aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README66
1 files changed, 48 insertions, 18 deletions
diff --git a/README b/README
index cc44499..a1d3595 100644
--- a/README
+++ b/README
@@ -1,31 +1,61 @@
The monkeysphere puppet module is designed to help you manage your servers
-using the monkeysphere[0].
+and users using the monkeysphere[0].
-Example usage:
+Example usage for server setup:
- # assuming you are using the sshd puppet module...
+ # Assuming you are using the sshd puppet module...
$sshd_authorized_keys_file = "/var/lib/monkeysphere/authorized_keys/%u"
include sshd
- # import the generated ssh key into the server's gpg ring
- include monkeysphere::import_key
+ # Optionally, indicate your preferred keyserver. You can specify a server
+ # under your control and not accessible to the public or
+ # pool.sks-keyservers.net if you want to publish to the public pool. The
+ # value you specify here will be used for all monkeysphere and gpg commands
+ $monkeysphere_keyserver = "zimmermann.mayfirst.org"
+ include monkeysphere
- # add host names to the array below if you do not want them published to the
- # web of trust
- $monkeysphere_no_publish = [ "animal.mayfirst.org", "test.mayfirst.org" ]
- include monkeysphere::publish_key
+ # Ensure the server's ssh key is imported into your monkeysphere key ring
+ monkeysphere::import_key { "main": }
- # add the fingerprints of the gpgids that should be certifiers
- monkeysphere::add_certifiers { dkg:
- keyid => "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9"
- }
- monkeysphere::add_certifiers { jamie:
+ # Optionally publish the server key to a keyserver (as indicated above)
+ monkeysphere::publish_server_keys { "main": }
+
+ # Optionally email the server key to your self
+ monkeysphere::email_server_keys { "we@ourdomain.org": }
+
+ # Be sure to sign the server's key!
+
+ # Indiciate the fingerprint of the gpg key that should be used
+ # to verify user ids. You can repeat this for as many certifiers
+ # as you need
+ monkeysphere::add_id_certifier { "jamie":
keyid => "1CB57C59F2F42470238F53ABBB0B7EE15F2E4935"
}
-
- # add a authorized_user_ids file for the root user
- monkeysphere::root_authorized_user_ids { main:
- file => "puppet:///files/monkeysphere/root/authorized_user_ids"
+
+ # Indicate who should have root access on the server
+ monkeysphere::authorized_user_ids { "root":
+ user_ids => [ "sarah <sarah@ourgroup.org>" , "jose <josue@ourgroup.org" ]
}
+In addition, you may want to create a password-less key for a user to use
+when logging into another server (e.g. if you want automated backups from
+one server to another).
+
+Example usage for user setup:
+
+ # Ensure that the root user has authentication capable
+ # monkeysphere key
+ monkeysphere::auth_capable_user { "root": }
+
+ # Optionally publish the key
+ monkeysphere::publish_user_key { "root": }
+
+ # Grant full trust to a gpg key so the root user can properly
+ # authenticate servers to which it connects
+ # You can run this as many times as you want
+ monkeysphere::owner_trust { "jamie":
+ fingerprint => "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9"
+ }
+
+
0. http://monkeysphere.info/