From e249ba513bc97b06f7808373294c249aa14bbda1 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Tue, 29 Mar 2011 22:08:13 -0400 Subject: adding ability for monkeysphere user setup --- README | 66 ++++++++++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 48 insertions(+), 18 deletions(-) (limited to 'README') diff --git a/README b/README index cc44499..a1d3595 100644 --- a/README +++ b/README @@ -1,31 +1,61 @@ The monkeysphere puppet module is designed to help you manage your servers -using the monkeysphere[0]. +and users using the monkeysphere[0]. -Example usage: +Example usage for server setup: - # assuming you are using the sshd puppet module... + # Assuming you are using the sshd puppet module... $sshd_authorized_keys_file = "/var/lib/monkeysphere/authorized_keys/%u" include sshd - # import the generated ssh key into the server's gpg ring - include monkeysphere::import_key + # Optionally, indicate your preferred keyserver. You can specify a server + # under your control and not accessible to the public or + # pool.sks-keyservers.net if you want to publish to the public pool. The + # value you specify here will be used for all monkeysphere and gpg commands + $monkeysphere_keyserver = "zimmermann.mayfirst.org" + include monkeysphere - # add host names to the array below if you do not want them published to the - # web of trust - $monkeysphere_no_publish = [ "animal.mayfirst.org", "test.mayfirst.org" ] - include monkeysphere::publish_key + # Ensure the server's ssh key is imported into your monkeysphere key ring + monkeysphere::import_key { "main": } - # add the fingerprints of the gpgids that should be certifiers - monkeysphere::add_certifiers { dkg: - keyid => "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" - } - monkeysphere::add_certifiers { jamie: + # Optionally publish the server key to a keyserver (as indicated above) + monkeysphere::publish_server_keys { "main": } + + # Optionally email the server key to your self + monkeysphere::email_server_keys { "we@ourdomain.org": } + + # Be sure to sign the server's key! + + # Indiciate the fingerprint of the gpg key that should be used + # to verify user ids. You can repeat this for as many certifiers + # as you need + monkeysphere::add_id_certifier { "jamie": keyid => "1CB57C59F2F42470238F53ABBB0B7EE15F2E4935" } - - # add a authorized_user_ids file for the root user - monkeysphere::root_authorized_user_ids { main: - file => "puppet:///files/monkeysphere/root/authorized_user_ids" + + # Indicate who should have root access on the server + monkeysphere::authorized_user_ids { "root": + user_ids => [ "sarah " , "jose "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" + } + + 0. http://monkeysphere.info/ -- cgit v1.2.3