3 #nodes = hiera('nodes', nil, {'cluster' => hiera('cluster')})
4 #$rootkeys = nodes.collect{|x| hiera('rootkey', nil, {'hostname' => x})}
6 package { [ 'openssh-client', 'openssh-server']:
12 require => Package['openssh-server']
15 @ferm::rule { 'dsa-ssh':
16 description => 'Allow SSH from DSA',
17 rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
19 @ferm::rule { 'dsa-ssh-v6':
20 description => 'Allow SSH from DSA',
22 rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
25 file { '/etc/ssh/ssh_config':
26 content => template('ssh/ssh_config.erb'),
27 require => Package['openssh-client']
29 file { '/etc/ssh/sshd_config':
30 content => template('ssh/sshd_config.erb'),
31 require => Package['openssh-server'],
32 notify => Service['ssh']
34 file { '/etc/ssh/userkeys':
37 require => Package['openssh-server']
39 file { '/etc/ssh/userkeys/root':
40 content => template('ssh/authorized_keys.erb'),