X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssh%2Fmanifests%2Fkeygen.pp;h=6bca7ff8b7247c9c97478fce6794fb646b5aa087;hb=428e8b8082b32e591bc8200d35eb5912c56a2e53;hp=0af33418ca7afb52416595b598a21645b045b6bb;hpb=0ed55c82789b31b34176a2fdb803dd09a4d6e686;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/manifests/keygen.pp b/modules/ssh/manifests/keygen.pp
index 0af33418c..6bca7ff8b 100644
--- a/modules/ssh/manifests/keygen.pp
+++ b/modules/ssh/manifests/keygen.pp
@@ -1,23 +1,20 @@
 # create an ssh key for user
 define ssh::keygen(
   String $user = $name,
+  String $keyfile = 'id_rsa',
 ) {
-  if $facts["${user}_user_exists"] == undef {
-    notify { "We do not have facters for user ${user} existance and keys -- add it to modules/debian_org/lib/facter/roleaccounts.rb":
+  if ! $facts['ssh_keys_users'] {
+    notify { 'We do not have an ssh_keys_users fact!':
       loglevel => warning,
     }
-  } elsif $facts["${user}_user_exists"] {
-    if ! $facts["${user}_key"] {
-      exec { "create-${user}-ssh-key":
-        command => @("EOF"),
-          /bin/su - ${user} -c 'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q'
-          | EOF
-        onlyif  => "/usr/bin/getent passwd ${user} > /dev/null && ! [ -e ~${user}/.ssh/id_rsa ]"
-      }
-    }
-  } else {
-    notify { "User ${user} does not exist on this host.  Will not create ssh key":
-      loglevel => warning,
+  } elsif ! $facts['ssh_keys_users'][$user] or ! $facts['ssh_keys_users'][$user]["${keyfile}.pub"] {
+    # We use su - rather than user => so that our pam config creates the homedir
+    # for the user if it does not yet exist.
+    exec { "create-${user}-ssh-key-${keyfile}":
+      command => @("EOF"),
+        /bin/su - ${user} -c 'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/${keyfile} -q'
+        | EOF
+      onlyif  => "/usr/bin/getent passwd '${user}' > /dev/null && ! [ -e ~${user}/'.ssh/${keyfile}' ]",
     }
   }
 }