migrate away from hiera stuff

diff --git a/README b/README
index 7e1b1f57ebe4ade6c24e90a1cf8657993538e760..15742d3867fe1931cb7102a979556f3195a8b693 100644 (file)
--- a/README
+++ b/README
@@ -24,7 +24,7 @@ Nagios
 ------
 
 To have nagios checks setup automatically for sshd services, simply set
-use_nagios to true in hiera. If you want to disable ssh
+manage_nagios to true for that class. If you want to disable ssh
 nagios checking for a particular node (such as when ssh is firewalled), then you
 can set the class parameter nagios_check_ssh to false and that node will not bei
 monitored.  

diff --git a/manifests/client.pp b/manifests/client.pp
index c99cf27010e12956835145b40618cff8a574d487..84dd7abc392a1d0056d2cd45fea9be7a30e4bcc8 100644 (file)
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,8 +1,9 @@
 # manifests/client.pp
 
 class sshd::client(
-  $shared_ip = hiera('sshd_shared_ip','no'),
-  $ensure_version = hiera('sshd_ensure_version','installed')
+  $shared_ip = 'no',
+  $ensure_version = 'installed',
+  $manage_shorewall = false
 ) {
 
   case $::operatingsystem {
@@ -15,7 +16,7 @@ class sshd::client(
     }
   }
 
-  if hiera('use_shorewall',false) {
+  if $manage_shorewall{
     include shorewall::rules::out::ssh
   }
 }

diff --git a/manifests/init.pp b/manifests/init.pp
index f183acd3a0cd445472784501257ef43ef256b496..4d66b819a56d7af8e45248b468b8a3dec98972d3 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,42 +1,45 @@
 class sshd(
-  $nagios_check_ssh = hiera('nagios_check_ssh',true),
-  $nagios_check_ssh_hostname = hiera('nagios_check_ssh_hostname','absent'),
-  $ports = hiera('sshd_ports',[ 22 ]),
-  $shared_ip = hiera('sshd_shared_ip','no'),
-  $ensure_version = hiera('sshd_ensure_version','installed'),
-  $listen_address = hiera('sshd_listen_address',[ '0.0.0.0', '::' ]),
-  $allowed_users = hiera('sshd_allowed_users',''),
-  $allowed_groups = hiera('sshd_allowed_groups',''),
-  $use_pam = hiera('sshd_use_pam','no'),
-  $permit_root_login = hiera('sshd_permit_root_login','without-password'),
-  $password_authentication = hiera('sshd_password_authentication','no'),
-  $kerberos_authentication = hiera('sshd_kerberos_authentication','no'),
-  $kerberos_orlocalpasswd = hiera('sshd_sshd_kerberos_orlocalpasswd','yes'),
-  $kerberos_ticketcleanup = hiera('sshd_kerberos_ticketcleanup','yes'),
-  $gssapi_authentication = hiera('sshd_gssapi_authentication','no'),
-  $gssapi_cleanupcredentials = hiera('sshd_gssapi_cleanupcredentials','yes'),
-  $tcp_forwarding = hiera('sshd_tcp_forwarding','no'),
-  $x11_forwarding = hiera('sshd_x11_forwarding','no'),
-  $agent_forwarding = hiera('sshd_agent_forwarding','no'),
-  $challenge_response_authentication = hiera('sshd_challenge_response_authentication','no'),
-  $pubkey_authentication = hiera('sshd_pubkey_authentication','yes'),
-  $rsa_authentication = hiera('rsa_authentication','no'),
-  $strict_modes = hiera('sshd_strict_modes','yes'),
-  $ignore_rhosts = hiera('sshd_ignore_rhosts','yes'),
-  $rhosts_rsa_authentication = hiera('sshd_rhosts_rsa_authentication','no'),
-  $hostbased_authentication = hiera('sshd_hostbased_authentication','no'),
-  $permit_empty_passwords = hiera('sshd_permit_empty_passwords','no'),
-  $authorized_keys_file = hiera('sshd_authorized_keys_file','%h/.ssh/authorized_keys'),
-  $hardened_ssl = hiera('sshd_hardened_ssl','no'),
-  $sftp_subsystem = hiera('sshd_sftp_subsystem',''),
-  $head_additional_options = hiera('sshd_head_additional_options',''),
-  $tail_additional_options = hiera('sshd_tail_additional_options',''),
-  $print_motd = hiera('sshd_print_motd','yes')
+  $manage_nagios = true,
+  $nagios_check_ssh_hostname = 'absent',
+  $ports = [ 22 ],
+  $shared_ip = 'no',
+  $ensure_version = 'installed',
+  $listen_address = [ '0.0.0.0', '::' ],
+  $allowed_users = '',
+  $allowed_groups = '',
+  $use_pam = 'no',
+  $permit_root_login = 'without-password',
+  $password_authentication = 'no',
+  $kerberos_authentication = 'no',
+  $kerberos_orlocalpasswd = 'yes',
+  $kerberos_ticketcleanup = 'yes',
+  $gssapi_authentication = 'no',
+  $gssapi_cleanupcredentials = 'yes',
+  $tcp_forwarding = 'no',
+  $x11_forwarding = 'no',
+  $agent_forwarding = 'no',
+  $challenge_response_authentication = 'no',
+  $pubkey_authentication = 'yes',
+  $rsa_authentication = 'no',
+  $strict_modes = 'yes',
+  $ignore_rhosts = 'yes',
+  $rhosts_rsa_authentication = 'no',
+  $hostbased_authentication = 'no',
+  $permit_empty_passwords = 'no',
+  $authorized_keys_file = '%h/.ssh/authorized_keys',
+  $hardened_ssl = 'no',
+  $sftp_subsystem = '',
+  $head_additional_options = '',
+  $tail_additional_options = '',
+  $print_motd = 'yes',
+  $manage_shorewall = false,
+  $shorewall_source = 'net'
 ) {
 
   class{'sshd::client':
     shared_ip => $sshd::shared_ip,
-    ensure_version => $sshd::ensure_version
+    ensure_version => $sshd::ensure_version,
+    manage_shorewall => $manage_shorewall,
   }
 
   case $::operatingsystem {
@@ -47,15 +50,16 @@ class sshd(
     default: { include sshd::base }
   }
 
-  if hiera('use_nagios',false) and $sshd::nagios_check_ssh {
-    sshd::nagios{$sshd::ports:
-      check_hostname => $sshd::nagios_check_ssh_hostname
+  if $manage_nagios {
+    sshd::nagios{$ports:
+      check_hostname => $nagios_check_ssh_hostname
     }
   }
 
-  if hiera('use_shorewall', false) {
+  if $manage_shorewall {
     class{'shorewall::rules::ssh':
-      ports => $sshd::ports,
+      ports => $ports,
+      source => $shorewall_source
     }
   }
 }