-# the base class defining tings common for all three static classes (master, mirror, source)
+# the base class defining things common for all three static classes (master, mirror, source)
class roles::static::base {
- ssh::keygen {'staticsync': }
- ssh::authorized_key_add { 'staticsync':
- target_user => 'staticsync',
- command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
- key => $facts['staticsync_key'],
- restrict => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
- collect_tag => 'staticsync',
- }
- ssh::authorized_key_collect { 'staticsync':
- target_user => 'staticsync',
- collect_tag => 'staticsync',
- }
+ $query = 'nodes[certname] { resources { type = "Class" and title = "Roles::Static_mirror" } }'
+ $static_mirrors = sort(puppetdb_query($query).map |$value| { $value["certname"] })
file { '/etc/static-components.conf':
content => template('roles/static-mirroring/static-components.conf.erb'),
mode => '0555',
}
- file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
- file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
-
- ferm::rule { 'dsa-static-bt-v4':
- description => 'Allow bt between static hosts',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
- notarule => true,
- }
- ferm::rule { 'dsa-static-bt-v6':
- description => 'Allow bt between static hosts',
- domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
- notarule => true,
- }
-
file { '/etc/staticsync.conf':
content => @("EOF"),
# This file is sourced by bash