+# a provider of webserver logs
class roles::weblog_provider {
- if ! $::weblogsync_key {
- exec { 'create-weblogsync-key':
- command => '/bin/su - weblogsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
- onlyif => '/usr/bin/getent passwd weblogsync > /dev/null && ! [ -e /home/weblogsync/.ssh/id_rsa ]'
- }
- } else {
- file { '/etc/cron.d/puppet-weblog-provider':
- content => "SHELL=/bin/bash\n\n0 */4 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-\n",
- }
- }
+ ssh::keygen {'weblogsync': }
+ ssh::authorized_key_add { 'weblongsync-provider::destination':
+ target_user => 'weblogsync',
+ key => dig($facts, 'ssh_keys_users', 'weblogsync', 'id_rsa.pub', 'line'),
+ command => "/srv/weblogs.debian.org/bin/ssh-wrap ${::fqdn}",
+ collect_tag => 'weblogsync',
+ }
+
+ file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, }
+ concat::fragment { 'puppet-crontab--weblog-provider':
+ target => '/etc/cron.d/puppet-crontab',
+ content => @(EOF)
+ 0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-
+ | EOF
+ }
}