Merge pull request dev-sec#29 from TelekomLabs/restart

fixes dev-sec#24
rollbrettler · Jul 1, 2014 · 638011f · 638011f
2 parents edeb510 + 09f8f75
commit 638011f
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -33,6 +33,14 @@
 # Define the server package name
 default['sshserver']['package'] = 'openssh-server'
 
+# Define the service name for sshd
+case node['platform_family']
+when 'rhel', 'fedora', 'suse', 'freebsd', 'gentoo'
+  default['sshserver']['service_name'] = 'sshd'
+else
+  default['sshserver']['service_name'] = 'ssh'
+end
+
 default['config_disclaimer']              = '**Note:** This file was automatically created by Pinerolo configuration. If you use its automated setup, do not edit this file directly, but adjust the automation instead.'
 default['network']['ipv6']['enable']      = false   # sshd + ssh
 default['ssh']['cbc_required']            = false   # sshd + ssh

diff --git a/recipes/server.rb b/recipes/server.rb
@@ -19,10 +19,38 @@
 # limitations under the License.
 #
 
+# installs package name
 package 'openssh-server' do
   package_name node['sshserver']['package']
 end
 
+# defines the sshd service
+service 'sshd' do
+  # use upstart for ubuntu, otherwise chef uses init
+  # @see http://docs.opscode.com/resource_service.html#providers
+  case node['platform']
+  when 'ubuntu'
+    if node['platform_version'].to_f >= 12.04
+      provider Chef::Provider::Service::Upstart
+    end
+  end
+  service_name node['sshserver']['service_name']
+  supports value_for_platform(
+    'centos' => { 'default' => [:restart, :reload, :status] },
+    'redhat' => { 'default' => [:restart, :reload, :status] },
+    'fedora' => { 'default' => [:restart, :reload, :status] },
+    'scientific' => { 'default' => [:restart, :reload, :status] },
+    'arch' => { 'default' => [:restart] },
+    'debian' => { 'default' => [:restart, :reload, :status] },
+    'ubuntu' => {
+      '8.04' => [:restart, :reload],
+      'default' => [:restart, :reload, :status]
+    },
+    'default' => { 'default' => [:restart, :reload] }
+  )
+  action [:enable, :start]
+end
+
 directory '/etc/ssh' do
   mode 0755
   owner 'root'
@@ -40,6 +68,7 @@
     kex: SshKex.get_kexs(node, node['ssh']['weak_kex']),
     cipher: SshCipher.get_ciphers(node, node['ssh']['cbc_required'])
   )
+  notifies :restart, 'service[sshd]'
 end
 
 def get_key_from(field)