From 775de9c26da69d37a5c285af4e2fe49524764fa3 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 2 May 2018 16:20:30 +0200
Subject: [PATCH] put initial ssh_known_hosts in place and run ud-replicate by
 puppet

---
 modules/debian_org/lib/facter/paths.rb |  1 +
 modules/debian_org/manifests/init.pp   | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/modules/debian_org/lib/facter/paths.rb b/modules/debian_org/lib/facter/paths.rb
index ee6afbce2..c422bc410 100644
--- a/modules/debian_org/lib/facter/paths.rb
+++ b/modules/debian_org/lib/facter/paths.rb
@@ -14,6 +14,7 @@
    /srv/mirrors/public-debian-security
    /dev/hwrng
    /lib/udev/rules.d/60-kpartx.rules
+   /etc/ssh/ssh_known_hosts
 }.each do |path|
 	Facter.add("has" + path.gsub(/[\/.-]/,'_')) do
 		setcode do
diff --git a/modules/debian_org/manifests/init.pp b/modules/debian_org/manifests/init.pp
index 09d3ac749..bfb448954 100644
--- a/modules/debian_org/manifests/init.pp
+++ b/modules/debian_org/manifests/init.pp
@@ -356,4 +356,22 @@ class debian_org {
 		content => "",
 		mode => '0444',
 	}
+
+	# this is only to avoid warnings, else puppet will complain that we
+	# have a symlink there, even if we're not replacing it anyhow.
+	if ! $has_etc_ssh_ssh_known_hosts {
+		file { '/etc/ssh/ssh_known_hosts':
+			ensure  => 'present',
+			replace => 'no',
+			content => inline_template('<%= open("/etc/ssh/ssh_known_hosts").read() %>'),
+			notify  => Exec['ud-replicate'],
+		}
+	}
+
+	exec { 'ud-replicate':
+		path => '/usr/bin:/usr/sbin:/bin:/sbin',
+		command => '/usr/bin/ud-replicate',
+		refreshonly => true,
+		require => Package['userdir-ldap']
+	}
 }
-- 
2.20.1