ssh-keygen on pg servers

diff --git a/modules/debian-org/lib/facter/roleaccounts.rb b/modules/debian-org/lib/facter/roleaccounts.rb
index afa6f19..221c376 100644 (file)
--- a/modules/debian-org/lib/facter/roleaccounts.rb
+++ b/modules/debian-org/lib/facter/roleaccounts.rb
@@ -1,6 +1,17 @@
 begin
     require 'etc'
 
+    Facter.add("postgresql_key") do
+        setcode do
+            key = nil
+            keyfile = '/var/lib/postgresql/.ssh/id_rsa.pub'
+            if FileTest.exist?(keyfile)
+                key = File.open(keyfile).read.chomp
+            end
+            key
+        end
+    end
+
     Facter.add("staticsync_key") do
         setcode do
             key = nil

diff --git a/modules/roles/manifests/postgresql_server.pp b/modules/roles/manifests/postgresql_server.pp
index e90c27e..3fbaa63 100644 (file)
--- a/modules/roles/manifests/postgresql_server.pp
+++ b/modules/roles/manifests/postgresql_server.pp
@@ -10,4 +10,11 @@ class roles::postgresql_server {
        file { "/etc/dsa/pg-backup-file.conf":
                content => template('roles/postgresql_server/pg-backup-file.conf.erb'),
        }
+
+       if ! $::postgresql_key {
+               exec { 'create-postgresql-key':
+                       command => '/bin/su - postgres -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+                       onlyif  => '/usr/bin/getent passwd postgres > /dev/null && ! [ -e /var/lib/postgresql/.ssh/id_rsa ]'
+               }
+       }
 }