diff options
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 70 |
1 files changed, 32 insertions, 38 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 6885b45..31c341d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,56 +19,50 @@ # # Class for monkeysphere management # + class monkeysphere( $ssh_port = '', - $publish_key = false, - $ensure_version = 'installed' + $ensure_version = 'installed', + # if not false, will override the path for MONKEYSPHERE_RAW_AUTHORIZED_KEYS + # use 'none' to disable appending the authorized_keys file + # see monkeysphere-authentication for more information + $raw_authorized_keys = false, + $keyserver = 'pool.sks-keyservers.net' ) { # The needed packages - package{'monkeysphere': + package { 'monkeysphere': ensure => $ensure_version, } - $port = $monkeysphere::ssh_port ? { - '' => '', - default => ":${monkeysphere::ssh_port}", - } - $key = "ssh://${::fqdn}${port}" - common::module_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } + modules_dir { [ 'monkeysphere', 'monkeysphere/hosts', 'monkeysphere/plugins' ]: } + file { + # This was the old way which the module checked monkeysphere keys '/usr/local/sbin/monkeysphere-check-key': - ensure => present, + ensure => absent, owner => root, group => root, - mode => '0755', - content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", - } - - # Server host key publication - Exec{ - unless => '/usr/local/sbin/monkeysphere-check-key', - user => 'root', - require => [ Package['monkeysphere'], File['/usr/local/sbin/monkeysphere-check-key'] ], - } - case $monkeysphere::publish_key { - false: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": } - } - 'mail': { - $mail_loc = $::operatingsystem ? { - 'centos' => '/bin/mail', - default => '/usr/bin/mail', - } - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": - } - } - default: { - exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ - echo Y | /usr/sbin/monkeysphere-host publish-key": - } - } + mode => 0755, + content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=$key' &> /dev/null || false"; + 'monkeysphere_conf': + path => '/etc/monkeysphere/monkeysphere.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_host_conf': + path => '/etc/monkeysphere/monkeysphere-host.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-host.conf.erb'), + require => Package['monkeysphere']; + 'monkeysphere_authentication_conf': + path => '/etc/monkeysphere/monkeysphere-authentication.conf', + mode => 644, + ensure => present, + content => template('monkeysphere/monkeysphere-authentication.conf.erb'), + require => Package['monkeysphere']; } } |