From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 9 Sep 2019 20:16:39 +0000 (+0200)
Subject: the letsencrypt user on the dns primary pushes certs to the puppet master
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=040032b8bd681c36f61c111e0b4ad500ee74b81f;p=mirror%2Fdsa-puppet.git

the letsencrypt user on the dns primary pushes certs to the puppet master
---

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 7e4327ab5..3e9c5bf40 100644
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -22,4 +22,12 @@ class roles::dns_primary {
     key         => $facts['dnsadm_key'],
     collect_tag => 'geodnssync-node',
   }
+
+  ssh::keygen {'letsencrypt': }
+  ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
+    target_user => 'puppet',
+    command     => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
+    key         => $facts['letsencrypt_key'],
+    collect_tag => 'puppetmaster',
+  }
 }
diff --git a/modules/roles/manifests/puppetmaster.pp b/modules/roles/manifests/puppetmaster.pp
index 258fd43ab..af3855d32 100644
--- a/modules/roles/manifests/puppetmaster.pp
+++ b/modules/roles/manifests/puppetmaster.pp
@@ -6,4 +6,9 @@ class roles::puppetmaster {
     target_user => 'dsa',
     collect_tag => 'puppetmaster',
   }
+
+  ssh::authorized_key_collect { 'puppetmaster':
+    target_user => 'puppet',
+    collect_tag => 'puppetmaster',
+  }
 }