Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

Merge branch 'master' of git.psi.ch:linux-infra/documentation

Browse Source
This commit is contained in:
Daniela Metzler
2022-05-07 17:26:26 +02:00
parent 2672c7c62f addb34d494
commit f5f93736f0
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
admin-guide/puppet/profiles/aaa.rst
View File

@@ -12,9 +12,9 @@ auditing. In particular, it
Parameters
----------
=============================== ======== ================================================
=============================== ======== ==============================================================
**Name** **Type** **Default**
------------------------------- -------- ------------------------------------------------
------------------------------- -------- --------------------------------------------------------------
admins list hiera_array('aaa::admins')
allow_sudoers_d bool hiera('aaa::allow_sudoers_d')
bastions list hiera('aaa::bastions')
@@ -32,9 +32,9 @@ ssh_authorized_keys hash hiera_hash('aaa::sshkeys', {})
sssd_debuglevel int hiera('aaa::sssd_debuglevel')
sudo_rules (Hiera only) list hiera_array('aaa::sudo_rules', [])
support_afs bool hiera('aaa::support_afs'),
use_bastions bool hiera('aaa::use_bastions', undef)
use_bastions bool hiera('aaa::use_bastions', $profile::networking::use_bastions)
users list hiera_array('aaa::users', [])
=============================== ======== ================================================
=============================== ======== ==============================================================
``admins``

4
admin-guide/puppet/profiles/networking.rst
View File

@@ -22,10 +22,14 @@ variables listed below:
This boolean indicates to the :doc:`aaa <../profiles/aaa>` profile whether SSH
access should be restricted to connections coming from the bastion hosts.
Override possible with ``aaa::use_bastions``.
Notes:
- the above variables are not configured in ``hiera``, but in the
`Puppet manifest <https://git.psi.ch/linux-infra/puppet/-/blob/preprod/code/modules/profile/manifests/networking/params.pp>`_
- the DNS cache is configured to be persistent, i.e. the cached data will
survive restarts of ``nscd.service``. To clear the cache, run ``nscd -i
hosts`` or ``systemctl reload nscd``.