From beb78ff787aef1d940aa33d12292352c67337324 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Mon, 7 Apr 2014 22:09:14 -0700
Subject: [PATCH] Fix sftp access on CentOS machines

The sshd_config file that we put everywhere has an invalid value for
where the sftp command is. On RedHat, it's in /usr/libexec - which means
that it is not possible to use SFTP to interact with our CentOS
machines.

Replace the static file with a template so that we can substitute the
correct value based on which distro it is.

Change-Id: Ia9ba88199f4ff024a904431821926dbb26f35ad6
---
 manifests/init.pp                              | 5 +----
 manifests/params.pp                            | 2 ++
 files/sshd_config => templates/sshd_config.erb | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)
 rename files/sshd_config => templates/sshd_config.erb (97%)

diff --git a/manifests/init.pp b/manifests/init.pp
index e3a3a3e..a3fc66e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,10 +15,7 @@ class ssh {
       owner   => 'root',
       group   => 'root',
       mode    => '0444',
-      source  => [
-        "puppet:///modules/ssh/sshd_config.${::osfamily}",
-        'puppet:///modules/ssh/sshd_config',
-      ],
+      content => template('ssh/sshd_config.erb'),
       replace => true,
     }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index ac5740b..6590176 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -7,10 +7,12 @@ class ssh::params {
     'RedHat': {
       $package_name = 'openssh-server'
       $service_name = 'sshd'
+      $sftp_path    = '/usr/libexec/openssh/sftp-server'
     }
     'Debian': {
       $package_name = 'openssh-server'
       $service_name = 'ssh'
+      $sftp_path    = '/usr/lib/openssh/sftp-server'
     }
     default: {
       fail("Unsupported osfamily: ${::osfamily} The 'ssh' module only supports osfamily Debian or RedHat (slaves only).")
diff --git a/files/sshd_config b/templates/sshd_config.erb
similarity index 97%
rename from files/sshd_config
rename to templates/sshd_config.erb
index bb7429a..37d23b6 100644
--- a/files/sshd_config
+++ b/templates/sshd_config.erb
@@ -72,7 +72,7 @@ TCPKeepAlive yes
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 
-Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
 
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will