SSH Server Puppet Module for Ubuntu 12.04

Puppet configures and installs daemons easily. OpenSSH server is one of the most popular servers.
This article shows an example of Puppet’s package-file-service pattern. A bypass for Ubuntu 12.04 broken init script is offered, making it a breeze to install and configure SSHd on Ubuntu too.
Prequisites: Knowledge of Puppet and modules. Command line, apt, sudo, daemons. This article is for users who already know puppet. If you’re a beginner in Puppet, start with Hello puppet.

Package-File-Service

You want sshd? Usually this means installing the package, modifying the configuration file and restarting the daemon. Puppet can do this to your slaves, and automatically reload the daemon whenever configuration files have changed.

The Problem: Chatty init.d Script

On Ubuntu 12.04, ‘sudo /etc/init.d/ssh status’ shows a longish message about upgrading to upstart. It recommends using ‘sudo service ssh status’ instead. If we run puppet with –debug, we can see that puppet uses the old version and can’t see if sshd is running.
The solution is to write our own status command.

SSHD init.pp

# SSHd install & configure, bypass Ubuntu 12.04 init script bug
# Copyright 2013 Tero Karvinen http://terokarvinen.com
class sshd {
        package { ‘openssh-server’:
                ensure => “installed”,
        }
         file { ‘/etc/ssh/sshd_config’:
                content => template(“sshd/sshd_config”),
                require => Package["openssh-server"],
                notify => Service["ssh"],
        }
        service { ‘ssh’:
                ensure => ‘running’,
                enable => ‘true’,
                require => Package["openssh-server"],
                hasstatus => ‘false’,
                status => “/etc/init.d/ssh status|grep running”,
        }
}

Creating the module

If you know puppet, you probably created the module already, But here are the commands

$ mkdir sshd; cd sshd
$ mkdir manifests/ templates/
$ sudo apt-get update && sudo apt-get -y install openssh-server
$ cp /etc/ssh/sshd_config templates/
$ nano manifests/init.pp

The module looks like this

modules/
        sshd/
                manifests/
                        init.pp
                templates/
                        sshd_config

And finally, run your module

$ puppet apply --modulepath modules/ -e 'class {"sshd":}'

Tested on xUbuntu 12.04 LTS amd64 live cd.

Posted in Uncategorized | Tagged , , , , , , , | 2 Comments

2 Responses to SSH Server Puppet Module for Ubuntu 12.04

  1. When copy-pasting the code you have to change those wordpress curvy quotation marks to get the code working. Gave me a headache to solve puppet’s error message:
    “Could not match ‘openssh-server’: at /home/ubuntu/puppet/modules/sshd/manifests/init.pp:5 on node ubuntu.localdomain”. That msg was repeated on every word with a quotation mark (single or double).
    Lesson learned. 🙂

  2. Thanks for including the error message to your tip, now your answer is easy to find.