restrict,pty is a better way to get pty and disable everything else than listing...

[mirror/dsa-puppet.git] / modules / roles / manifests / dns_geodns.pp

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index 48bb916..80ac29a 100644 (file)
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,4 +3,15 @@ class roles::dns_geodns {
   include named::geodns
 
   ssh::keygen { 'geodnssync': }
+  ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+    target_user => 'geodnssync',
+    command     => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+    key         => $facts['geodnssync_key'],
+    collect_tag => 'dns_primary',
+  }
+
+  ssh::authorized_key_collect { 'geodnssync-node':
+    target_user => 'geodnssync',
+    collect_tag => 'geodnssync-node',
+  }
 }