Puppet SSH module configuration

In order to SSH configuration file security, ensure that the configuration permissions are not changed, can be unified management through puppet.

1. To create an SSH module related directory:

[Email protected]:ssh# pwd/etc/puppet/modules/ssh[email protected]:ssh# lltotal 12drwxr-xr-x 2 root root 4096 Nov  9 1 0:42 filesdrwxr-xr-x 2 root root 4096 Dec 18:15 manifestsdrwxr-xr-x 2 root root 4096 Dec 18:15 templates

2. Define the SSH module global configuration:

[Email protected]:manifests# vim init.pp class ssh{    include ssh::p arams,ssh::install,ssh::config,ssh::service}

3. Create the installation SSH package file:

[Email protected]:manifests# cat Install.pp class Ssh::install {package    {$ssh::p arams::ssh_package_name:              Ensure        = present,              allow_virtual = True,    }}

4. Create a variable file and use the appropriate variable depending on the operating system.

[Email protected]:manifests# cat params.pp class ssh::p arams {case    $::operatingsystem {            Slaris:  {                       $ Ssh_package_name = ' OpenSSH '                       $ssh _service_config = '/etc/ssh/sshd_config '                       $ssh _service_name = ' sshd '            }            /^ (ubuntu| Debian) $/: {                       $ssh _package_name = ' openssh-server '                       $ssh _service_config = '/etc/ssh/sshd_config '                       $ssh _ service_name = ' sshd '            }            default: {                       $ssh _package_name = ' openssh-server '                       $ssh _service_config = '/ Etc/ssh/sshd_config '                       $ssh _service_name = ' sshd '}}     

5. Create an SSH configuration file

[Email protected]:manifests# cat config.pp class Ssh::config {    file {$ssh::p arams::ssh_service_config:        owner< c2/>=> Root,        group   = root,        mode    = 0644,        ensure  = present,        content = Template ("Ssh/sshd_config.erb"),        require = class["Ssh::install"],        notify  = class["SSH:: Service "],     }}

6. Create an SSH service file

[Email protected]:manifests# cat service.pp class Ssh::service {    service {$ssh::p arams::ssh_service_name:        Ensure     =  running,        hasstatus  =  true,        Hasrestart =  true,        Enable     =  true,        require    =  class["Ssh::config"],    }}

7. Client-side testing

[email protected]:~# puppet agent--test info:retrieving pluginfactsinfo:retrieving plugininfo:caching Catalog fo R agent.domain.comInfo:Applying Configuration version ' 1418724923 ' notice:finished catalog run in 0.43 Seconds[email&nbs p;protected]:~# puppet agent--test info:retrieving pluginfactsinfo:retrieving plugininfo:caching Catalog for Agent.dom Ain.comInfo:Applying configuration Version ' 1418724963 ' Notice:/stage[main]/ssh::config/file[/etc/ssh/sshd_config] /content:---/etc/ssh/sshd_config2014-12-16 17:54:57.925899311 +0800+++/tmp/ Puppet-file20141216-29636-1fidan3-02014-12-16 18:16:06.120181312 +0800@@ -145,3 +145,4 @@ ########################## ########## hostkey/etc/ssh/ssh_host_rsa_key hostkey/etc/ssh/ssh_host_dsa_key+ #daveheInfo: Computing checksum on file /etc/ssh/sshd_configinfo:/stage[main]/ssh::config/file[/etc/ssh/sshd_config]: Filebucketed/etc/ssh/sshd_config To puppet with sum 2f42725b0c617b2ec7b9dd2db6c8fe61notice:/stage[main]/ssh::config/file[/etc/sSh/sshd_config]/content:content changed ' {md5}2f42725b0c617b2ec7b9dd2db6c8fe61 ' to ' {MD5} 53141dd1bb8749a04a5fd2a2f05b2b2a ' Info:/stage[main]/ssh::config/file[/etc/ssh/sshd_config]: Scheduling refresh of Class[ssh::service]info:class[ssh::service]: Scheduling refresh of Service[sshd]notice:/stage[main]/ssh::service/ SERVICE[SSHD]: Triggered ' refresh ' from 1 eventsnotice:finished catalog run in 0.73 seconds

Puppet SSH module configuration