From 794666145e1d4becf83e08905d1c8a5c13ec62ab Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 11 Apr 2013 21:51:20 -0300 Subject: SSH key management should be done elsewhere --- manifests/auth.pp | 70 --------------------------------------------------- manifests/instance.pp | 22 +--------------- 2 files changed, 1 insertion(+), 91 deletions(-) delete mode 100644 manifests/auth.pp diff --git a/manifests/auth.pp b/manifests/auth.pp deleted file mode 100644 index 6bbd65b..0000000 --- a/manifests/auth.pp +++ /dev/null @@ -1,70 +0,0 @@ -# This has probably to be removed from this module -define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } - - # Alternativelly, you can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} diff --git a/manifests/instance.pp b/manifests/instance.pp index d51755f..068b2df 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -10,8 +10,7 @@ define ikiwiki::instance( $protocol = 'https', $owner = $name, $group = $name, - $home = "/home/$owner", - $create_ssh_key = false + $home = "/home/$owner" ) { case $ensure { 'present': { @@ -77,25 +76,6 @@ define ikiwiki::instance( "${ikiwiki::sites_folder}/${name}/ikiwiki", "${ikiwiki::sites_folder}/${name}/ikiwiki_src"], } - - if $create_ssh_key == true { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => directory, - owner => $owner, - group => $group, - mode => 0700, - } - } - - exec { "ssh-keygen-ikiwiki-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa", - creates => "${home}/.ssh/id_rsa", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } - } } 'absent': { file { "/etc/ikiwiki/$name.setup": -- cgit v1.2.3