diff --git a/data/OpenBSD.yaml b/data/OpenBSD.yaml index 74d6f03e..c4e6954d 100644 --- a/data/OpenBSD.yaml +++ b/data/OpenBSD.yaml @@ -7,14 +7,14 @@ ssh::service_name: 'sshd' ssh::sftp_server_path: '/usr/libexec/sftp-server' ssh::host_priv_key_group: 0 -ssh::sshd_default_options: +ssh::server_options: ChallengeResponseAuthentication: 'no' X11Forwarding : 'yes' PrintMotd : 'no' AcceptEnv : 'LANG LC_*' Subsystem : "sftp %{lookup('ssh::sftp_server_path')}" -ssh::ssh_default_options: +ssh::client_options: 'Host *': SendEnv: 'LANG LC_*' HashKnownHosts: 'yes' diff --git a/data/Solaris.yaml b/data/Solaris.yaml index dadf33f4..89fe5370 100644 --- a/data/Solaris.yaml +++ b/data/Solaris.yaml @@ -13,4 +13,4 @@ ssh:sshd_default_options: - "%{lookup('ssh::sshd_dir')}/ssh_host_rsa_key" - "%{lookup('ssh::sshd_dir')}/ssh_host_dsa_key" -ssh::ssh_default_options: {} +ssh::client_options: {} diff --git a/data/common.yaml b/data/common.yaml index ee5159df..dcc69a05 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,4 +1,14 @@ --- +lookup_options: + ssh::server_options: + merge: deep + ssh::server_match_block: + merge: deep + ssh::client_options: + merge: deep + ssh::users_client_options: + merge: deep + ssh::sshd_dir: '/etc/ssh' ssh::sshd_config: '/etc/ssh/sshd_config' ssh::ssh_config: '/etc/ssh/ssh_config' @@ -12,7 +22,7 @@ ssh::user_ssh_config_default_mode : '0600' ssh::collect_enabled : true # Collect sshkey resources ssh::issue_net : '/etc/issue.net' -ssh::sshd_default_options: +ssh::server_options: ChallengeResponseAuthentication: 'no' X11Forwarding: 'yes' PrintMotd: 'no' @@ -20,7 +30,7 @@ ssh::sshd_default_options: Subsystem: "sftp %{lookup('ssh::sftp_server_path')}" UsePAM: 'yes' -ssh::ssh_default_options: +ssh::client_options: 'Host *': SendEnv: 'LANG LC_*' HashKnownHosts: 'yes' diff --git a/manifests/client.pp b/manifests/client.pp index 759a9f49..f8f873bb 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -29,15 +29,11 @@ Array $options_absent = [], ) { assert_private() - # Merge hashes from multiple layer of hierarchy in hiera - $hiera_options = lookup("${module_name}::client::options", Optional[Hash], 'deep', {}) - - $fin_options = deep_merge($hiera_options, $options) if $use_augeas { - $merged_options = sshclient_options_to_augeas_ssh_config($fin_options, $options_absent, { 'target' => $ssh::ssh_config }) + $merged_options = sshclient_options_to_augeas_ssh_config($options, $options_absent, { 'target' => $ssh::ssh_config }) } else { - $merged_options = merge($fin_options, delete($ssh::ssh_default_options, keys($fin_options))) + $merged_options = $options } include ssh::client::install diff --git a/manifests/init.pp b/manifests/init.pp index 3edf69ce..27e2df41 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -151,8 +151,6 @@ Stdlib::Absolutepath $sshd_dir, Stdlib::Absolutepath $sshd_binary, Boolean $validate_sshd_file, - Hash $sshd_default_options, - Hash $ssh_default_options, Stdlib::Absolutepath $sshd_config, Stdlib::Absolutepath $ssh_config, Stdlib::Filemode $user_ssh_directory_default_mode, @@ -177,21 +175,10 @@ Boolean $purge_unmanaged_sshkeys = true, ) { - # Merge hashes from multiple layer of hierarchy in hiera - $hiera_server_options = lookup("${module_name}::server_options", Optional[Hash], 'deep', {}) - $hiera_server_match_block = lookup("${module_name}::server_match_block", Optional[Hash], 'deep', {}) - $hiera_client_options = lookup("${module_name}::client_options", Optional[Hash], 'deep', {}) - $hiera_users_client_options = lookup("${module_name}::users_client_options", Optional[Hash], 'deep', {}) - - $fin_server_options = deep_merge($hiera_server_options, $server_options) - $fin_server_match_block = deep_merge($hiera_server_match_block, $server_match_block) - $fin_client_options = deep_merge($hiera_client_options, $client_options) - $fin_users_client_options = deep_merge($hiera_users_client_options, $users_client_options) - class { 'ssh::server': ensure => $version, storeconfigs_enabled => $storeconfigs_enabled, - options => $fin_server_options, + options => $server_options, validate_sshd_file => $validate_sshd_file, use_augeas => $use_augeas, options_absent => $server_options_absent, @@ -201,7 +188,7 @@ class { 'ssh::client': ensure => $version, storeconfigs_enabled => $storeconfigs_enabled, - options => $fin_client_options, + options => $client_options, use_augeas => $use_augeas, options_absent => $client_options_absent, } @@ -219,6 +206,6 @@ } } - create_resources('ssh::client::config::user', $fin_users_client_options) - create_resources('ssh::server::match_block', $fin_server_match_block) + create_resources('ssh::client::config::user', $users_client_options) + create_resources('ssh::server::match_block', $server_match_block) } diff --git a/manifests/server.pp b/manifests/server.pp index a306bd64..f17e82a8 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -44,17 +44,11 @@ Boolean $use_issue_net = false ) { assert_private() - # Merge hashes from multiple layer of hierarchy in hiera - $hiera_options = lookup("${module_name}::server::options", Optional[Hash], 'deep', {}) - $hiera_match_block = lookup("${module_name}::server::match_block", Optional[Hash], 'deep', {}) - - $fin_options = deep_merge($hiera_options, $options) - $fin_match_block = deep_merge($hiera_match_block, $match_block) if $use_augeas { - $merged_options = sshserver_options_to_augeas_sshd_config($fin_options, $options_absent, { 'target' => $ssh::sshd_config }) + $merged_options = sshserver_options_to_augeas_sshd_config($options, $options_absent, { 'target' => $ssh::sshd_config }) } else { - $merged_options = deep_merge($ssh::sshd_default_options, $fin_options) + $merged_options = $options } include ssh::server::install @@ -78,5 +72,5 @@ ~> Class['ssh::server::service'] } - create_resources('ssh::server::match_block', $fin_match_block) + create_resources('ssh::server::match_block', $match_block) }