diff options
-rw-r--r-- | manifests/init.pp | 47 | ||||
-rw-r--r-- | manifests/signer.pp | 5 | ||||
-rw-r--r-- | manifests/sshserver.pp | 40 | ||||
-rw-r--r-- | manifests/sshserverdanger.pp | 18 |
4 files changed, 49 insertions, 61 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 853aed7..6885b45 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,44 +36,39 @@ class monkeysphere( $key = "ssh://${::fqdn}${port}" - common::module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: } + common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } file { '/usr/local/sbin/monkeysphere-check-key': ensure => present, owner => root, group => root, - mode => 0755, + mode => '0755', content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", } # Server host key publication + Exec{ + unless => '/usr/local/sbin/monkeysphere-check-key', + user => 'root', + require => [ Package['monkeysphere'], File['/usr/local/sbin/monkeysphere-check-key'] ], + } case $monkeysphere::publish_key { false: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": - unless => "/usr/local/sbin/monkeysphere-check-key", - user => "root", - require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], - } - } + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": } + } 'mail': { - $mail_loc = $::operatingsystem ? { - 'centos' => '/bin/mail', - default => '/usr/bin/mail', - } - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": - unless => "/usr/local/sbin/monkeysphere-check-key", - user => "root", - require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], - } - } + $mail_loc = $::operatingsystem ? { + 'centos' => '/bin/mail', + default => '/usr/bin/mail', + } + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": + } + } default: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - /usr/sbin/monkeysphere-host publish-key": - unless => "/usr/local/sbin/monkeysphere-check-key", - user => "root", - require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], - } - } + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + echo Y | /usr/sbin/monkeysphere-host publish-key": + } + } } } diff --git a/manifests/signer.pp b/manifests/signer.pp index 350b4be..cfbe46d 100644 --- a/manifests/signer.pp +++ b/manifests/signer.pp @@ -1,4 +1,5 @@ -class monkeysphere::signer inherits monkeysphere -{ +# collect all the host keys +class monkeysphere::signer { + include monkeysphere File <<| tag == 'monkeysphere-host' |>> } diff --git a/manifests/sshserver.pp b/manifests/sshserver.pp index 966e136..43c0f6f 100644 --- a/manifests/sshserver.pp +++ b/manifests/sshserver.pp @@ -1,29 +1,21 @@ -class monkeysphere::sshserver inherits monkeysphere -{ - - exec {"import.hostkey": - command => "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://${fqdn} && echo Y | /usr/sbin/monkeysphere-host publish-key", - unless => "/usr/sbin/monkeysphere-host show-key", - user => root, - require => [ Package[ "monkeysphere" ] ], - } - - if $monkeysphere_has_hostkey { - @@file { "/var/lib/puppet/modules/monkeysphere/hosts/${fqdn}": - ensure => present, - content => template("monkeysphere/host.erb" ), - require => [ Package[ "monkeysphere" ] ], - tag => 'monkeysphere-host', +# include to export your ssh key +class monkeysphere::sshserver { + include monkeysphere + if $::monkeysphere_has_hostkey { + @@file { "/var/lib/puppet/modules/monkeysphere/hosts/${::fqdn}": + ensure => present, + content => template('monkeysphere/host.erb'), + require => Package['monkeysphere'], + tag => 'monkeysphere-host', } } - file { "/etc/cron.d/update-monkeysphere-auth": - ensure => present, - source => "puppet:///modules/monkeysphere/etc/cron.d/update-monkeysphere-auth", - require => [ Package[ "monkeysphere" ] ], - mode => 0644, - owner => root, - group => root, + file{'/etc/cron.d/update-monkeysphere-auth': + ensure => present, + source => 'puppet:///modules/monkeysphere/etc/cron.d/update-monkeysphere-auth', + require => Package['monkeysphere'], + mode => '0644', + owner => root, + group => root, } - } diff --git a/manifests/sshserverdanger.pp b/manifests/sshserverdanger.pp index 7d7f12c..7ae6970 100644 --- a/manifests/sshserverdanger.pp +++ b/manifests/sshserverdanger.pp @@ -1,11 +1,11 @@ -class monkeysphere::sshserverdanger inherits monkeysphere::sshserver -{ - augeas { "sshd_config": - context => "/files/etc/ssh/sshd_config", - changes => [ - "set AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u" - ], - notify => Service[ "ssh" ], +# use this to authenticate with monkeysphere on ssh +# you should not manage the sshd config as a whole +# or at least put there the same key. +class monkeysphere::sshserverdanger { + include monkeysphere::sshserver + augeas{'sshd_config': + context => '/files/etc/ssh/sshd_config', + changes => [ 'set AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u' ], + notify => Service['ssh'], } - } |