do not hardcode dns primary ssh key for syncing to secondaries

author Peter Palfrader <peter@palfrader.org>

Sat, 7 Sep 2019 21:25:24 +0000 (23:25 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 7 Sep 2019 21:25:27 +0000 (23:25 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 21:25:24 +0000 (23:25 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 21:25:27 +0000 (23:25 +0200)
diff --git a/modules/named/files/common/authorized_keys b/modules/named/files/common/authorized_keys

deleted file mode 100644 (file)

index bb3517f..0000000
--- a/modules/named/files/common/authorized_keys
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-# USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-#
-from="82.195.75.91,2001:41b8:202:deb:1b1b::91",command="/etc/bind/geodns/trigger",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtZqwdRGRGycqd+EqSzMfXHZa8caLx2yjkQs3hXOWDcAkfbFhsjgnVanx90i8/FIIIVKWPHXvRpS8dsKfBn4MbVq6AYYcx/sYS9uMMjLWFMC0TqrOp4IgHMH3qXlgsq/eOnqvQXDU3DO3p2TVS/a4F7vh8/nPQtDM1JVnMgZL4rx0aXYVcFIdxv9Sy76K4MBENOnXJ73qmRaVu6fIUfk9MAdzIcMx3iOYiO78vytc4xezq743iIOee0vpY1VnF2CDxrWoVyDGDH7qNk8xeFzAGm91xrcSkVEmMVbD9vMLOOPsEZNMJlimEDetEiNwJoS0HzHq6jccksb1wjs2tOr8X dnsadm@denis (20131230)
diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp

index d9684f3..43828d4 100644 (file)
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -47,11 +47,6 @@ class named::geodns inherits named {
                 mode   => '0555',
                 source => 'puppet:///modules/named/common/trigger',
         }
-       file { '/etc/ssh/userkeys/geodnssync':
-               source => 'puppet:///modules/named/common/authorized_keys',
-               group  => geodnssync,
-               mode   => '0440',
-       }
         file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
         concat::fragment { 'dsa-puppet-stuff--geodns-boot':
                 target => '/etc/cron.d/dsa-puppet-stuff',
diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp

index 48bb916..f2197c5 100644 (file)
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,4 +3,9 @@ class roles::dns_geodns {
    include named::geodns
  
    ssh::keygen { 'geodnssync': }
+
+  ssh::authorized_key_collect { 'geodnssync-node':
+    target_user => 'geodnssync',
+    collect_tag => 'geodnssync-node',
+  }
  }
diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp

index 0038e63..193cf61 100644 (file)
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -11,4 +11,11 @@ class roles::dns_primary {
      collect_tag => 'dns_primary',
    }
    ssh::keygen {'dnsadm': }
+
+  ssh::authorized_key_add { 'dns_primary::geodns':
+    target_user => 'geodnssync',
+    command     => '/etc/bind/geodns/trigger',
+    key         => $facts['dnsadm_key'],
+    collect_tag => 'geodnssync-node',
+  }
  }
author	Peter Palfrader <peter@palfrader.org>
	Sat, 7 Sep 2019 21:25:24 +0000 (23:25 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 7 Sep 2019 21:25:27 +0000 (23:25 +0200)
modules/named/files/common/authorized_keys	[deleted file]	patch \| blob \| history
modules/named/manifests/geodns.pp		patch \| blob \| history
modules/roles/manifests/dns_geodns.pp		patch \| blob \| history
modules/roles/manifests/dns_primary.pp		patch \| blob \| history