diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-06-13 11:21:01 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-06-13 11:21:01 -0300 |
| commit | c57690d73909714d2c6d10c37c59ffce66c70d4a (patch) | |
| tree | 389d6d00d1ebe896f0f335aac7d347cecdbfaed7 | |
| parent | 8c754f67a4141f0b858117ecf33670f679d6a226 (diff) | |
| download | puppet-nodo-c57690d73909714d2c6d10c37c59ffce66c70d4a.tar.gz puppet-nodo-c57690d73909714d2c6d10c37c59ffce66c70d4a.tar.bz2 | |
Enhancing tunnel user environment implementation
| -rw-r--r-- | manifests/subsystems/tunnel.pp | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp index b396c6e..774ea55 100644 --- a/manifests/subsystems/tunnel.pp +++ b/manifests/subsystems/tunnel.pp @@ -1,12 +1,29 @@ +# autossh tunnel interface +# +# TODO: User handling should be put somewhere. Here we are duplicating +# code from backupninja module. Further developments should consider +# have an unified user handling, maybe at puppet-user. +# +# For now, it's important to preserve the 'backupninja-' like tag +# otherwise the behavior of this code will conflict with backupninja +# and we'll see strange things like exported resources not being +# realized. + +# this define realizes all needed resources for a hosted tunnel +define tunnel_server_realize($host) { + User <<| tag == "backupninja-$host" |>> + File <<| tag == "backupninja-$host" |>> + Ssh_authorized_key <<| tag == "backupninja-$host" |>> +} + class tunnel { - User <<| tag == "autossh-$fqdn" |>> - File <<| tag == "autossh-$fqdn" |>> + # collect all resources from hosted tunnels + Tunnel_server_realize <<| tag == "$fqdn" |>> - # TODO: user setup should be put somewhere define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') { $dir = "/var/backups/remote/$user.$domain" - $tag = "autossh-$host" + $tag = "backupninja-$fqdn" $ssh_dir = "$dir/.ssh" autossh::tunnel { $name: @@ -20,6 +37,14 @@ class tunnel { sshport => $sshport, } + if !defined(Tunnel_server_realize["${fqdn}@${real_host}"]) { + # this defines just maps that $host host an user environment for $fdqn + @@tunnel_server_realize { "${fqdn}@${real_host}": + host => $fqdn, + tag => $host, + } + } + if !defined(File["$dir"]) { @@file { "$dir": ensure => directory, @@ -56,7 +81,7 @@ class tunnel { if !defined(User["$user"]) { @@user { "$user": ensure => "present", - comment => "$name backup sandbox", + comment => "$user backup sandbox", home => "$dir", gid => "backupninjas", managehome => true, |