diff options
-rw-r--r-- | manifests/auth_capable_user.pp | 7 | ||||
-rw-r--r-- | manifests/authorized_user_ids.pp | 7 | ||||
-rw-r--r-- | manifests/import_key.pp | 10 | ||||
-rw-r--r-- | manifests/init.pp | 56 | ||||
-rw-r--r-- | manifests/owner_trust.pp | 6 | ||||
-rw-r--r-- | manifests/publish_server_keys.pp | 2 |
6 files changed, 51 insertions, 37 deletions
diff --git a/manifests/auth_capable_user.pp b/manifests/auth_capable_user.pp index bab81f1..497407c 100644 --- a/manifests/auth_capable_user.pp +++ b/manifests/auth_capable_user.pp @@ -2,8 +2,11 @@ # in the monkeysphere. This is intended to be the same as generated a # password-less ssh key # -define monkeysphere::auth_capable_user ( $expire = "1y", $length = "2048", - $uid_name = undef, $email = undef ) { +define monkeysphere::auth_capable_user ( + $expire = "1y", + $length = "2048", + $uid_name = undef, + $email = undef ) { $user = $title diff --git a/manifests/authorized_user_ids.pp b/manifests/authorized_user_ids.pp index d400890..09fd182 100644 --- a/manifests/authorized_user_ids.pp +++ b/manifests/authorized_user_ids.pp @@ -1,4 +1,9 @@ -define monkeysphere::authorized_user_ids( $user_ids, $dest_dir = '/root/.monkeysphere', $dest_file = 'authorized_user_ids', $group = '') { +define monkeysphere::authorized_user_ids( + $user_ids, + $dest_dir = '/root/.monkeysphere', + $dest_file = 'authorized_user_ids', + $group = '') { + $user = $title $calculated_group = $group ? { '' => $user, diff --git a/manifests/import_key.pp b/manifests/import_key.pp index ec00fee..ba965ce 100644 --- a/manifests/import_key.pp +++ b/manifests/import_key.pp @@ -1,4 +1,8 @@ -define monkeysphere::import_key ( $scheme = 'ssh://', $port = '', $path = '/etc/ssh/ssh_host_rsa_key', $hostname = $fqdn ) { +define monkeysphere::import_key ( + $scheme = 'ssh://', + $port = '', + $path = '/etc/ssh/ssh_host_rsa_key', + $hostname = $fqdn ) { # if we're getting a port number, prefix with a colon so it's valid $prefixed_port = $port ? { @@ -10,7 +14,7 @@ define monkeysphere::import_key ( $scheme = 'ssh://', $port = '', $path = '/etc/ exec { "monkeysphere-host import-key $path $key": alias => "monkeysphere-import-key", - require => [ Package["monkeysphere"], File["monkeysphere_host_conf"] ], - unless => "/usr/sbin/monkeysphere-host s | grep $key > /dev/null" + require => [ Package["monkeysphere"], File["monkeysphere_host_conf"] ], + unless => "/usr/sbin/monkeysphere-host s | grep $key > /dev/null" } } diff --git a/manifests/init.pp b/manifests/init.pp index 4d48ed3..30035be 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,41 +27,39 @@ class monkeysphere( $keyserver = 'pool.sks-keyservers.net' ) { # The needed packages - package{'monkeysphere': + package { 'monkeysphere': ensure => $ensure_version, } $key = "ssh://${::fqdn}${port}" common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } - # This was the old way which the module checked monkeysphere keys - file { "/usr/local/sbin/monkeysphere-check-key": - ensure => absent, - owner => root, - group => root, - mode => 0755, - content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=$key' &> /dev/null || false", - } - file { "monkeysphere_conf": - path => "/etc/monkeysphere/monkeysphere.conf", - mode => 644, - ensure => present, - content => template("monkeysphere/monkeysphere.conf.erb"), - require => Package['monkeysphere'], - } - file { "monkeysphere_host_conf": - path => "/etc/monkeysphere/monkeysphere-host.conf", - mode => 644, - ensure => present, - content => template("monkeysphere/monkeysphere-host.conf.erb"), - require => Package['monkeysphere'], - } - file { "monkeysphere_authentication_conf": - path => "/etc/monkeysphere/monkeysphere-authentication.conf", - mode => 644, - ensure => present, - content => template("monkeysphere/monkeysphere-authentication.conf.erb"), - require => Package['monkeysphere'], + file { + # This was the old way which the module checked monkeysphere keys + '/usr/local/sbin/monkeysphere-check-key': + ensure => absent, + owner => root, + group => root, + mode => 0755, + content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=$key' &> /dev/null || false"; + 'monkeysphere_conf': + path => '/etc/monkeysphere/monkeysphere.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_host_conf': + path => '/etc/monkeysphere/monkeysphere-host.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-host.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_authentication_conf': + path => '/etc/monkeysphere/monkeysphere-authentication.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-authentication.conf.erb'), + require => Package['monkeysphere']; } } diff --git a/manifests/owner_trust.pp b/manifests/owner_trust.pp index 765a1f8..0e0af7f 100644 --- a/manifests/owner_trust.pp +++ b/manifests/owner_trust.pp @@ -1,4 +1,8 @@ -define monkeysphere::owner_trust( $fingerprint, $user = 'root', $level = 6 ) { +define monkeysphere::owner_trust ( + $fingerprint, + $user = 'root', + $level = 6 ) { + $keyserver_arg = $monkeysphere_keyserver ? { '' => '', default => "--keyserver $monkeysphere_keyserver" diff --git a/manifests/publish_server_keys.pp b/manifests/publish_server_keys.pp index 81e32aa..33e070e 100644 --- a/manifests/publish_server_keys.pp +++ b/manifests/publish_server_keys.pp @@ -2,6 +2,6 @@ define monkeysphere::publish_server_keys ( $keyid = '--all' ) { exec { "monkeysphere-host publish-keys $keyid": environment => "MONKEYSPHERE_PROMPT=false", - require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"], File["monkeysphere_host_conf"] ], + require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"], File["monkeysphere_host_conf"] ]; } } |