X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fssh%2Fmanifests%2Fkeygen.pp;h=6bca7ff8b7247c9c97478fce6794fb646b5aa087;hb=cbab6f33dcaa0e07e0f424fe8e4eceee9551353e;hp=29fd063be5e24ceb1bb6b80d9159cb34e5f0b1cb;hpb=f880a85ec374c50084ce48b2f60eef15276824c5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/manifests/keygen.pp b/modules/ssh/manifests/keygen.pp
index 29fd063be..6bca7ff8b 100644
--- a/modules/ssh/manifests/keygen.pp
+++ b/modules/ssh/manifests/keygen.pp
@@ -1,19 +1,20 @@
 # create an ssh key for user
 define ssh::keygen(
   String $user = $name,
+  String $keyfile = 'id_rsa',
 ) {
-  if $facts["${user}_user_exists"] == undef {
-    notify{"We do not have facters for user ${user} existance and keys -- add it to modules/debian_org/lib/facter/roleaccounts.rb": }
-  } elsif $facts["${user}_user_exists"] {
-    if ! $facts["${user}_key"] {
-      exec { "create-${user}-ssh-key":
-        command => @("EOF"),
-          /bin/su - ${user} -c 'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q'
-          | EOF
-        onlyif  => "/usr/bin/getent passwd ${user} > /dev/null && ! [ -e ~${user}/.ssh/id_rsa ]"
-      }
+  if ! $facts['ssh_keys_users'] {
+    notify { 'We do not have an ssh_keys_users fact!':
+      loglevel => warning,
+    }
+  } elsif ! $facts['ssh_keys_users'][$user] or ! $facts['ssh_keys_users'][$user]["${keyfile}.pub"] {
+    # We use su - rather than user => so that our pam config creates the homedir
+    # for the user if it does not yet exist.
+    exec { "create-${user}-ssh-key-${keyfile}":
+      command => @("EOF"),
+        /bin/su - ${user} -c 'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/${keyfile} -q'
+        | EOF
+      onlyif  => "/usr/bin/getent passwd '${user}' > /dev/null && ! [ -e ~${user}/'.ssh/${keyfile}' ]",
     }
-  } else {
-    notify{"User ${user} does not exist on this host.  Will not create ssh key": }
   }
 }