Set up ssh between snapshot nodes

diff --git a/data/nodes/lw01.debian.org.yaml b/data/nodes/lw01.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw01.debian.org.yaml
+++ b/data/nodes/lw01.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/lw02.debian.org.yaml b/data/nodes/lw02.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw02.debian.org.yaml
+++ b/data/nodes/lw02.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/lw03.debian.org.yaml b/data/nodes/lw03.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw03.debian.org.yaml
+++ b/data/nodes/lw03.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/lw04.debian.org.yaml b/data/nodes/lw04.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw04.debian.org.yaml
+++ b/data/nodes/lw04.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/lw09.debian.org.yaml b/data/nodes/lw09.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw09.debian.org.yaml
+++ b/data/nodes/lw09.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/lw10.debian.org.yaml b/data/nodes/lw10.debian.org.yaml
index 1370336..2a3edab 100644 (file)
--- a/data/nodes/lw10.debian.org.yaml
+++ b/data/nodes/lw10.debian.org.yaml
@@ -1,3 +1,3 @@
 ---
 classes:
-  - roles::snapshot_base
+  - roles::snapshot_farmsync_target

diff --git a/data/nodes/sallinen.debian.org.yaml b/data/nodes/sallinen.debian.org.yaml
index 1244b0c..96aadc5 100644 (file)
--- a/data/nodes/sallinen.debian.org.yaml
+++ b/data/nodes/sallinen.debian.org.yaml
@@ -1,3 +1,4 @@
 ---
 classes:
+  - roles::snapshot_master
   - roles::snapshot_web

diff --git a/modules/roles/manifests/snapshot_base.pp b/modules/roles/manifests/snapshot_base.pp
index 49aa0f7..cb0bc4b 100644 (file)
--- a/modules/roles/manifests/snapshot_base.pp
+++ b/modules/roles/manifests/snapshot_base.pp
@@ -1,3 +1,4 @@
+# just a base class for snapshot things
 class roles::snapshot_base {
   ensure_packages ( [
     'build-essential',

diff --git a/modules/roles/manifests/snapshot_farmsync_target.pp b/modules/roles/manifests/snapshot_farmsync_target.pp
new file mode 100644 (file)
index 0000000..ad153c6
--- /dev/null
+++ b/modules/roles/manifests/snapshot_farmsync_target.pp
@@ -0,0 +1,9 @@
+# snapshot farm sync target
+class roles::snapshot_farmsync_target {
+  include roles::snapshot_secondary
+
+  ssh::authorized_key_collect { 'snapshot':
+    target_user => 'snapshot',
+    collect_tag => 'roles::snapshot_master::to::farmsync_target',
+  }
+}

diff --git a/modules/roles/manifests/snapshot_master.pp b/modules/roles/manifests/snapshot_master.pp
new file mode 100644 (file)
index 0000000..eeb74f7
--- /dev/null
+++ b/modules/roles/manifests/snapshot_master.pp
@@ -0,0 +1,17 @@
+# snapshot master
+class roles::snapshot_master {
+  include roles::snapshot_base
+
+  ssh::keygen {'snapshot': }
+  ssh::authorized_key_add { 'roles::snapshot_master::to::farmsync_target':
+    target_user => 'snapshot',
+    key         => dig($facts, 'ssh_keys_users', 'snapshot', 'id_rsa.pub', 'line'),
+    command     => '~/bin/run-sync',
+    collect_tag => 'roles::snapshot::to::farmsync_target',
+  }
+
+  ssh::authorized_key_collect { 'snapshot':
+    target_user => 'snapshot',
+    collect_tag => 'roles::snapshot::to::master',
+  }
+}

diff --git a/modules/roles/manifests/snapshot_secondary.pp b/modules/roles/manifests/snapshot_secondary.pp
new file mode 100644 (file)
index 0000000..f4ef77d
--- /dev/null
+++ b/modules/roles/manifests/snapshot_secondary.pp
@@ -0,0 +1,16 @@
+# snapshot secondary
+#
+# That is any node that requires ssh access to the master,
+# like sync targets or web mirrors.
+class roles::snapshot_secondary {
+  include roles::snapshot_base
+
+  ssh::keygen {'snapshot': }
+
+  ssh::authorized_key_add { "roles::snapshot_master::from::farmsync_target::${::fqdn}":
+    target_user => 'snapshot',
+    key         => dig($facts, 'ssh_keys_users', 'snapshot', 'id_rsa.pub', 'line'),
+    command     => '~/code/mirror/ssh-wrap master',
+    collect_tag => 'roles::snapshot::to::master',
+  }
+}

diff --git a/modules/roles/manifests/snapshot_shell.pp b/modules/roles/manifests/snapshot_shell.pp
index 2015213..4ffc08a 100644 (file)
--- a/modules/roles/manifests/snapshot_shell.pp
+++ b/modules/roles/manifests/snapshot_shell.pp
@@ -1,3 +1,4 @@
+# the shell host for users/roles to access the snapshot service
 class roles::snapshot_shell {
   include roles::snapshot_base
 

diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp
index b8b5408..cee2b94 100644 (file)
--- a/modules/roles/manifests/snapshot_web.pp
+++ b/modules/roles/manifests/snapshot_web.pp
@@ -1,5 +1,7 @@
+# web service for snapshot.debian.org
+#
 class roles::snapshot_web {
-  include roles::snapshot_base
+  include roles::snapshot_secondary
 
   include apache2
   include apache2::rewrite