diff options
author | Micah <micah@riseup.net> | 2015-10-09 20:21:58 +0000 |
---|---|---|
committer | Micah <micah@riseup.net> | 2015-10-09 20:21:58 +0000 |
commit | ba81744a42548de60bb4f48c66a7e95cd050ad4a (patch) | |
tree | 664fea7e838b553ba0864b8dc61cc5323251c4c1 /manifests/init.pp | |
parent | f661c786095e99087773f01351cebe00837f68a7 (diff) | |
parent | 39631404dc41f706ad665ad2770e9c48b98a98fa (diff) | |
download | puppet-monkeysphere-master.tar.gz puppet-monkeysphere-master.tar.bz2 |
merge the mayfirst, koumbit and sarava changes
the monkeysphere module in shared is very old (2 years 4 months)! since then, sarava and koumbit have done significant work to improve on the module.
mayfirst did changes to allow choosing a keyserver, added flexibility, user configs and so on.
sarava fixed some bugs.
koumbit merged both with the shared modules, did a style cleanup and autoloading, added RAW_AUTHORIZED_KEYS, silence some warnings and randomized cron jobs.
this still fails in puppet 3.x, but is an improvement over what's already present.
See merge request !1
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 70 |
1 files changed, 32 insertions, 38 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 6885b45..31c341d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,56 +19,50 @@ # # Class for monkeysphere management # + class monkeysphere( $ssh_port = '', - $publish_key = false, - $ensure_version = 'installed' + $ensure_version = 'installed', + # if not false, will override the path for MONKEYSPHERE_RAW_AUTHORIZED_KEYS + # use 'none' to disable appending the authorized_keys file + # see monkeysphere-authentication for more information + $raw_authorized_keys = false, + $keyserver = 'pool.sks-keyservers.net' ) { # The needed packages - package{'monkeysphere': + package { 'monkeysphere': ensure => $ensure_version, } - $port = $monkeysphere::ssh_port ? { - '' => '', - default => ":${monkeysphere::ssh_port}", - } - $key = "ssh://${::fqdn}${port}" - common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } + modules_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } + file { + # This was the old way which the module checked monkeysphere keys '/usr/local/sbin/monkeysphere-check-key': - ensure => present, + ensure => absent, owner => root, group => root, - mode => '0755', - content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", - } - - # Server host key publication - Exec{ - unless => '/usr/local/sbin/monkeysphere-check-key', - user => 'root', - require => [ Package['monkeysphere'], File['/usr/local/sbin/monkeysphere-check-key'] ], - } - case $monkeysphere::publish_key { - false: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": } - } - 'mail': { - $mail_loc = $::operatingsystem ? { - 'centos' => '/bin/mail', - default => '/usr/bin/mail', - } - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": - } - } - default: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - echo Y | /usr/sbin/monkeysphere-host publish-key": - } - } + mode => 0755, + content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=$key' &> /dev/null || false"; + 'monkeysphere_conf': + path => '/etc/monkeysphere/monkeysphere.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_host_conf': + path => '/etc/monkeysphere/monkeysphere-host.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-host.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_authentication_conf': + path => '/etc/monkeysphere/monkeysphere-authentication.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-authentication.conf.erb'), + require => Package['monkeysphere']; } } |