[mirror/dsa-puppet.git] / modules / portforwarder / templates / authorized_keys.erb

##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##

<%=

require 'digest/sha1'
def get_local_ip_addr(host)
        hash = Digest::SHA1.digest(host)
        return '127.101.%d.%d'%[hash[0].ord, hash[1].ord]
end

def getportforwarderkey(host)
        key = nil
        begin
                facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
                return facts.values['portforwarder_key']
        rescue Exception => e
        end
        return key
end


lines = []
config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
config.each_pair do |sourcehost, services|
        allowed_ports = []

        ##lines << "# sourcehost is #{sourcehost}"
        services.each do |service|
                ##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
                next if service['target_host'] != fqdn
                allowed_ports << service['target_port'] if service['target_port']
        end

        if allowed_ports.length > 0
                sshkey = getportforwarderkey(sourcehost)
                remote_ip = scope.lookupvar('site::allnodeinfo')[sourcehost]['ipHostNumber'].join(',')
                local_bind = get_local_ip_addr(sourcehost)

                lines << "# from #{sourcehost}"
                if sshkey.nil? or remote_ip.nil? or local_bind.nil?
                        lines << "# insufficient config values"
                else
                        command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
                        lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
                end
        end
end
lines.join("\n")
%>