aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorJamie McClelland <jm@mayfirst.org>2011-03-19 10:34:04 -0400
committerJamie McClelland <jm@mayfirst.org>2011-03-19 10:34:04 -0400
commit780ea534acbd062353f61dd0c123c3afde9a3f97 (patch)
tree1decad112b4d434c538383102712e14e60a6c707 /manifests
parent9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3 (diff)
downloadpuppet-monkeysphere-780ea534acbd062353f61dd0c123c3afde9a3f97.tar.gz
puppet-monkeysphere-780ea534acbd062353f61dd0c123c3afde9a3f97.tar.bz2
refactored to be more flexible for different setups. Also, defines are
for actions to be taken multiple times on a single server, which includes most monkeyshere configuration steps.
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp104
1 files changed, 64 insertions, 40 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 2d4bd61..407313b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -19,77 +19,101 @@
#
# Class for monkeysphere management
#
+
class monkeysphere {
# The needed packages
package { monkeysphere: ensure => installed, }
+ include monkeysphere::defaults
+ file {
+ "/etc/monkeysphere/monkeysphere.conf":
+ mode => 644,
+ ensure => present,
+ content => template("monkeysphere/monkeysphere.conf.erb"),
+ }
+ file {
+ "/etc/monkeysphere/monkeysphere-host.conf":
+ mode => 644,
+ ensure => present,
+ content => template("monkeysphere/monkeysphere-host.conf.erb"),
+ }
+ file {
+ "/etc/monkeysphere/monkeysphere-authentication.conf":
+ mode => 644,
+ ensure => present,
+ content => template("monkeysphere/monkeysphere-authentication.conf.erb"),
+ }
}
-class monkeysphere::defaults inherits monkeysphere {
+class monkeysphere::defaults {
$keyserver = $monkeysphere_keyserver ? {
- '' => "pool.sks-keyservers.net",
- default => $monkeysphere_keyserver,
+ '' => 'pool.sks-keyservers.net',
+ default => $monkeysphere_keyserver
}
}
-class monkeysphere::import_key inherits monkeysphere {
- $key = "ssh://${fqdn}"
- # Server host key import
- exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key $key":
+define monkeysphere::import_key ( $scheme = 'ssh://', $port = '', $path = '/etc/ssh/ssh_host_rsa_key', $hostname = $fqdn ) {
+
+ # if we're getting a port number, prefix with a colon so it's valid
+ $port = $port ? {
+ '' => '',
+ default => ":$port"
+ }
+
+ $key = "${schema}://${fqdn}${port}"
+
+ exec { "monkeysphere-host import-key $path $key":
alias => "monkeysphere-import-key",
- user => "root",
- unless => "/usr/sbin/monkeysphere-host s | grep $key"
+ require => [ Package["monkeysphere"] ],
+ unless => "/usr/sbin/monkeysphere-host s | grep $key > /dev/null"
}
}
# Server host key publication
-class monkeysphere::publish_key inherits monkeysphere {
- include monkeysphere::defaults
- $no_publish = $monkeysphere_no_publish ? {
- '' => '',
- default => $monkeysphere_no_publish
+define monkeysphere::publish_keys ( $keyid = '--all' ) {
+ exec { "monkeysphere-host publish-keys $keyid":
+ environment => "MONKEYSPHERE_PROMPT=false",
+ require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ],
}
- if $fqdn in $no_publish {
- info("Not publishing $fqdn monkeysphere key")
- } else {
- exec { "/usr/sbin/monkeysphere-host publish-key":
- environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
- user => "root",
- }
+}
+
+# optionally, mail key somehwere
+define monkeysphere::email_keys ( $email = 'root' ) {
+ exec { "mail -s 'monkeysphere host pgp keys for $fqdn' $email < /var/lib/monkeysphere/host_keys.pub.pgp":
+ require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ],
}
}
# add certifiers
-define monkeysphere::add_certifiers( $keyid ) {
- include monkeysphere::defaults
- exec { "/usr/sbin/monkeysphere-authentication add-id-certifier $keyid":
- environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
- user => "root",
- require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ],
- unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid"
+define monkeysphere::add_id_certifier( $keyid ) {
+ exec { "monkeysphere-authentication add-id-certifier $keyid":
+ environment => "MONKEYSPHERE_PROMPT=false",
+ require => [ Package["monkeysphere"] ],
+ unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid > /dev/null"
}
}
-define monkeysphere::root_authorized_user_ids( $file ) {
+
+define monkeysphere::authorized_user_ids( $source, $user = 'root', $group = $user, $dest_dir = '/root/.monkeysphere', $dest_file = '.authorized_user_ids') {
file {
- "/root/.monkeysphere":
- owner => "root",
- group => "root",
+ $dest_dir:
+ owner => $user,
+ group => $group,
mode => 755,
ensure => directory,
}
file {
- "/root/.monkeysphere/authorized_user_ids":
- owner => "root",
- group => "root",
+ "${dest_dir}/${dest_file}":
+ owner => $user,
+ group => $group,
mode => 644,
- source => "$file",
+ source => $source,
ensure => present,
recurse => true,
}
- exec { "/usr/sbin/monkeysphere-authentication update-users root":
- environment => "MONKEYSPHERE_KEYSERVER=$keyserver",
- user => "root",
+
+ exec { "monkeysphere-authentication update-users $user":
require => [ Package["monkeysphere"] ],
- onlyif => "/usr/bin/test /root/.monkeysphere/authorized_user_ids -nt /var/lib/monkeysphere/authorized_keys/root"
+ refreshonly => true,
+ subscribe => File["${dest_dir}/${dest_file}"]
}
}