[MediaWiki-commits] [Gerrit] ssh: allow parameterization of authorized_keys - change (operations/puppet)

Alexandros Kosiaris (Code Review) Tue, 07 Apr 2015 07:17:41 -0700

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/202392


Change subject: ssh: allow parameterization of authorized_keys
......................................................................

ssh: allow parameterization of authorized_keys

This allows to use a parameter called authorized_keys_file to specify
the AuthorizedKeysFile sshd configuration parameter. This will allow for
a per host/role authorized_key policy specified by hiera. An effort to
maintain backwards compatibility is present in this commit, to be
removed in followup commits.

Change-Id: If63159ae35ee56c1ae87fb90b7f200d144511793
---
M modules/ssh/manifests/server.pp
1 file changed, 10 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/92/202392/1

diff --git a/modules/ssh/manifests/server.pp b/modules/ssh/manifests/server.pp
index e107767..74503b8 100644
--- a/modules/ssh/manifests/server.pp
+++ b/modules/ssh/manifests/server.pp
@@ -2,6 +2,7 @@
     $listen_port = '22',
     $listen_address = undef,
     $permit_root = true,
+    $authorized_keys_file = undef,
 ) {
     package { 'openssh-server':
         ensure => latest;
@@ -12,12 +13,16 @@
         subscribe => File['/etc/ssh/sshd_config'],
     }
 
-    if ($::realm == 'labs') {
-        $ssh_authorized_keys_file ='/etc/ssh/userkeys/%u 
/public/keys/%u/.ssh/authorized_keys'
+    if $authorized_keys_file {
+        $ssh_authorized_keys_file = $authorized_keys_file
     } else {
-        # Lucid doesn't seem to like this at all, ssh refuses to start
-        if os_version('ubuntu > lucid') {
-            $ssh_authorized_keys_file ='/etc/ssh/userkeys/%u 
.ssh/authorized_keys .ssh/authorized_keys2'
+        if ($::realm == 'labs') {
+            $ssh_authorized_keys_file ='/etc/ssh/userkeys/%u 
/public/keys/%u/.ssh/authorized_keys'
+        } else {
+            # Lucid doesn't seem to like this at all, ssh refuses to start
+            if os_version('ubuntu > lucid') {
+                $ssh_authorized_keys_file ='/etc/ssh/userkeys/%u 
.ssh/authorized_keys .ssh/authorized_keys2'
+            }
         }
     }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/202392
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If63159ae35ee56c1ae87fb90b7f200d144511793
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ssh: allow parameterization of authorized_keys - change (operations/puppet)

Reply via email to