Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

clarify the link between aaa::use_bastions and ::networking::use_bastions

Browse Source
This commit is contained in:
buchel_k
2022-05-04 11:43:08 +02:00
parent 1b46c7f058
commit d76f3cbfe9
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
admin-guide/puppet/profiles/aaa.rst
View File

@@ -12,9 +12,9 @@ auditing. In particular, it
Parameters
----------
=============================== ======== ================================================
=============================== ======== ==============================================================
**Name** **Type** **Default**
------------------------------- -------- ------------------------------------------------
------------------------------- -------- --------------------------------------------------------------
admins list hiera_array('aaa::admins')
allow_sudoers_d bool hiera('aaa::allow_sudoers_d')
bastions list hiera('aaa::bastions')
@@ -32,9 +32,9 @@ ssh_authorized_keys hash hiera_hash('aaa::sshkeys', {})
sssd_debuglevel int hiera('aaa::sssd_debuglevel')
sudo_rules (Hiera only) list hiera_array('aaa::sudo_rules', [])
support_afs bool hiera('aaa::support_afs'),
use_bastions bool hiera('aaa::use_bastions', undef)
use_bastions bool hiera('aaa::use_bastions', $profile::networking::use_bastions)
users list hiera_array('aaa::users', [])
=============================== ======== ================================================
=============================== ======== ==============================================================
``admins``

4
admin-guide/puppet/profiles/networking.rst
View File

@@ -22,10 +22,14 @@ variables listed below:
This boolean indicates to the :doc:`aaa <../profiles/aaa>` profile whether SSH
access should be restricted to connections coming from the bastion hosts.
Override possible with ``aaa::use_bastions``.
Notes:
- the above variables are not configured in ``hiera``, but in the
`Puppet manifest <https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/manifests/networking/params.pp>`_
- the DNS cache is configured to be persistent, i.e. the cached data will
survive restarts of ``nscd.service``. To clear the cache, run ``nscd -i
hosts`` or ``systemctl reload nscd``.