Adding support for the gitlab_sshd configuration hash

README.md

@@ -434,12 +434,14 @@ initial connections for ssh operations. GitLab has created a feature that allows
 authorized ssh keys to be stored in the db (instead of the `authorized_keys`
 file for the `git` user)
 
-You can enable this feature in GitLab using the `store_git_keys_in_db` parameter.
+You can enable this feature in GitLab using the `store_git_keys_in_db` parameter,
+or by enabling `gitlab-sshd` as it is configured to use fast lookup automatically.
 
-Please note, managing the sshd service and openssh is outside the scope of this
-module. You will need to configure the AuthorizedKeysCommand for the `git` user
-in sshd.server yourself. Instructions for this are provided by GitLab at [Fast
-lookup of authorized SSH keys in the databasse][15]
+Please note, while you can manage [gitlab-sshd][23] (Gitlab's standalone SSH server)
+with this module, you can not manage openssh and the sshd service as it is outside
+the scope of the module. You will need to configure the AuthorizedKeysCommand
+for the `git` user in sshd.server yourself. Instructions for this are provided by
+GitLab at [Fast lookup of authorized SSH keys in the databasse][15]
 
 ### Setting up GitLab HA
 
@@ -520,3 +522,4 @@ broader community is able to maintain the module.‚
 [20]: https://vshn.ch
 [21]: https://docs.gitlab.com/ee/system_hooks/system_hooks.html
 [22]: https://docs.gitlab.com/ee/administration/file_hooks.html
+[23]: https://docs.gitlab.com/ee/administration/operations/gitlab_sshd.html

REFERENCE.md

@@ -67,6 +67,7 @@ The following parameters are available in the `gitlab` class:
 * [`gitlab_kas`](#-gitlab--gitlab_kas)
 * [`gitlab_pages`](#-gitlab--gitlab_pages)
 * [`gitlab_rails`](#-gitlab--gitlab_rails)
+* [`gitlab_sshd`](#-gitlab--gitlab_sshd)
 * [`gitlab_workhorse`](#-gitlab--gitlab_workhorse)
 * [`grafana`](#-gitlab--grafana)
 * [`logging`](#-gitlab--logging)
@@ -391,6 +392,14 @@ Hash of 'gitlab_pages' config parameters.
 
 Default value: `undef`
 
+##### <a name="-gitlab--gitlab_sshd"></a>`gitlab_sshd`
+
+Data type: `Optional[Hash]`
+
+Hash of 'gitlab_sshd' config parameters.
+
+Default value: `undef`
+
 ##### <a name="-gitlab--gitlab_workhorse"></a>`gitlab_workhorse`
 
 Data type: `Optional[Hash]`

manifests/init.pp

@@ -32,6 +32,7 @@
 # @param gitlab_kas Hash of 'gitlab_kas' config parameters.
 # @param gitlab_pages Hash of 'gitlab_pages' config parameters.
 # @param gitlab_rails Hash of 'gitlab_pages' config parameters.
+# @param gitlab_sshd Hash of 'gitlab_sshd' config parameters.
 # @param gitlab_workhorse Hash of 'gitlab_workhorse' config parameters.
 # @param grafana Hash of 'grafana' config parameters.
 # @param logging Hash of 'logging' config parameters.
@@ -132,6 +133,7 @@
   Optional[Hash]                      $gitlab_kas                      = undef,
   Optional[Hash]                      $gitlab_pages                    = undef,
   Optional[Hash]                      $gitlab_rails                    = undef,
+  Optional[Hash]                      $gitlab_sshd                     = undef,
   Optional[Hash]                      $grafana                         = undef,
   Optional[Hash]                      $high_availability               = undef,
   Optional[Hash]                      $logging                         = undef,

manifests/omnibus_config.pp

@@ -26,6 +26,7 @@
   $gitlab_kas = $gitlab::gitlab_kas
   $gitlab_pages = $gitlab::gitlab_pages
   $gitlab_rails = $gitlab::gitlab_rails
+  $gitlab_sshd = $gitlab::gitlab_sshd
   $grafana = $gitlab::grafana
   $high_availability = $gitlab::high_availability
   $letsencrypt = $gitlab::letsencrypt

spec/classes/init_spec.rb

@@ -461,6 +461,18 @@
               with_content(%r{^\s*geo_logcursor\['enable'\] = true$})
           }
         end
+        describe 'gitlab_sshd' do
+          let(:params) do
+            { gitlab_sshd: {
+              'enable' => true
+            } }
+          end
+
+          it {
+            is_expected.to contain_file('/etc/gitlab/gitlab.rb'). \
+              with_content(%r{^\s*gitlab_sshd\['enable'\] = true$})
+          }
+        end
       end
     end
   end

templates/gitlab.rb.erb

@@ -129,6 +129,15 @@ sidekiq_cluster['<%= k -%>'] = <%= decorate(@sidekiq_cluster[k]) %>
 <%- @shell.keys.sort.each do |k| -%>
 gitlab_shell['<%= k -%>'] = <%= decorate(@shell[k]) %>
 <%- end end -%>
+<%- if @gitlab_sshd -%>
+
+###############
+# gitlab-sshd #
+###############
+
+<%- @gitlab_sshd.keys.sort.each do |k| -%>
+gitlab_sshd['<%= k -%>'] = <%= decorate(@gitlab_sshd[k]) %>
+<%- end end -%>
 <%- if @postgresql -%>
 
 #####################