From: Peter Palfrader Date: Sat, 14 Feb 2015 14:08:57 +0000 (+0100) Subject: create authorized_keys for wb-buildd X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=358a56bc09139e443b6d7fc9e5578041908c147c;p=mirror%2Fdsa-puppet.git create authorized_keys for wb-buildd --- diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp index d80bfab9a..e431accef 100644 --- a/modules/roles/manifests/buildd_master.pp +++ b/modules/roles/manifests/buildd_master.pp @@ -2,4 +2,8 @@ class roles::buildd_master { ssl::service { 'buildd.debian.org': notify => Service['apache2'], } + + file { '/etc/ssh/userkeys/wb-buildd.TEST': + content => template('roles/buildd_master_wb-authorized_keys.erb'), + } } diff --git a/modules/roles/templates/buildd_master_wb-authorized_keys.erb b/modules/roles/templates/buildd_master_wb-authorized_keys.erb new file mode 100644 index 000000000..67267c934 --- /dev/null +++ b/modules/roles/templates/buildd_master_wb-authorized_keys.erb @@ -0,0 +1,42 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## + +<%= +def getbuilddkey(host) + key = nil + begin + facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read) + return facts.values['buildd_key'] + rescue Exception => e + end + return key +end + +allnodeinfo = scope.lookupvar('site::allnodeinfo') +roles = scope.lookupvar('site::roles') + +mirrors = [] +roles['buildd'].each do |node| + key = getbuilddkey(node) + mirrors << { 'node' => node, 'addr' => allnodeinfo[node]['ipHostNumber'], 'key' => key} +end + +lines = [] +for m in mirrors do + lines << '# ' + m['node'] + if m['key'].nil? + lines << "# no key for node" + else + lines << "command=\"/srv/wanna-build/bin/wanna-build --ssh-wrapper #{m['node']}\"," + + 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' + + 'from="' + m['addr'].join(',') + '" ' + + m['key'] + end +end + +lines.join("\n") +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: +%>