From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Sep 2019 22:01:04 +0000 (+0200)
Subject: switch ssh-keygens to ssh::keygen
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e2179b02047f4b3f0407d62fb706093f5bcef91f;p=mirror%2Fdsa-puppet.git

switch ssh-keygens to ssh::keygen
---

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index 29a35246a..a8affb0ce 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -91,12 +91,7 @@ class buildd ($ensure=present) {
 			owner   => buildd,
 		}
 
-		if ! $::buildd_key {
-			exec { 'create-buildd-key':
-				command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-				onlyif  => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]'
-			}
-		}
+		ssh::keygen {'buildd': }
 
 		#
 		# buildd/pybuildd configuration
diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp
index e5a59828f..9cb62f607 100644
--- a/modules/portforwarder/manifests/init.pp
+++ b/modules/portforwarder/manifests/init.pp
@@ -3,12 +3,7 @@ class portforwarder {
 	# for now this will have to be done manually
 
 	if $::portforwarder_user_exists {
-		if ! $::portforwarder_key {
-			exec { 'create-portforwarder-key':
-				command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-				onlyif  => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]'
-			}
-		}
+		ssh::keygen {'portforwarder': }
 
 		file { '/etc/ssh/userkeys/portforwarder':
 			content => template('portforwarder/authorized_keys.erb'),
diff --git a/modules/postgres/manifests/backup_source.pp b/modules/postgres/manifests/backup_source.pp
index d67f6756e..146726ace 100644
--- a/modules/postgres/manifests/backup_source.pp
+++ b/modules/postgres/manifests/backup_source.pp
@@ -14,12 +14,7 @@ class postgres::backup_source {
 		content => template('roles/postgresql_server/pg-backup-file.conf.erb'),
 	}
 
-	if ! $::postgres_key {
-		exec { 'create-postgres-key':
-			command => '/bin/su - postgres -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-			onlyif  => '/usr/bin/getent passwd postgres > /dev/null && ! [ -e /var/lib/postgresql/.ssh/id_rsa ]'
-		}
-	}
+	ssh::keygen {'postgres': }
 
 
 	if $::hostname in [melartin, vittoria] {
diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index bade119d2..c8b83981d 100644
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -1,10 +1,5 @@
 class roles::static_base {
-	if ! $::staticsync_key {
-		exec { 'create-staticsync-key':
-			command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-			onlyif  => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
-		}
-	}
+	ssh::keygen {'staticsync': }
 
 	file { '/etc/static-components.conf':
 		content => template('roles/static-mirroring/static-components.conf.erb'),
diff --git a/modules/roles/manifests/weblog_provider.pp b/modules/roles/manifests/weblog_provider.pp
index 0b3cb8d8a..b7ea0bb50 100644
--- a/modules/roles/manifests/weblog_provider.pp
+++ b/modules/roles/manifests/weblog_provider.pp
@@ -1,16 +1,11 @@
 class roles::weblog_provider {
-	if ! $::weblogsync_key {
-		exec { 'create-weblogsync-key':
-			command => '/bin/su - weblogsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-			onlyif  => '/usr/bin/getent passwd weblogsync > /dev/null && ! [ -e /home/weblogsync/.ssh/id_rsa ]'
-		}
-	} else {
-		file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, }
-		concat::fragment { 'dsa-puppet-stuff--weblog-provider':
-			target => '/etc/cron.d/dsa-puppet-stuff',
-			content  => @(EOF)
-				0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-
-				| EOF
-		}
-	}
+  ssh::keygen {'weblogsync': }
+
+  file { '/etc/cron.d/puppet-weblog-provider': ensure => absent, }
+  concat::fragment { 'dsa-puppet-stuff--weblog-provider':
+    target => '/etc/cron.d/dsa-puppet-stuff',
+    content  => @(EOF)
+                0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-
+                | EOF
+  }
 }