diff options
| author | Jamie McClelland <jm@mayfirst.org> | 2011-03-19 10:34:04 -0400 |
|---|---|---|
| committer | Jamie McClelland <jm@mayfirst.org> | 2011-03-19 10:34:04 -0400 |
| commit | 780ea534acbd062353f61dd0c123c3afde9a3f97 (patch) | |
| tree | 1decad112b4d434c538383102712e14e60a6c707 /manifests | |
| parent | 9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3 (diff) | |
| download | puppet-monkeysphere-780ea534acbd062353f61dd0c123c3afde9a3f97.tar.gz puppet-monkeysphere-780ea534acbd062353f61dd0c123c3afde9a3f97.tar.bz2 | |
refactored to be more flexible for different setups. Also, defines are
for actions to be taken multiple times on a single server, which
includes most monkeyshere configuration steps.
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 104 |
1 files changed, 64 insertions, 40 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 2d4bd61..407313b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,77 +19,101 @@ # # Class for monkeysphere management # + class monkeysphere { # The needed packages package { monkeysphere: ensure => installed, } + include monkeysphere::defaults + file { + "/etc/monkeysphere/monkeysphere.conf": + mode => 644, + ensure => present, + content => template("monkeysphere/monkeysphere.conf.erb"), + } + file { + "/etc/monkeysphere/monkeysphere-host.conf": + mode => 644, + ensure => present, + content => template("monkeysphere/monkeysphere-host.conf.erb"), + } + file { + "/etc/monkeysphere/monkeysphere-authentication.conf": + mode => 644, + ensure => present, + content => template("monkeysphere/monkeysphere-authentication.conf.erb"), + } } -class monkeysphere::defaults inherits monkeysphere { +class monkeysphere::defaults { $keyserver = $monkeysphere_keyserver ? { - '' => "pool.sks-keyservers.net", - default => $monkeysphere_keyserver, + '' => 'pool.sks-keyservers.net', + default => $monkeysphere_keyserver } } -class monkeysphere::import_key inherits monkeysphere { - $key = "ssh://${fqdn}" - # Server host key import - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key $key": +define monkeysphere::import_key ( $scheme = 'ssh://', $port = '', $path = '/etc/ssh/ssh_host_rsa_key', $hostname = $fqdn ) { + + # if we're getting a port number, prefix with a colon so it's valid + $port = $port ? { + '' => '', + default => ":$port" + } + + $key = "${schema}://${fqdn}${port}" + + exec { "monkeysphere-host import-key $path $key": alias => "monkeysphere-import-key", - user => "root", - unless => "/usr/sbin/monkeysphere-host s | grep $key" + require => [ Package["monkeysphere"] ], + unless => "/usr/sbin/monkeysphere-host s | grep $key > /dev/null" } } # Server host key publication -class monkeysphere::publish_key inherits monkeysphere { - include monkeysphere::defaults - $no_publish = $monkeysphere_no_publish ? { - '' => '', - default => $monkeysphere_no_publish +define monkeysphere::publish_keys ( $keyid = '--all' ) { + exec { "monkeysphere-host publish-keys $keyid": + environment => "MONKEYSPHERE_PROMPT=false", + require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ], } - if $fqdn in $no_publish { - info("Not publishing $fqdn monkeysphere key") - } else { - exec { "/usr/sbin/monkeysphere-host publish-key": - environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ], - user => "root", - } +} + +# optionally, mail key somehwere +define monkeysphere::email_keys ( $email = 'root' ) { + exec { "mail -s 'monkeysphere host pgp keys for $fqdn' $email < /var/lib/monkeysphere/host_keys.pub.pgp": + require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ], } } # add certifiers -define monkeysphere::add_certifiers( $keyid ) { - include monkeysphere::defaults - exec { "/usr/sbin/monkeysphere-authentication add-id-certifier $keyid": - environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ], - user => "root", - require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ], - unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid" +define monkeysphere::add_id_certifier( $keyid ) { + exec { "monkeysphere-authentication add-id-certifier $keyid": + environment => "MONKEYSPHERE_PROMPT=false", + require => [ Package["monkeysphere"] ], + unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid > /dev/null" } } -define monkeysphere::root_authorized_user_ids( $file ) { + +define monkeysphere::authorized_user_ids( $source, $user = 'root', $group = $user, $dest_dir = '/root/.monkeysphere', $dest_file = '.authorized_user_ids') { file { - "/root/.monkeysphere": - owner => "root", - group => "root", + $dest_dir: + owner => $user, + group => $group, mode => 755, ensure => directory, } file { - "/root/.monkeysphere/authorized_user_ids": - owner => "root", - group => "root", + "${dest_dir}/${dest_file}": + owner => $user, + group => $group, mode => 644, - source => "$file", + source => $source, ensure => present, recurse => true, } - exec { "/usr/sbin/monkeysphere-authentication update-users root": - environment => "MONKEYSPHERE_KEYSERVER=$keyserver", - user => "root", + + exec { "monkeysphere-authentication update-users $user": require => [ Package["monkeysphere"] ], - onlyif => "/usr/bin/test /root/.monkeysphere/authorized_user_ids -nt /var/lib/monkeysphere/authorized_keys/root" + refreshonly => true, + subscribe => File["${dest_dir}/${dest_file}"] } } |