projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cf44469
)
do not hardcode dns primary ssh key for syncing to secondaries
author
Peter Palfrader
<peter@palfrader.org>
Sat, 7 Sep 2019 21:25:24 +0000
(23:25 +0200)
committer
Peter Palfrader
<peter@palfrader.org>
Sat, 7 Sep 2019 21:25:27 +0000
(23:25 +0200)
modules/named/files/common/authorized_keys
[deleted file]
patch
|
blob
|
history
modules/named/manifests/geodns.pp
patch
|
blob
|
history
modules/roles/manifests/dns_geodns.pp
patch
|
blob
|
history
modules/roles/manifests/dns_primary.pp
patch
|
blob
|
history
diff --git
a/modules/named/files/common/authorized_keys
b/modules/named/files/common/authorized_keys
deleted file mode 100644
(file)
index
bb3517f
..0000000
--- a/
modules/named/files/common/authorized_keys
+++ /dev/null
@@
-1,5
+0,0 @@
-#
-# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-#
-from="82.195.75.91,2001:41b8:202:deb:1b1b::91",command="/etc/bind/geodns/trigger",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtZqwdRGRGycqd+EqSzMfXHZa8caLx2yjkQs3hXOWDcAkfbFhsjgnVanx90i8/FIIIVKWPHXvRpS8dsKfBn4MbVq6AYYcx/sYS9uMMjLWFMC0TqrOp4IgHMH3qXlgsq/eOnqvQXDU3DO3p2TVS/a4F7vh8/nPQtDM1JVnMgZL4rx0aXYVcFIdxv9Sy76K4MBENOnXJ73qmRaVu6fIUfk9MAdzIcMx3iOYiO78vytc4xezq743iIOee0vpY1VnF2CDxrWoVyDGDH7qNk8xeFzAGm91xrcSkVEmMVbD9vMLOOPsEZNMJlimEDetEiNwJoS0HzHq6jccksb1wjs2tOr8X dnsadm@denis (20131230)
diff --git
a/modules/named/manifests/geodns.pp
b/modules/named/manifests/geodns.pp
index
d9684f3
..
43828d4
100644
(file)
--- a/
modules/named/manifests/geodns.pp
+++ b/
modules/named/manifests/geodns.pp
@@
-47,11
+47,6
@@
class named::geodns inherits named {
mode => '0555',
source => 'puppet:///modules/named/common/trigger',
}
mode => '0555',
source => 'puppet:///modules/named/common/trigger',
}
- file { '/etc/ssh/userkeys/geodnssync':
- source => 'puppet:///modules/named/common/authorized_keys',
- group => geodnssync,
- mode => '0440',
- }
file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
concat::fragment { 'dsa-puppet-stuff--geodns-boot':
target => '/etc/cron.d/dsa-puppet-stuff',
file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
concat::fragment { 'dsa-puppet-stuff--geodns-boot':
target => '/etc/cron.d/dsa-puppet-stuff',
diff --git
a/modules/roles/manifests/dns_geodns.pp
b/modules/roles/manifests/dns_geodns.pp
index
48bb916
..
f2197c5
100644
(file)
--- a/
modules/roles/manifests/dns_geodns.pp
+++ b/
modules/roles/manifests/dns_geodns.pp
@@
-3,4
+3,9
@@
class roles::dns_geodns {
include named::geodns
ssh::keygen { 'geodnssync': }
include named::geodns
ssh::keygen { 'geodnssync': }
+
+ ssh::authorized_key_collect { 'geodnssync-node':
+ target_user => 'geodnssync',
+ collect_tag => 'geodnssync-node',
+ }
}
}
diff --git
a/modules/roles/manifests/dns_primary.pp
b/modules/roles/manifests/dns_primary.pp
index
0038e63
..
193cf61
100644
(file)
--- a/
modules/roles/manifests/dns_primary.pp
+++ b/
modules/roles/manifests/dns_primary.pp
@@
-11,4
+11,11
@@
class roles::dns_primary {
collect_tag => 'dns_primary',
}
ssh::keygen {'dnsadm': }
collect_tag => 'dns_primary',
}
ssh::keygen {'dnsadm': }
+
+ ssh::authorized_key_add { 'dns_primary::geodns':
+ target_user => 'geodnssync',
+ command => '/etc/bind/geodns/trigger',
+ key => $facts['dnsadm_key'],
+ collect_tag => 'geodnssync-node',
+ }
}
}