diff options
| author | elijah <elijah@riseup.net> | 2014-02-09 17:04:58 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2014-02-09 17:04:58 -0800 |
| commit | 665db30f37838bcebbfdc368f65ed369282c31b8 (patch) | |
| tree | f916b0c1c131f701869b2b739f72f6668f09e16f | |
| parent | b9fa9cfc83d552faafe41ebba183fb06f45f6ca5 (diff) | |
deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli)
| -rw-r--r-- | platform.rb | 4 | ||||
| -rw-r--r-- | provider_base/common.json | 1 | ||||
| -rw-r--r-- | provider_base/services/monitor.json | 2 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/init.pp | 9 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/manifests/known_hosts.pp | 11 | ||||
| -rw-r--r-- | puppet/modules/site_sshd/templates/ssh_known_hosts.erb | 5 |
6 files changed, 28 insertions, 4 deletions
diff --git a/platform.rb b/platform.rb index ee87789a..54590f4b 100644 --- a/platform.rb +++ b/platform.rb @@ -3,8 +3,8 @@ # Leap::Platform.define do - self.version = "0.3.0" - self.compatible_cli = "1.3.1".."1.99" + self.version = "0.4.0" + self.compatible_cli = "1.4.0".."1.99" # # the facter facts that should be gathered diff --git a/provider_base/common.json b/provider_base/common.json index 07a45972..07a58bba 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -16,7 +16,6 @@ }, "ssh": { "authorized_keys": "= authorized_keys", - "known_hosts": "=> known_hosts_file", "port": 22, "mosh": { "ports": "60000:61000", diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index cf117869..53e6b1f1 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,7 +1,7 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "hosts": "= nodes_like_me.pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" + "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" }, "hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])", "ssh": { diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index 90dd2d0e..d2b13822 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -1,5 +1,6 @@ class site_sshd { $ssh = hiera_hash('ssh') + $hosts = hiera_hash('hosts') ## ## SETUP AUTHORIZED KEYS @@ -12,6 +13,14 @@ class site_sshd { } ## + ## SETUP KNOWN HOSTS + ## + + class { 'site_sshd::known_hosts': + hosts => $hosts + } + + ## ## OPTIONAL MOSH SUPPORT ## diff --git a/puppet/modules/site_sshd/manifests/known_hosts.pp b/puppet/modules/site_sshd/manifests/known_hosts.pp new file mode 100644 index 00000000..290ffd0b --- /dev/null +++ b/puppet/modules/site_sshd/manifests/known_hosts.pp @@ -0,0 +1,11 @@ +class site_sshd::known_hosts ($hosts) { + # these owner and permissions seem odd to me, but it is what is defined + # in modules/sshd/manifests/client/base.pp, so we are going to stick with it. + file { '/etc/ssh/ssh_known_hosts': + ensure => present, + owner => root, + group => 0, + mode => '0644', + content => template('site_sshd/ssh_known_hosts.erb'); + } +} diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb new file mode 100644 index 00000000..c5a71378 --- /dev/null +++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb @@ -0,0 +1,5 @@ +# This file is generated by Puppet + +<% hosts.sort.each do |name, hash| -%> +<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%> +<% end -%> |