diff options
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 89 |
1 files changed, 73 insertions, 16 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 943d3eb..853aed7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,22 +1,79 @@ -# monkeysphere module -class monkeysphere { - module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: } +# This module is distributed under the GNU Affero General Public License: +# +# Monkeysphere module for puppet +# Copyright (C) 2009-2010 Sarava Group +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. - case $operatingsystem { - debian: { include monkeysphere::debian } - } +# +# Class for monkeysphere management +# +class monkeysphere( + $ssh_port = '', + $publish_key = false, + $ensure_version = 'installed' +) { + # The needed packages + package{'monkeysphere': + ensure => $ensure_version, + } - if $monkeysphere_ensure_version == '' - { - $monkeysphere_ensure_version = 'installed' - } + $port = $monkeysphere::ssh_port ? { + '' => '', + default => ":${monkeysphere::ssh_port}", + } - if $gnupg_ensure_version == '' - { - $gnupg_ensure_version = 'installed' - } + $key = "ssh://${::fqdn}${port}" - package {"gnupg": ensure => $gnupg_ensure_version, } - package {"monkeysphere": ensure => $monkeysphere_ensure_version, require => [ Package["gnupg"] ] } + common::module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: } + file { + '/usr/local/sbin/monkeysphere-check-key': + ensure => present, + owner => root, + group => root, + mode => 0755, + content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", + } + # Server host key publication + case $monkeysphere::publish_key { + false: { + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + 'mail': { + $mail_loc = $::operatingsystem ? { + 'centos' => '/bin/mail', + default => '/usr/bin/mail', + } + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + default: { + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + /usr/sbin/monkeysphere-host publish-key": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + } } |