From c57690d73909714d2c6d10c37c59ffce66c70d4a Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 13 Jun 2010 11:21:01 -0300
Subject: Enhancing tunnel user environment implementation

---
 manifests/subsystems/tunnel.pp | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
index b396c6e..774ea55 100644
--- a/manifests/subsystems/tunnel.pp
+++ b/manifests/subsystems/tunnel.pp
@@ -1,12 +1,29 @@
+# autossh tunnel interface
+#
+# TODO: User handling should be put somewhere. Here we are duplicating
+#       code from backupninja module. Further developments should consider
+#       have an unified user handling, maybe at puppet-user.
+#
+#       For now, it's important to preserve the 'backupninja-' like tag
+#       otherwise the behavior of this code will conflict with backupninja
+#       and we'll see strange things like exported resources not being
+#       realized.
+
+# this define realizes all needed resources for a hosted tunnel
+define tunnel_server_realize($host) {
+  User               <<| tag == "backupninja-$host" |>>
+  File               <<| tag == "backupninja-$host" |>>
+  Ssh_authorized_key <<| tag == "backupninja-$host" |>>
+}
+
 class tunnel {
 
-  User <<| tag == "autossh-$fqdn" |>>
-  File <<| tag == "autossh-$fqdn" |>>
+  # collect all resources from hosted tunnels
+  Tunnel_server_realize <<| tag == "$fqdn" |>>
 
-  # TODO: user setup should be put somewhere
   define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
     $dir     = "/var/backups/remote/$user.$domain"
-    $tag     = "autossh-$host"
+    $tag     = "backupninja-$fqdn"
     $ssh_dir = "$dir/.ssh"
 
     autossh::tunnel { $name:
@@ -20,6 +37,14 @@ class tunnel {
       sshport     => $sshport,
     }
 
+    if !defined(Tunnel_server_realize["${fqdn}@${real_host}"]) {
+      # this defines just maps that $host host an user environment for $fdqn
+      @@tunnel_server_realize { "${fqdn}@${real_host}":
+        host => $fqdn,
+        tag  => $host,
+      }
+    }
+
     if !defined(File["$dir"]) {
       @@file { "$dir":
         ensure => directory,
@@ -56,7 +81,7 @@ class tunnel {
     if !defined(User["$user"]) {
       @@user { "$user":
         ensure     => "present",
-        comment    => "$name backup sandbox",
+        comment    => "$user backup sandbox",
         home       => "$dir",
         gid        => "backupninjas",
         managehome => true,
-- 
cgit v1.2.3