aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorJamie McClelland <jm@mayfirst.org>2011-03-19 01:17:01 -0400
committerJamie McClelland <jm@mayfirst.org>2011-03-19 01:17:01 -0400
commit9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3 (patch)
treeeaf12653613d1c5a650b356040cba3d701fb7241 /manifests
parent4a7c7d07e332acac54d61446701322253bc770da (diff)
downloadpuppet-monkeysphere-9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3.tar.gz
puppet-monkeysphere-9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3.tar.bz2
adding ability to specify a key server.
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp17
1 files changed, 14 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index d9dc98e..2d4bd61 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -25,10 +25,18 @@ class monkeysphere {
}
+class monkeysphere::defaults inherits monkeysphere {
+ $keyserver = $monkeysphere_keyserver ? {
+ '' => "pool.sks-keyservers.net",
+ default => $monkeysphere_keyserver,
+ }
+}
+
class monkeysphere::import_key inherits monkeysphere {
$key = "ssh://${fqdn}"
# Server host key import
exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key $key":
+ alias => "monkeysphere-import-key",
user => "root",
unless => "/usr/sbin/monkeysphere-host s | grep $key"
}
@@ -36,6 +44,7 @@ class monkeysphere::import_key inherits monkeysphere {
# Server host key publication
class monkeysphere::publish_key inherits monkeysphere {
+ include monkeysphere::defaults
$no_publish = $monkeysphere_no_publish ? {
'' => '',
default => $monkeysphere_no_publish
@@ -44,7 +53,7 @@ class monkeysphere::publish_key inherits monkeysphere {
info("Not publishing $fqdn monkeysphere key")
} else {
exec { "/usr/sbin/monkeysphere-host publish-key":
- environment => "MONKEYSPHERE_PROMPT=false",
+ environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
user => "root",
}
}
@@ -52,10 +61,11 @@ class monkeysphere::publish_key inherits monkeysphere {
# add certifiers
define monkeysphere::add_certifiers( $keyid ) {
+ include monkeysphere::defaults
exec { "/usr/sbin/monkeysphere-authentication add-id-certifier $keyid":
- environment => "MONKEYSPHERE_PROMPT=false",
+ environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
user => "root",
- require => [ Package["monkeysphere"] ],
+ require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ],
unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid"
}
}
@@ -77,6 +87,7 @@ define monkeysphere::root_authorized_user_ids( $file ) {
recurse => true,
}
exec { "/usr/sbin/monkeysphere-authentication update-users root":
+ environment => "MONKEYSPHERE_KEYSERVER=$keyserver",
user => "root",
require => [ Package["monkeysphere"] ],
onlyif => "/usr/bin/test /root/.monkeysphere/authorized_user_ids -nt /var/lib/monkeysphere/authorized_keys/root"