From 44317f4fd68ff0110d334c57d623b3a873b9f026 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 8 Sep 2019 10:51:56 +0200
Subject: [PATCH] Switch the wb-buildd ssh keys to collected snippets

---
 modules/roles/manifests/buildd_master.pp      |  5 ++-
 .../buildd_master_wb-authorized_keys.erb      | 43 -------------------
 2 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 modules/roles/templates/buildd_master_wb-authorized_keys.erb

diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp
index 7fe104391..d4d163ceb 100644
--- a/modules/roles/manifests/buildd_master.pp
+++ b/modules/roles/manifests/buildd_master.pp
@@ -4,7 +4,8 @@ class roles::buildd_master {
     key => true,
   }
 
-  file { '/etc/ssh/userkeys/wb-buildd.more':
-    content => template('roles/buildd_master_wb-authorized_keys.erb'),
+  ssh::authorized_key_collect { 'buildd-master':
+    target_user => 'wb-buildd',
+    collect_tag => 'buildd_master',
   }
 }
diff --git a/modules/roles/templates/buildd_master_wb-authorized_keys.erb b/modules/roles/templates/buildd_master_wb-authorized_keys.erb
deleted file mode 100644
index ff9eebede..000000000
--- a/modules/roles/templates/buildd_master_wb-authorized_keys.erb
+++ /dev/null
@@ -1,43 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-##
-
-<%=
-def getbuilddkey(host)
-  key = nil
-  begin
-    facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
-    return facts.values['buildd_key']
-  rescue Exception => e
-  end
-  return key
-end
-
-allnodeinfo = scope.lookupvar('site::allnodeinfo')
-buildds = []
-
-allnodeinfo.keys.sort.each do |node|
-  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
-  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd')
-  key = getbuilddkey(node)
-  buildds << { 'node' => node, 'addr' => allnodeinfo[node]['ipHostNumber'], 'key' => key}
-end
-
-lines = []
-for m in buildds do
-  lines << '# ' + m['node']
-  if m['key'].nil?
-    lines << "## no key for node"
-  else
-    lines << "command=\"/srv/wanna-build/bin/wanna-build --ssh-wrapper #{m['node'].split('.')[0]}\"," +
-             'restrict,' +
-             'from="' + m['addr'].join(',') + '" ' +
-             m['key']
-  end
-end
-
-lines.join("\n")
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
-%>
-- 
2.20.1