From a8a3004bfd24b664cd8c3d6a680849e10f5bd5d4 Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Thu, 8 Dec 2016 10:39:43 -0800
Subject: [PATCH] more instance variable cleanup
---
NEWS | 17 +++++++-
templates/ssh/sshd_config.erb | 8 ++--
templates/syslog/rsyslog.conf.erb | 2 +-
templates/xinetd/config.erb | 65 ++++++++++++++++---------------
4 files changed, 54 insertions(+), 38 deletions(-)
diff --git a/NEWS b/NEWS
index 776d81e..331bc5c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,22 @@
release/005.001 (2016-12-07)
Add "path" attributes to several exec resources. This will be required
- in the next version of Puppet [adamhl].
+ in the next version of Puppet. [adamhl]
+
+ [puppetclient] Replace "local" variables with what is really intended:
+ instance variables defined in the calling manifest (or defiend as a
+ Puppet fact). While not strictly necessary right now, in a future
+ version of Puppet will stop interpreting ERB local variables as
+ instance variables so we might as well fix them now. [adamhl]
+
+ [puppetclient] Remove some conditional code that made sense when we
+ used very old versions of Puppet. [adamhl]
+
+ [ssh] More of the instance variable cleanup. [adamhl]
+
+ [syslog] More of the instance variable cleanup. [adamhl]
+
+ [xinetd] More of the instance variable cleanup. [adamhl]
release/005.000 (2016-11-21)
diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index a2171ca..e965c7f 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -43,7 +43,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
LoginGraceTime 300
# Prevent attackers from running long password guessing attacks.
-MaxAuthTries <%= max_tries %>
+MaxAuthTries <%= @max_tries %>
<% if @osfamily == 'RedHat' then -%>
# Some Red Hat systems are old enough that this has to be explicitly enabled.
@@ -54,9 +54,9 @@ UsePrivilegeSeparation yes
# since we use GSS-API (or passwords).
IgnoreRhosts yes
RSAAuthentication no
-PubkeyAuthentication <%= pubkey ? 'yes' : 'no' %>
+PubkeyAuthentication <%= @pubkey ? 'yes' : 'no' %>
RhostsRSAAuthentication no
-HostbasedAuthentication <%= hostbased ? 'yes' : 'no' %>
+HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes
@@ -115,7 +115,7 @@ Subsystem sftp /usr/libexec/openssh/sftp-server
<% else -%>
Subsystem sftp /usr/lib/openssh/sftp-server
<% end -%>
-<% if gitolite then -%>
+<% if @gitolite then -%>
# gitolite user should run through a wrapper to map it to actual user.
Match User gitolite
diff --git a/templates/syslog/rsyslog.conf.erb b/templates/syslog/rsyslog.conf.erb
index bece0bc..e9eb848 100644
--- a/templates/syslog/rsyslog.conf.erb
+++ b/templates/syslog/rsyslog.conf.erb
@@ -42,7 +42,7 @@ $KLogPermitNonKernelFacility on
$SystemLogRateLimitInterval 0
<% end -%>
-<% unless use_syslog_conf == 'false' || !use_syslog_conf -%>
+<% unless @use_syslog_conf == 'false' || !@use_syslog_conf -%>
# Include the syslog rules first so they can be overriden by rsyslog.d.
$IncludeConfig /etc/syslog.conf
diff --git a/templates/xinetd/config.erb b/templates/xinetd/config.erb
index 58ace44..83e68de 100644
--- a/templates/xinetd/config.erb
+++ b/templates/xinetd/config.erb
@@ -1,56 +1,57 @@
# Managed by Puppet via xinetd::config class
# default: on
-# description: <%= description %>
-service <%= service %>
+# description: <%= @description %>
+service <%= @service %>
{
disable = no
-<% if name != service then -%>
- id = <%= name %>
+<% if @name != @service then -%>
+ id = <%= @name %>
<% end -%>
-<% if server_type != '' then -%>
- type = <%= server_type %>
+<% if @server_type != '' then -%>
+ type = <%= @server_type %>
<% end -%>
-<% if protocol != '' then -%>
- protocol = <%= protocol %>
+<% if @protocol != '' then -%>
+ protocol = <%= @protocol %>
<% end -%>
-<% if port != '' then -%>
- port = <%= port %>
+<% if @port != '' then -%>
+ port = <%= @port %>
<% end -%>
-<% if protocol == 'udp' then -%>
+<% if @protocol == 'udp' then -%>
socket_type = dgram
wait = yes
<% else -%>
socket_type = stream
wait = no
<% end -%>
-<% if flags != '' then -%>
- flags = <%= flags %>
+<% if @flags != '' then -%>
+ flags = <%= @flags %>
<% end -%>
- user = <%= user %>
- group = <%= group %>
-<% if server_type !~ /INTERNAL/ then -%>
- server = <%= server %>
-<% if server_args != '' then -%>
- server_args = <%= server_args %>
+ user = <%= @user %>
+ group = <%= @group %>
+<% if @server_type !~ /INTERNAL/ then -%>
+ server = <%= @server %>
+<% if @server_args != '' then -%>
+ server_args = <%= @server_args %>
<% end -%>
- libwrap = <%= server[/[^\/]+$/] %>
+<%- libwrap = @server[/[^\/]+$/] -%>
+ libwrap = <%= libwrap %>
<% end -%>
-<% if cps != '' then -%>
- cps = <%= cps %>
+<% if @cps != '' then -%>
+ cps = <%= @cps %>
<% end -%>
-<% if per_source != '' then -%>
- per_source = <%= per_source %>
+<% if @per_source != '' then -%>
+ per_source = <%= @per_source %>
<% end -%>
-<% if instances != '' then -%>
- instances = <%= instances %>
+<% if @instances != '' then -%>
+ instances = <%= @instances %>
<% end -%>
-<% if env != '' then -%>
- env = <%= env %>
+<% if @env != '' then -%>
+ env = <%= @env %>
<% end -%>
-<% if log_type != 'NONE' then
- if (server_type !~ /INTERNAL/) and (protocol != 'udp') then
- if log_type != '' then -%>
- log_type = SYSLOG <%= log_type %>
+<% if @log_type != 'NONE' then
+ if (@server_type !~ /INTERNAL/) and (@protocol != 'udp') then
+ if @log_type != '' then -%>
+ log_type = SYSLOG <%= @log_type %>
<% else -%>
log_type = SYSLOG daemon
<% end -%>
--
GitLab