aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp47
-rw-r--r--manifests/signer.pp5
-rw-r--r--manifests/sshserver.pp40
-rw-r--r--manifests/sshserverdanger.pp18
4 files changed, 49 insertions, 61 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 853aed7..6885b45 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -36,44 +36,39 @@ class monkeysphere(
$key = "ssh://${::fqdn}${port}"
- common::module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: }
+ common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: }
file {
'/usr/local/sbin/monkeysphere-check-key':
ensure => present,
owner => root,
group => root,
- mode => 0755,
+ mode => '0755',
content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false",
}
# Server host key publication
+ Exec{
+ unless => '/usr/local/sbin/monkeysphere-check-key',
+ user => 'root',
+ require => [ Package['monkeysphere'], File['/usr/local/sbin/monkeysphere-check-key'] ],
+ }
case $monkeysphere::publish_key {
false: {
- exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}":
- unless => "/usr/local/sbin/monkeysphere-check-key",
- user => "root",
- require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
- }
- }
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": }
+ }
'mail': {
- $mail_loc = $::operatingsystem ? {
- 'centos' => '/bin/mail',
- default => '/usr/bin/mail',
- }
- exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
- ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp":
- unless => "/usr/local/sbin/monkeysphere-check-key",
- user => "root",
- require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
- }
- }
+ $mail_loc = $::operatingsystem ? {
+ 'centos' => '/bin/mail',
+ default => '/usr/bin/mail',
+ }
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
+ ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp":
+ }
+ }
default: {
- exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
- /usr/sbin/monkeysphere-host publish-key":
- unless => "/usr/local/sbin/monkeysphere-check-key",
- user => "root",
- require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
- }
- }
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
+ echo Y | /usr/sbin/monkeysphere-host publish-key":
+ }
+ }
}
}
diff --git a/manifests/signer.pp b/manifests/signer.pp
index 350b4be..cfbe46d 100644
--- a/manifests/signer.pp
+++ b/manifests/signer.pp
@@ -1,4 +1,5 @@
-class monkeysphere::signer inherits monkeysphere
-{
+# collect all the host keys
+class monkeysphere::signer {
+ include monkeysphere
File <<| tag == 'monkeysphere-host' |>>
}
diff --git a/manifests/sshserver.pp b/manifests/sshserver.pp
index 966e136..43c0f6f 100644
--- a/manifests/sshserver.pp
+++ b/manifests/sshserver.pp
@@ -1,29 +1,21 @@
-class monkeysphere::sshserver inherits monkeysphere
-{
-
- exec {"import.hostkey":
- command => "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://${fqdn} && echo Y | /usr/sbin/monkeysphere-host publish-key",
- unless => "/usr/sbin/monkeysphere-host show-key",
- user => root,
- require => [ Package[ "monkeysphere" ] ],
- }
-
- if $monkeysphere_has_hostkey {
- @@file { "/var/lib/puppet/modules/monkeysphere/hosts/${fqdn}":
- ensure => present,
- content => template("monkeysphere/host.erb" ),
- require => [ Package[ "monkeysphere" ] ],
- tag => 'monkeysphere-host',
+# include to export your ssh key
+class monkeysphere::sshserver {
+ include monkeysphere
+ if $::monkeysphere_has_hostkey {
+ @@file { "/var/lib/puppet/modules/monkeysphere/hosts/${::fqdn}":
+ ensure => present,
+ content => template('monkeysphere/host.erb'),
+ require => Package['monkeysphere'],
+ tag => 'monkeysphere-host',
}
}
- file { "/etc/cron.d/update-monkeysphere-auth":
- ensure => present,
- source => "puppet:///modules/monkeysphere/etc/cron.d/update-monkeysphere-auth",
- require => [ Package[ "monkeysphere" ] ],
- mode => 0644,
- owner => root,
- group => root,
+ file{'/etc/cron.d/update-monkeysphere-auth':
+ ensure => present,
+ source => 'puppet:///modules/monkeysphere/etc/cron.d/update-monkeysphere-auth',
+ require => Package['monkeysphere'],
+ mode => '0644',
+ owner => root,
+ group => root,
}
-
}
diff --git a/manifests/sshserverdanger.pp b/manifests/sshserverdanger.pp
index 7d7f12c..7ae6970 100644
--- a/manifests/sshserverdanger.pp
+++ b/manifests/sshserverdanger.pp
@@ -1,11 +1,11 @@
-class monkeysphere::sshserverdanger inherits monkeysphere::sshserver
-{
- augeas { "sshd_config":
- context => "/files/etc/ssh/sshd_config",
- changes => [
- "set AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u"
- ],
- notify => Service[ "ssh" ],
+# use this to authenticate with monkeysphere on ssh
+# you should not manage the sshd config as a whole
+# or at least put there the same key.
+class monkeysphere::sshserverdanger {
+ include monkeysphere::sshserver
+ augeas{'sshd_config':
+ context => '/files/etc/ssh/sshd_config',
+ changes => [ 'set AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u' ],
+ notify => Service['ssh'],
}
-
}