Update the way we populate machine ssh keys for da-backup

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index c83c541..3900ace 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -116,5 +116,8 @@ roles:
     - wolkenstein.debian.org
   postgres_backup_server:
     - backuphost.debian.org
+  dabackup_client:
+    - moszumanska.debian.org
+    - lw03.debian.org
   gobby_debian_org:
     - gombert.debian.org

diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb
index c80a02e..a37c0c6 100644 (file)
--- a/modules/ssh/templates/authorized_keys.erb
+++ b/modules/ssh/templates/authorized_keys.erb
@@ -1,3 +1,8 @@
+<%
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  roles = scope.lookupvar('site::roles')
+%>
+
 # local admin
 <%= hosterkeys = case scope.lookupvar('site::nodeinfo')['hoster']['name']
          when "ubcece" then
@@ -12,7 +17,6 @@ localkeys
 %>
 <%=
   ganetikeys = []
-  allnodeinfo = scope.lookupvar('site::allnodeinfo')
   if scope.lookupvar('::cluster').to_s != 'undefined'
     scope.lookupvar('::cluster_nodes').split.sort.each do |node|
       if allnodeinfo.has_key?(node)
@@ -39,27 +43,21 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9rh9AuBKt7yEAgtpvTPTl/SJWi2nAe5h5cnhTpWw
 # sgran
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAuGJnElqbhgLtmJp/de8s42cAwKrkAhFq5u8EAkauEv6BZNqvY/6aRBxCNU55e5JZKa7D1qKMG0upZFCOl5K36uv0KXlCvIMgaQqQcce41dtNRmiyHpw3LXqdV2qJNpJAXMpsEN4F/STkftTOcFhI9nhz88IIwsboCErla1W8NxxRkBU0FxpT4Zn1wBlq30o12gtBFs3lO+nE7+k8H8I791V+3kjVAXCDh5Ep8BY4Bg8eSuhwUgmiNvWf6E6/D0s9pFJdAMFKFLPivsnc13nfgYDmxZQKrkVV8LqIGaisy7Q3LdQLKBraWYmfQ5idkaPK+EUSERdusG7pB0wzp1ieA1iEkgMRFFLBx22tQmEdmu+Wo3vM77FmNYWvvPKDwKYn1uwg0Kgf1JTWlFwq5C73EG3Q6Vb6ExNPaX/GMDkpi0Km5p2/BIM/jyCmCH+ScFRCtzJoxEg3L7BFdCKgY1bQW2pZDMRQ9nc32+EDUGQQbYp44/8mr4mXqDYV4VElZTqWZ6hJZk1cS7hustO8lJE3Yykp+q/5I0cq7fxe5aLBO5DwTPq9EY/dlcTy8z09Itm/AcJuCipg4I0nQ1cSDTNYn+4NVxoga/yS3gJlU5euXKmcaK9SaRCBIHtWR/Semza3Imvgtgd25bwKI+6VT/fHgqgmvo184NZID099w2E90eE= sgran's root key for debian.org machines
 
-<%= machine_keys = case fqdn
-   when "beethoven.debian.org" then
-     out = ''
-     scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
-       out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '
-command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + '
+<%=
 
-'
-     end
-     out
-   when "backuphost.debian.org" then
-     out = ''
-     scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
-       if %w{moszumanska.debian.org stabile.debian.org}.include?(node) then
-         out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '
-command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + '
+machine_keys = []
+case fqdn
+  when "backuphost.debian.org" then
+    roles['dabackup_client'].each do |node|
+      if allnodeinfo.has_key?(node)
+        hostname = allnodeinfo[node]['hostname'][0]
 
-'
+        machine_keys << "#  #{hostname}"
+        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}"
+      else
+        machine_keys << "# host #{node} not found in allnodeinfo"
       end
-     end
-     out
-   end
-machine_keys
+  end
+end
+machine_keys.join("\n")
 %>