class portforwarder {
- # do not depend on xinetd, yet. it might uninstall other inetds
- # for now this will have to be done manually
- file {
- "/etc/ssh/userkeys/portforwarder":
- content => template("portforwarder/authorized_keys.erb"),
- mode => 444,
- ;
- "/etc/xinetd.d":
- ensure => directory,
- owner => root,
- group => root,
- mode => 755,
- ;
- "/etc/xinetd.d/dsa-portforwader":
- content => template("portforwarder/xinetd.erb"),
- notify => Exec["xinetd reload"]
- ;
- }
+ # do not depend on xinetd, yet. it might uninstall other inetds
+ # for now this will have to be done manually
- exec {
- "xinetd reload":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
- ;
- }
+ if $::portforwarder_user_exists {
+ if ! $::portforwarder_key {
+ exec { 'create-portforwarder-key':
+ command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+ onlyif => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]'
+ }
+ }
+
+ file { '/etc/ssh/userkeys/portforwarder':
+ content => template('portforwarder/authorized_keys.erb'),
+ }
+ file { '/etc/xinetd.d':
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => '0755',
+ }
+ file { '/etc/xinetd.d/dsa-portforwader':
+ content => template('portforwarder/xinetd.erb'),
+ notify => Exec['service xinetd reload']
+ }
+
+ exec { 'service xinetd reload':
+ refreshonly => true,
+ }
+ } else {
+ file { [
+ '/etc/ssh/userkeys/portforwarder',
+ '/etc/xinetd.d/dsa-portforwader',
+ ]:
+ ensure => 'absent',
+ }
+ }
}
-# vim:set et:
-# vim:set ts=4:
-# vim:set shiftwidth=4: