export staticsync ssh keys, but do not yet collect
authorPeter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 23:08:23 +0000 (01:08 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 23:08:23 +0000 (01:08 +0200)
modules/roles/manifests/static_base.pp
modules/roles/manifests/static_master.pp
modules/roles/manifests/static_mirror.pp
modules/roles/manifests/static_source.pp
modules/roles/manifests/static_srvdir.pp

index 37f4f02..1c8e74d 100644 (file)
@@ -1,5 +1,16 @@
+# the base class defining tings common for all three static classes (master, mirror, source)
 class roles::static_base {
   ssh::keygen {'staticsync': }
+  ssh::authorized_key_add { 'staticsync':
+    target_user => 'staticsync',
+    command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+    key         => $facts['staticsync_key'],
+    collect_tag => 'staticsync',
+  }
+#  ssh::authorized_key_collect { 'staticsync':
+#    target_user => 'staticsync',
+#    collect_tag => 'staticsync',
+#  }
 
   file { '/etc/static-components.conf':
     content => template('roles/static-mirroring/static-components.conf.erb'),
index e66dc3f..bb48757 100644 (file)
@@ -1,3 +1,8 @@
+# static master
+#
+# each component defines exactly one static master.  Content is copied from the source host
+# to the master, and from there to all the mirrors.
+#
 class roles::static_master {
   include roles::static_base
   include roles::static_srvdir
index 834ad24..4b4c408 100644 (file)
@@ -1,3 +1,6 @@
+# a static mirror
+#
+# this receives pushes from the master and then usually serves the content to the public
 class roles::static_mirror {
   include roles::static_base
   include roles::static_srvdir
index 25c99a9..b34db3f 100644 (file)
@@ -1,3 +1,6 @@
+# a static source
+#
+# origin of static content.  From here it goes to the static master before that one pushes it to the mirrors
 class roles::static_source {
   include roles::static_base
 }
index 067b361..5a87bd3 100644 (file)
@@ -1,3 +1,4 @@
+# create the directory on static hosts and disable backups
 class roles::static_srvdir {
   file { '/srv/static.debian.org':
     ensure => directory,