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/local/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/libexec/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/FreeBSD.yaml b/data/FreeBSD.yaml
@@ -0,0 +1,9 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/local/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/libexec/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/Gentoo.yaml b/data/Gentoo.yaml
@@ -0,0 +1,11 @@
+---
+ssh::server_package_name: 'openssh'
+ssh::client_package_name: 'openssh'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/lib64/misc/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/OpenBSD.yaml b/data/OpenBSD.yaml
@@ -0,0 +1,20 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/libexec/sftp-server'
+ssh::host_priv_key_group: 0
+
+ssh::sshd_default_options:
+  ChallengeResponseAuthentication: 'no'
+  X11Forwarding                  : 'yes'
+  PrintMotd                      : 'no'
+  AcceptEnv                      : 'LANG LC_*'
+  Subsystem                      : "sftp %{lookup('ssh::sftp_server_path')}"
+
+ssh::ssh_default_options:
+  'Host *':
+    SendEnv: 'LANG LC_*'
+    HashKnownHosts: 'yes'
diff --git a/data/OpenSuse.yaml b/data/OpenSuse.yaml
@@ -0,0 +1,3 @@
+---
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/lib/ssh/sftp-server'
diff --git a/data/RedHat-7.yaml b/data/RedHat-7.yaml
@@ -0,0 +1,2 @@
+---
+ssh::host_priv_key_group: 'ssh_keys'
diff --git a/data/RedHat.yaml b/data/RedHat.yaml
@@ -0,0 +1,12 @@
+---
+ssh::server_package_name: 'openssh-server'
+ssh::client_package_name: 'openssh-clients'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::sshd_environments_file: '/etc/sysconfig/sshd'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/libexec/openssh/sftp-server'
+ssh::host_priv_key_group: 0
diff --git a/data/SLES-10-x86_64.yaml b/data/SLES-10-x86_64.yaml
@@ -0,0 +1,2 @@
+---
+ssh::sftp_server_path: '/usr/lib64/ssh/sftp-server'
diff --git a/data/SLES-11-x86_64.yaml b/data/SLES-11-x86_64.yaml
@@ -0,0 +1,2 @@
+---
+ssh::sftp_server_path: '/usr/lib64/ssh/sftp-server'
diff --git a/data/SLES.yaml b/data/SLES.yaml
@@ -0,0 +1,3 @@
+---
+ssh::service_name: 'sshd'
+ssh::sftp_server_path: '/usr/lib/ssh/sftp-server'
diff --git a/data/SmartOS.yaml b/data/SmartOS.yaml
@@ -0,0 +1,8 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'svc:/network/ssh:default'
+ssh::sftp_server_path: 'internal-sftp'
+ssh::host_priv_key_group: 0
diff --git a/data/Solaris-10.yaml b/data/Solaris-10.yaml
@@ -0,0 +1,3 @@
+---
+ssh::server_package_name: 'SUNWsshdu'
+ssh::client_package_name: 'SUNWsshu'
diff --git a/data/Solaris.yaml b/data/Solaris.yaml
@@ -0,0 +1,16 @@
+---
+ssh::server_package_name: '/service/network/ssh'
+ssh::client_package_name: '/network/ssh'
+ssh::sshd_binary: '/lib/svc/method/sshd'
+ssh::ssh::service_name: 'svc:/network/ssh:default'
+
+ssh:sshd_default_options:
+  ChallengeResponseAuthentication: 'no'
+  X11Forwarding: 'yes'
+  PrintMotd: 'no'
+  Subsystem: "sftp %{lookup('ssh::sftp_server_path')}"
+  HostKey:
+    - "%{lookup('ssh::sshd_dir')}/ssh_host_rsa_key"
+    - "%{lookup('ssh::sshd_dir')}/ssh_host_dsa_key"
+
+ssh::ssh_default_options: {}
diff --git a/data/Suse.yaml b/data/Suse.yaml
@@ -0,0 +1,10 @@
+---
+ssh::server_package_name: 'openssh'
+ssh::client_package_name: 'openssh'
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_binary: '/usr/sbin/sshd'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::sshd_environments_file: '/etc/sysconfig/ssh'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::host_priv_key_group: 0
diff --git a/data/common.yaml b/data/common.yaml
@@ -0,0 +1,26 @@
+---
+ssh::sshd_dir: '/etc/ssh'
+ssh::sshd_config: '/etc/ssh/sshd_config'
+ssh::ssh_config: '/etc/ssh/ssh_config'
+ssh::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
+ssh::service_name: 'svc:/network/ssh:default'
+ssh::sftp_server_path: 'internal-sftp'
+ssh::host_priv_key_group: 0
+ssh::validate_sshd_file             : false
+ssh::user_ssh_directory_default_mode: '0700'
+ssh::user_ssh_config_default_mode   : '0600'
+ssh::collect_enabled                : true   # Collect sshkey resources
+ssh::issue_net                      : '/etc/issue.net'
+
+ssh::sshd_default_options:
+  ChallengeResponseAuthentication: 'no'
+  X11Forwarding: 'yes'
+  PrintMotd: 'no'
+  AcceptEnv: 'LANG LC_*'
+  Subsystem: "sftp %{lookup('ssh::sftp_server_path')}"
+  UsePAM: 'yes'
+
+ssh::ssh_default_options:
+  'Host *':
+    SendEnv: 'LANG LC_*'
+    HashKnownHosts: 'yes'
diff --git a/hiera.yaml b/hiera.yaml
@@ -0,0 +1,25 @@
+---
+version: 5
+
+defaults:
+  datadir: 'data'
+  data_hash: 'yaml_data'
+
+hierarchy:
+  - name: 'Operating System Family'
+    path: '%{facts.os.family}.yaml'
+
+  - name: 'Full Version'
+    path: '%{facts.os.name}-%{facts.os.release.full}.yaml'
+
+  - name: 'Distribution Name'
+    path: '%{facts.os.name}.yaml'
+
+  - name: 'Major Version'
+    path: '%{facts.os.name}-%{facts.os.release.major}.yaml'
+
+  - name: 'Major Version with architecture'
+    path: '%{facts.os.name}-%{facts.os.release.major}-%{facts.os.architecture}.yaml'
+
+  - name: 'common'
+    path: 'common.yaml'
diff --git a/manifests/client.pp b/manifests/client.pp
@@ -1,3 +1,4 @@
+# @api private
 # @summary
 #   This class add ssh client management
 #
@@ -26,16 +27,17 @@
   Hash    $options              = {},
   Boolean $use_augeas           = false,
   Array   $options_absent       = [],
-) inherits ssh::params {
+) {
+  assert_private()
   # Merge hashes from multiple layer of hierarchy in hiera
   $hiera_options = lookup("${module_name}::client::options", Optional[Hash], 'deep', {})
 
   $fin_options = deep_merge($hiera_options, $options)
 
   if $use_augeas {
-    $merged_options = sshclient_options_to_augeas_ssh_config($fin_options, $options_absent, { 'target' => $ssh::params::ssh_config })
+    $merged_options = sshclient_options_to_augeas_ssh_config($fin_options, $options_absent, { 'target' => $ssh::ssh_config })
   } else {
-    $merged_options = merge($fin_options, delete($ssh::params::ssh_default_options, keys($fin_options)))
+    $merged_options = merge($fin_options, delete($ssh::ssh_default_options, keys($fin_options)))
   }
 
   include ssh::client::install

diff --git a/manifests/client/config.pp b/manifests/client/config.pp
@@ -5,7 +5,7 @@
   if $use_augeas {
     create_resources('ssh_config', $options)
   } else {
-    file { $ssh::params::ssh_config:
+    file { $ssh::ssh_config:
       ensure  => file,
       owner   => '0',
       group   => '0',

diff --git a/manifests/client/config/user.pp b/manifests/client/config/user.pp
@@ -11,7 +11,7 @@
   Hash $options                                       = {},
   String[1] $user                                     = $name,
 ) {
-  include ssh::params
+  include ssh
 
   # If a specific target file was specified,
   # it must have higher priority than any
@@ -33,7 +33,7 @@
         file { $user_ssh_dir:
           ensure => directory,
           owner  => $user,
-          mode   => $ssh::params::user_ssh_directory_default_mode,
+          mode   => $ssh::user_ssh_directory_default_mode,
           before => Concat_file[$_target],
         }
       }
@@ -44,7 +44,7 @@
     concat_file { $_target:
       ensure => $ensure,
       owner  => $user,
-      mode   => $ssh::params::user_ssh_config_default_mode,
+      mode   => $ssh::user_ssh_config_default_mode,
       tag    => $name,
     }
   }

diff --git a/manifests/client/install.pp b/manifests/client/install.pp
@@ -1,7 +1,7 @@
 class ssh::client::install {
-  if $ssh::params::client_package_name {
+  if $ssh::client_package_name {
     ensure_packages([
-        $ssh::params::client_package_name,
+        $ssh::client_package_name,
       ], {
         'ensure' => $ssh::client::ensure,
     })

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -148,23 +148,35 @@
 #   Use issue_net header
 #
 class ssh (
+  Stdlib::Absolutepath $sshd_dir,
+  Stdlib::Absolutepath $sshd_binary,
+  Boolean $validate_sshd_file,
+  Hash $sshd_default_options,
+  Hash $ssh_default_options,
+  Stdlib::Absolutepath $sshd_config,
+  Stdlib::Absolutepath $ssh_config,
+  Stdlib::Filemode $user_ssh_directory_default_mode,
+  Stdlib::Filemode $user_ssh_config_default_mode,
+  Integer $host_priv_key_group,
+  String $service_name,
+  Boolean $collect_enabled,
+  Optional[Stdlib::Absolutepath] $sshd_environments_file     = undef,
+  Optional[String] $server_package_name                      = undef,
+  Optional[String] $client_package_name                      = undef,
   Hash[String[1],Hash[String[1],NotUndef]] $server_instances = {},
   Hash    $server_options                                    = {},
   Hash    $server_match_block                                = {},
   Hash    $client_options                                    = {},
   Hash    $users_client_options                              = {},
   String  $version                                           = 'present',
   Boolean $storeconfigs_enabled                              = true,
-  Boolean $validate_sshd_file                                = $ssh::params::validate_sshd_file,
   Boolean $use_augeas                                        = false,
   Array   $server_options_absent                             = [],
   Array   $client_options_absent                             = [],
   Boolean $use_issue_net                                     = false,
   Boolean $purge_unmanaged_sshkeys                           = true,
-  Stdlib::Absolutepath $sshd_dir                             = $ssh::params::sshd_dir,
-  Stdlib::Absolutepath $sshd_binary                          = $ssh::params::sshd_binary,
-  Optional[Stdlib::Absolutepath] $sshd_environments_file     = $ssh::params::sshd_environments_file,
-) inherits ssh::params {
+
+) {
   # Merge hashes from multiple layer of hierarchy in hiera
   $hiera_server_options = lookup("${module_name}::server_options", Optional[Hash], 'deep', {})
   $hiera_server_match_block = lookup("${module_name}::server_match_block", Optional[Hash], 'deep', {})

diff --git a/manifests/knownhosts.pp b/manifests/knownhosts.pp
@@ -8,9 +8,9 @@
 #   Define the hostkeys group storage
 #
 class ssh::knownhosts (
-  Boolean          $collect_enabled    = $ssh::params::collect_enabled,
+  Boolean          $collect_enabled    = $ssh::collect_enabled,
   Optional[String] $storeconfigs_group = undef,
-) inherits ssh::params {
+) {
   if ($collect_enabled) {
     if $storeconfigs_group {
       Sshkey <<| tag == "hostkey_${storeconfigs_group}" |>>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		---
		ssh::sftp_server_path: '/usr/lib64/ssh/sftp-server'