nm.d.o no longer needs access to projectb on bmdb1

[mirror/dsa-puppet.git] / modules / roles / manifests / weblog_provider.pp

diff --git a/modules/roles/manifests/weblog_provider.pp b/modules/roles/manifests/weblog_provider.pp
index c69c2eb..bed4aac 100644 (file)
--- a/modules/roles/manifests/weblog_provider.pp
+++ b/modules/roles/manifests/weblog_provider.pp
@@ -1,12 +1,18 @@
+# a provider of webserver logs
 class roles::weblog_provider {
-       if ! $::weblogsync_key {
-               exec { 'create-weblogsync-key':
-                       command => '/bin/su - weblogsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-                       onlyif  => '/usr/bin/getent passwd weblogsync > /dev/null && ! [ -e /home/weblogsync/.ssh/id_rsa ]'
-               }
-       } else {
-               file { '/etc/cron.d/puppet-weblog-provider':
-                       content => "SHELL=/bin/bash\n\n0 */4 * * * weblogsync sleep $((RANDOM %% 1800)); rsync -a --delete-excluded --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@ravel:-weblogs-incoming-\n",
-               }
-       }
+  ssh::keygen {'weblogsync': }
+  ssh::authorized_key_add { 'weblongsync-provider::destination':
+    target_user => 'weblogsync',
+    key         => dig($facts, 'ssh_keys_users', 'weblogsync', 'id_rsa.pub', 'line'),
+    command     => "/srv/weblogs.debian.org/bin/ssh-wrap ${::fqdn}",
+    collect_tag => 'weblogsync',
+  }
+
+  file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, }
+  concat::fragment { 'puppet-crontab--weblog-provider':
+    target => '/etc/cron.d/puppet-crontab',
+    content  => @(EOF)
+                0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-
+                | EOF
+  }
 }