Merge branch 'koumbit-sarava' into 'master' HEADmaster

merge the mayfirst, koumbit and sarava changes

the monkeysphere module in shared is very old (2 years 4 months)! since then, sarava and koumbit have done significant work to improve on the module.

mayfirst did changes to allow choosing a keyserver, added flexibility, user configs and so on.

sarava fixed some bugs.

koumbit merged both with the shared modules, did a style cleanup and autoloading, added RAW_AUTHORIZED_KEYS, silence some warnings and randomized cron jobs.

this still fails in puppet 3.x, but is an improvement over what's already present.

See merge request !1

1 files changed, 32 insertions, 38 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index 6885b45..31c341d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -19,56 +19,50 @@
 #
 # Class for monkeysphere management
 #
+
 class monkeysphere(
   $ssh_port       = '',
-  $publish_key    = false,
-  $ensure_version = 'installed'
+  $ensure_version = 'installed',
+  # if not false, will override the path for MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+  # use 'none' to disable appending the authorized_keys file
+  # see monkeysphere-authentication for more information
+  $raw_authorized_keys = false,
+  $keyserver      = 'pool.sks-keyservers.net'
 ) {
   # The needed packages
-  package{'monkeysphere':
+  package { 'monkeysphere':
     ensure => $ensure_version,
   }
 
-  $port = $monkeysphere::ssh_port ? {
-    ''      => '',
-    default => ":${monkeysphere::ssh_port}",
-  }
-
   $key = "ssh://${::fqdn}${port}"
 
-  common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: }
+  modules_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: }
+
   file {
+    # This was the old way which the module checked monkeysphere keys
     '/usr/local/sbin/monkeysphere-check-key':
-      ensure  => present,
+      ensure  => absent,
       owner   => root,
       group   => root,
-      mode    => '0755',
-      content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false",
-  }
-
-  # Server host key publication
-  Exec{
-    unless  => '/usr/local/sbin/monkeysphere-check-key',
-    user    => 'root',
-    require => [ Package['monkeysphere'], File['/usr/local/sbin/monkeysphere-check-key'] ],
-  }
-  case $monkeysphere::publish_key {
-    false: {
-      exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": }
-    }
-    'mail': {
-      $mail_loc = $::operatingsystem ? {
-        'centos' => '/bin/mail',
-        default => '/usr/bin/mail',
-      }
-      exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
-          ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp":
-      }
-    }
-    default: {
-      exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
-          echo Y | /usr/sbin/monkeysphere-host publish-key":
-      }
-    }
+      mode    => 0755,
+      content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=$key' &> /dev/null || false";
+    'monkeysphere_conf':
+      path => '/etc/monkeysphere/monkeysphere.conf',
+      mode => 644,
+      ensure => present,
+      content => template('monkeysphere/monkeysphere.conf.erb'),
+      require => Package['monkeysphere'];
+    'monkeysphere_host_conf':
+      path => '/etc/monkeysphere/monkeysphere-host.conf',
+      mode => 644,
+      ensure => present,
+      content => template('monkeysphere/monkeysphere-host.conf.erb'),
+      require => Package['monkeysphere'];
+    'monkeysphere_authentication_conf':
+      path => '/etc/monkeysphere/monkeysphere-authentication.conf',
+      mode => 644,
+      ensure => present,
+      content => template('monkeysphere/monkeysphere-authentication.conf.erb'),
+      require => Package['monkeysphere'];
   }
 }