|
- class ssh::install {
- package {"openssh":
- ensure=>present,
- }
- }
- class ssh::config{
- file { "/etc/ssh/sshd_config":
- ensure=> present,
- owner=> 'root',
- group=> 'root',
- mode=> 0600,
- source=> "puppet://pps.zhaizu.com/files/sshd_config",
- require=> Class["ssh::install"],
- notify=> Class["ssh::service"],
- }
- }
- class ssh::service {
- service {"sshd":
- ensure=>running,
- hasstatus=>true,
- hasrestart=>true,
- enable=>true,
- require=>Class["ssh::config"],
- }
- }
- class ssh{
- include ssh::install, ssh::config, ssh::service
- }
- ~
注意fileserver配置
- # over deny
- [files]
- path /etc/puppet/files
- allow *.example.com
- # deny *.evil.example.com
- allow 192.168.1.0/24
- ~
- ~
安装
- class ssh::install {
- package {"openssh-server":
- name=>"openssh-server",
- ensure=>installed,
- ensure=>present,
- }
- }
- class ssh::config{
- file { "/etc/ssh/sshd_config":
- ensure=> present,
- owner=> 'root',
- group=> 'root',
- mode=> 0600,
- source=> "puppet://pps.zhaizu.com/files/sshd_config",
- require=> Class["ssh::install"],
- notify=> Class["ssh::service"],
- }
- }
- class ssh::service {
- service {"sshd":
- ensure=>running,
- hasstatus=>true,
- hasrestart=>true,
- enable=>true,
- require=>Class["ssh::config"],
- }
- }
- class ssh{
- include ssh::install, ssh::config, ssh::service
- }
agent这里推送一下,
- [root@ppc tmp]# ps -ef | grep ssh
- root 5329 1 0 02:05 ? 00:00:00 sshd: root@pts/1
- root 6255 1 0 02:10 ? 00:00:00 /usr/sbin/sshd
- root 6270 31347 0 02:12 pts/0 00:00:00 grep ssh
- root 31345 1 0 Jul18 ? 00:00:00 sshd: root@pts/0
- [root@ppc tmp]# yum remove openssh-server
- Loaded plugins: fastestmirror
- Setting up Remove Process
- Resolving Dependencies
- --> Running transaction check
- ---> Package openssh-server.x86_64 0:4.3p2-82.el5 set to be erased
- --> Finished Dependency Resolution
- Dependencies Resolved
- ==============================================================================================================================================================================================================================================================================
- Package Arch Version Repository Size
- ==============================================================================================================================================================================================================================================================================
- Removing:
- openssh-server x86_64 4.3p2-82.el5 installed 480 k
- Transaction Summary
- ==============================================================================================================================================================================================================================================================================
- Remove 1 Package(s)
- Reinstall 0 Package(s)
- Downgrade 0 Package(s)
- Is this ok [y/N]: y
- Downloading Packages:
- Running rpm_check_debug
- Running Transaction Test
- Finished Transaction Test
- Transaction Test Succeeded
- Running Transaction
- Erasing : openssh-server 1/1
- warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave
- Removed:
- openssh-server.x86_64 0:4.3p2-82.el5
- Complete!
- [root@ppc tmp]# puppet agent --server=pps.zhaizu.com --no-daemonize --verbose --onetime
- /usr/lib/ruby/site_ruby/1.8/puppet/defaults.rb:71: warning: Insecure world writable dir /tmp/., mode 041777
- info: Caching catalog for ppc.zhaizu.com
- info: Applying configuration version '1342635001'
- notice: /Stage[main]/Ssh::Install/Package[openssh-server]/ensure: created
- info: FileBucket got a duplicate file {md5}e315091c55dc456ce5c3d70d6d11f001
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum e315091c55dc456ce5c3d70d6d11f001
- notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}e315091c55dc456ce5c3d70d6d11f001' to '{md5}884a1c740400c46efb99200a28af4f26'
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Service[sshd]
- notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: ensure changed 'stopped' to 'running'
- notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered 'refresh' from 1 events
- notice: Finished catalog run in 5.89 seconds
- [root@ppc tmp]# rpm -q openssh-server
- openssh-server-4.3p2-82.el5
- [root@ppc tmp]# ps -ef | grep ssh
- root 5329 1 0 02:05 ? 00:00:00 sshd: root@pts/1
- root 6714 1 0 02:12 ? 00:00:00 /usr/sbin/sshd
- root 6719 31347 0 02:13 pts/0 00:00:00 grep ssh
- root 31345 1 0 Jul18 ? 00:00:00 sshd: root@pts/0
- [root@ppc tmp]#
|
|
|