diff options
| author | Jamie McClelland <jm@mayfirst.org> | 2011-03-19 01:17:01 -0400 |
|---|---|---|
| committer | Jamie McClelland <jm@mayfirst.org> | 2011-03-19 01:17:01 -0400 |
| commit | 9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3 (patch) | |
| tree | eaf12653613d1c5a650b356040cba3d701fb7241 /manifests | |
| parent | 4a7c7d07e332acac54d61446701322253bc770da (diff) | |
| download | puppet-monkeysphere-9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3.tar.gz puppet-monkeysphere-9a4c41ca7a1312af74a8ee9f1c7f07e22352f7d3.tar.bz2 | |
adding ability to specify a key server.
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index d9dc98e..2d4bd61 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -25,10 +25,18 @@ class monkeysphere { } +class monkeysphere::defaults inherits monkeysphere { + $keyserver = $monkeysphere_keyserver ? { + '' => "pool.sks-keyservers.net", + default => $monkeysphere_keyserver, + } +} + class monkeysphere::import_key inherits monkeysphere { $key = "ssh://${fqdn}" # Server host key import exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key $key": + alias => "monkeysphere-import-key", user => "root", unless => "/usr/sbin/monkeysphere-host s | grep $key" } @@ -36,6 +44,7 @@ class monkeysphere::import_key inherits monkeysphere { # Server host key publication class monkeysphere::publish_key inherits monkeysphere { + include monkeysphere::defaults $no_publish = $monkeysphere_no_publish ? { '' => '', default => $monkeysphere_no_publish @@ -44,7 +53,7 @@ class monkeysphere::publish_key inherits monkeysphere { info("Not publishing $fqdn monkeysphere key") } else { exec { "/usr/sbin/monkeysphere-host publish-key": - environment => "MONKEYSPHERE_PROMPT=false", + environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ], user => "root", } } @@ -52,10 +61,11 @@ class monkeysphere::publish_key inherits monkeysphere { # add certifiers define monkeysphere::add_certifiers( $keyid ) { + include monkeysphere::defaults exec { "/usr/sbin/monkeysphere-authentication add-id-certifier $keyid": - environment => "MONKEYSPHERE_PROMPT=false", + environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ], user => "root", - require => [ Package["monkeysphere"] ], + require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ], unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid" } } @@ -77,6 +87,7 @@ define monkeysphere::root_authorized_user_ids( $file ) { recurse => true, } exec { "/usr/sbin/monkeysphere-authentication update-users root": + environment => "MONKEYSPHERE_KEYSERVER=$keyserver", user => "root", require => [ Package["monkeysphere"] ], onlyif => "/usr/bin/test /root/.monkeysphere/authorized_user_ids -nt /var/lib/monkeysphere/authorized_keys/root" |