From 50004931ee5ca1fa809acd2f4cd2ee1ed6118ebb Mon Sep 17 00:00:00 2001
From: Fabien Boucher <fabien.boucher@enovance.com>
Date: Wed, 25 Mar 2015 14:54:32 +0000
Subject: [PATCH] Add the trusted source as class parameter

Remove the hardcoded puppetmaster.openstack.org value
from the template but keep it as default parameter
value for ssh class.

Change-Id: I4b07f78ed455841cc2301227e42222ca96b24821
---
 manifests/init.pp         | 2 +-
 templates/sshd_config.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index a3fc66e..c789b14 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,6 @@
 # == Class: ssh
 #
-class ssh {
+class ssh ($trusted_ssh_source = 'puppetmaster.openstack.org') {
     include ssh::params
     package { $::ssh::params::package_name:
       ensure => present,
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index b55fd2f..4e7a512 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -86,5 +86,5 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
 UsePAM yes
 
 # allow ansible connections from puppetmaster host
-Match host puppetmaster.openstack.org
+Match host <%= @trusted_ssh_source %>
     PermitRootLogin without-password