From: Peter Palfrader Date: Sat, 7 Sep 2019 22:06:34 +0000 (+0200) Subject: ssh setup for weblog sync X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=dd86267553d18aec658a353881a063c283239211;p=mirror%2Fdsa-puppet.git ssh setup for weblog sync --- diff --git a/modules/roles/manifests/weblog_destination.pp b/modules/roles/manifests/weblog_destination.pp index 662bdee90..8f051be10 100644 --- a/modules/roles/manifests/weblog_destination.pp +++ b/modules/roles/manifests/weblog_destination.pp @@ -1,5 +1,7 @@ +# the sink where all provider of webserver logs ship their things to class roles::weblog_destination { - file { '/etc/ssh/userkeys/weblogsync': - content => template('roles/weblog_destination-authorized_keys.erb'), - } + ssh::authorized_key_collect { 'weblogsync': + target_user => 'weblogsync', + collect_tag => 'weblogsync', + } } diff --git a/modules/roles/manifests/weblog_provider.pp b/modules/roles/manifests/weblog_provider.pp index b7ea0bb50..0c8b0487f 100644 --- a/modules/roles/manifests/weblog_provider.pp +++ b/modules/roles/manifests/weblog_provider.pp @@ -1,5 +1,12 @@ +# a provider of webserver logs class roles::weblog_provider { ssh::keygen {'weblogsync': } + ssh::authorized_key_add { 'weblongsync-provider::destination': + target_user => 'weblogsync', + command => "/srv/weblogs.debian.org/bin/ssh-wrap ${::fqdn}", + key => $facts['weblogsync_key'], + collect_tag => 'weblogsync', + } file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, } concat::fragment { 'dsa-puppet-stuff--weblog-provider': diff --git a/modules/roles/templates/weblog_destination-authorized_keys.erb b/modules/roles/templates/weblog_destination-authorized_keys.erb deleted file mode 100644 index 60867e525..000000000 --- a/modules/roles/templates/weblog_destination-authorized_keys.erb +++ /dev/null @@ -1,42 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## - -<%= -def getweblogsynckey(host) - key = nil - begin - facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read) - return facts.values['weblogsync_key'] - rescue Exception => e - end - return key -end - -allnodeinfo = scope.lookupvar('site::allnodeinfo') -roles = scope.lookupvar('site::roles') - -mirrors = [] -roles['weblog_provider'].each do |node| - key = getweblogsynckey(node) - mirrors << { 'node' => node, 'addr' => allnodeinfo[node]['ipHostNumber'], 'key' => key} -end - -lines = [] -for m in mirrors do - lines << '# ' + m['node'] - if m['key'].nil? - lines << "# no key for node" - else - lines << "command=\"/srv/weblogs.debian.org/bin/ssh-wrap #{m['node']}\"," + - 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' + - 'from="' + m['addr'].join(',') + '" ' + - m['key'] - end -end - -lines.join("\n") -# vim:set et: -# vim:set sts=4 ts=4: -# vim:set shiftwidth=4: -%>