diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-11 21:51:20 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-11 21:51:20 -0300 |
| commit | 794666145e1d4becf83e08905d1c8a5c13ec62ab (patch) | |
| tree | a4bd76f6bc2f3f0ac2744d51fbea7b066e166462 | |
| parent | deb0f9d2bb3efb6addfec6fa9f051abc9bd215ee (diff) | |
| download | puppet-ikiwiki-794666145e1d4becf83e08905d1c8a5c13ec62ab.tar.gz puppet-ikiwiki-794666145e1d4becf83e08905d1c8a5c13ec62ab.tar.bz2 | |
SSH key management should be done elsewhere
| -rw-r--r-- | manifests/auth.pp | 70 | ||||
| -rw-r--r-- | manifests/instance.pp | 22 |
2 files changed, 1 insertions, 91 deletions
diff --git a/manifests/auth.pp b/manifests/auth.pp deleted file mode 100644 index 6bbd65b..0000000 --- a/manifests/auth.pp +++ /dev/null @@ -1,70 +0,0 @@ -# This has probably to be removed from this module -define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } - - # Alternativelly, you can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} diff --git a/manifests/instance.pp b/manifests/instance.pp index d51755f..068b2df 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -10,8 +10,7 @@ define ikiwiki::instance( $protocol = 'https', $owner = $name, $group = $name, - $home = "/home/$owner", - $create_ssh_key = false + $home = "/home/$owner" ) { case $ensure { 'present': { @@ -77,25 +76,6 @@ define ikiwiki::instance( "${ikiwiki::sites_folder}/${name}/ikiwiki", "${ikiwiki::sites_folder}/${name}/ikiwiki_src"], } - - if $create_ssh_key == true { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => directory, - owner => $owner, - group => $group, - mode => 0700, - } - } - - exec { "ssh-keygen-ikiwiki-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa", - creates => "${home}/.ssh/id_rsa", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } - } } 'absent': { file { "/etc/ikiwiki/$name.setup": |