You can easily do that with an Operating System-specific layer to your
hiera. Add something like `os/$facts['osfamily'].yaml` to your hiera.yaml.
Then, you can have a FreeBSD.yaml, and a Debian.yaml in your hiera data.
(Ubuntu is part of the Debian OS Family.)
Put the proper parameter block in each yaml file and the module will
automatically pull them in on the right hosts.
(Make sure you double check my hiera string there. I'm on mobile and don't
have access to my Puppet environment at the moment.)
On Sunday, May 7, 2023 at 7:33:38 PM UTC-4 lac...@gmail.com wrote:
> This works if I configure it for each individual server. Thank you!
>
> I was wondering if there is a way to have a different path for
> *AuthorizedKeysCommand
> *based on the operating system rather than every single server?
>
> I think an alternative could be in the manifest file something like:
>
> case $::operatingsystem {
> 'freebsd': {
> *somehow define AuthorizedKeysCommand:
> ‘/path/to/freebsd-command’*
> }
> 'ubuntu': {
> *somehow define AuthorizedKeysCommand:
> ‘/path/to/ubuntu-command’*
> }
>
> On Tuesday, May 2, 2023 at 2:04:16 PM UTC-4 Martin Alfke wrote:
>
>> The main ssh class has the parameter server_options:
>> # @param options
>> # Dynamic hash for openssh server option
>>
>> ssh::server_options:
>> AuthorizedKeysCommand: ‘/path/to/command’
>>
>> If you are using ssh::server class, the parameter ssh::server::options
>> must be used.
>>
>>
>> On 2. May 2023, at 17:29, Laci D <lac...@gmail.com> wrote:
>>
>> Thank you Martin, adding the following example to my
>> *nodes/myserversfqdn.yaml* did it for me.
>>
>> ssh::server::match_block:
>> '*,!that_other_group':
>> type: group
>> options:
>> ForceCommand: '/usr/bin/kpasswd'
>>
>> I have another question, how can I specify different values in Hiera for
>> different operating systems?
>>
>> For example *AuthorizedKeysCommand* needs a different value in Linux and
>> FreeBSD?
>>
>> On Tuesday, May 2, 2023 at 3:51:20 AM UTC-4 Martin Alfke wrote:
>>
>>> Hi,
>>>
>>> Ssh::server class has a parameter called “match_block” which calls a
>>> defined type:
>>>
>>> https://github.com/saz/puppet-ssh/blob/master/manifests/server/match_block.pp
>>>
>>> The defined type uses a template:
>>>
>>> https://github.com/saz/puppet-ssh/blob/master/templates/sshd_match_block.erb
>>>
>>> A hiera example is in the docs:
>>> https://forge.puppet.com/modules/saz/ssh/readme#hiera-example
>>>
>>> Hth,
>>> Martin
>>>
>>>
>>> On 1. May 2023, at 23:08, Laci D <lac...@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> I'm using *saz-ssh* to configure sshd_config, options are stored in
>>> Hiera. I didn't find the way how to implement "Match user/group", for
>>> example:
>>>
>>> Match group *, !not_that_group
>>> 'ForceCommand' => 'internal-sftp',
>>>
>>> I did see the example <https://forge.puppet.com/modules/saz/ssh/readme> but
>>> when I add that to my manifests/profiles/ssh.pp then Puppet is
>>> complaining and I'm not seeing how to configure it using Hiera.
>>>
>>> Any ideas?
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com.
>>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cef01e39-ee6e-4dcf-8a5c-0175c2b1a104n%40googlegroups.com.
