We''re using the ListenAddress directive in our sshd_config to tell
which interface sshd is supposed to listen on. Normally it''s the
address for eth1, but it might be the address for eth0 if there is
none for eth1, and it might be both..
So, could someone help me with the erb template for my sshd_config:
ListenAddress <%= sshd_listen_address %>
The priority should be:
1 - $sshd_listen_address defined in node template
2 - $ipaddress_eth1 fact if defined
3 - $ipaddress fact
4 - default = 0.0.0.0 (probably not necessary since $ipaddress
should always be defined..?)
-jf
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> The priority should be: > > 1 - $sshd_listen_address defined in node template > 2 - $ipaddress_eth1 fact if defined > 3 - $ipaddress factcase $sshd_listen_address { '''': { if $ipaddress_eth1 { $sshd_listen_address = $ipadress_eth1 } else { $sshd_listen_address = $ipaddress } } }> 4 - default = 0.0.0.0 (probably not necessary since $ipaddress > should always be defined..?)will always be defined. cheers pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mar 20, 12:40 pm, Peter Meier <peter.me...@immerda.ch> wrote:> case $sshd_listen_address { > '''': { > if $ipaddress_eth1 { > $sshd_listen_address = $ipadress_eth1 > } else { > $sshd_listen_address = $ipaddress > } > } > }Oh.. I was thinking about putting the logic inside the template, but see that maybe it fits better in the manifest. So I tried this in the ssh class manifest: case $sshd_listen_address { '''': { if $ipaddress_eth1 { $sshd_listen_address = $ipadress_eth1 } else { $sshd_listen_address = $ipaddress } } } file { "/etc/ssh/sshd_config": owner => root, group => root, mode => 400, content => template("ssh/sshd_config.erb"), require => [ Package["openssh-server"], Class["banner"], File["/etc/pam.d/sshd"] ] } and only use a "ListenAddress <%= sshd_listen_address %>" in the template. But this gives me a blank listenaddress if $sshd_listen_address isn''t defined in the node, so I''m wondering if this is maybe because the case statement is evaluated after the template is pushed.. Hmm, can "file" require a variable to enforce the order here, or is there any other sensible way without splitting this in sub-classes ? -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Peter Meier
2010-Mar-20 14:51 UTC
Re: [Puppet Users] Re: select ip-address for sshd_config
>> if $ipaddress_eth1 { >> $sshd_listen_address = $ipadress_eth1ipaddress vs. ipadress Regarding the order: no this doesn''t matter. There is a distinction between parsing and applying. Variables are set while parsing, so is the template evaluated, hence for parsing (which happens btw on the master) the order is fine like that. cheers pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Mar 20, 3:51 pm, Peter Meier <peter.me...@immerda.ch> wrote:> >> if $ipaddress_eth1 { > >> $sshd_listen_address = $ipadress_eth1 > > ipaddress vs. ipadressAh, you tricked me :-) Thanks!> Regarding the order: no this doesn''t matter. There is a distinction > between parsing and applying. Variables are set while parsing, so is > the template evaluated, hence for parsing (which happens btw on the > master) the order is fine like that.Ok, good to know. Thanks again ! -jf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.