create authorized_keys for wb-buildd
authorPeter Palfrader <peter@palfrader.org>
Sat, 14 Feb 2015 14:08:57 +0000 (15:08 +0100)
committerPeter Palfrader <peter@palfrader.org>
Sat, 14 Feb 2015 14:08:57 +0000 (15:08 +0100)
modules/roles/manifests/buildd_master.pp
modules/roles/templates/buildd_master_wb-authorized_keys.erb [new file with mode: 0644]

index d80bfab..e431acc 100644 (file)
@@ -2,4 +2,8 @@ class roles::buildd_master {
        ssl::service { 'buildd.debian.org':
                notify => Service['apache2'],
        }
+
+       file { '/etc/ssh/userkeys/wb-buildd.TEST':
+               content => template('roles/buildd_master_wb-authorized_keys.erb'),
+       }
 }
diff --git a/modules/roles/templates/buildd_master_wb-authorized_keys.erb b/modules/roles/templates/buildd_master_wb-authorized_keys.erb
new file mode 100644 (file)
index 0000000..67267c9
--- /dev/null
@@ -0,0 +1,42 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+<%=
+def getbuilddkey(host)
+    key = nil
+    begin
+        facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+        return facts.values['buildd_key']
+    rescue Exception => e
+    end
+    return key
+end
+
+allnodeinfo = scope.lookupvar('site::allnodeinfo')
+roles = scope.lookupvar('site::roles')
+
+mirrors = []
+roles['buildd'].each do |node|
+        key = getbuilddkey(node)
+        mirrors << { 'node' => node, 'addr' => allnodeinfo[node]['ipHostNumber'], 'key' => key}
+end
+
+lines = []
+for m in mirrors do
+    lines << '# ' + m['node']
+    if m['key'].nil?
+        lines << "# no key for node"
+    else
+        lines << "command=\"/srv/wanna-build/bin/wanna-build --ssh-wrapper  #{m['node']}\"," +
+                 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' +
+                 'from="' + m['addr'].join(',') + '" ' +
+                 m['key']
+    end
+end
+
+lines.join("\n")
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
+%>