From 5ae2c153204d6ecbdee2aa3cfc3be7c95bd6a9b5 Mon Sep 17 00:00:00 2001 From: Rudy Broersma Date: Thu, 4 May 2017 12:15:10 +0200 Subject: [PATCH] Update user.pp to allow IPv6 This change adds IPv6 addresses to the authorized_keys file of the backshots user. This is required, as OpenSSH 6.8 and up have changed the use of the configuration parameter "UseDNS" from Yes to No, which means that SSHd will no longer be doing DNS lookups. Without this patch, a backup server that tries to connect using IPv6 to a server that has UseDNS set to 'no', the connection will fail. --- manifests/client/user.pp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/manifests/client/user.pp b/manifests/client/user.pp index 1e9ae53..cb28b99 100644 --- a/manifests/client/user.pp +++ b/manifests/client/user.pp @@ -35,11 +35,16 @@ gid => $client_user, password => '*' } - + ## Get Key for remote backup user if $push_ssh_key { $server_user_exploded = "${server_user}@${server}" - $backup_server_ip = inline_template("<%= Addrinfo.getaddrinfo('${server}', 'ssh', nil, :STREAM).first.ip_address %>") + + # I believe there is a bug in Puppet related to this change, requiring the use of .last instead of .first. + # See: https://tickets.puppetlabs.com/browse/SERVER-1801 + $backup_server_ipv6 = inline_template("<%= Addrinfo.getaddrinfo('${server}', 'ssh', Socket::AF_UNSPEC, :STREAM).last.ip_address %>") + $backup_server_ipv4 = inline_template("<%= Addrinfo.getaddrinfo('${server}', 'ssh', Socket::AF_INET, :STREAM).first.ip_address %>") + sshkeys::set_authorized_key { "${server_user_exploded} to ${client_user}": local_user => $client_user, remote_user => $server_user_exploded, @@ -51,10 +56,10 @@ 'no-agent-forwarding', 'no-X11-forwarding', 'no-pty', - "from=\"${backup_server_ip},${server}\"" + "from=\"${server},${backup_server_ipv4},${backup_server_ipv6}\"" ] } - } +} # Add sudo config if needed. if $use_sudo and $setup_sudo {