3 files changed, 8 insertions, 1 deletions

diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index c18f691c..f36fe20f 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,4 +1,7 @@
 define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
+  # We use a custom define here to deploy the authorized_keys file
+  # cause puppet doesn't allow purgin before populating this file
+  # (see https://tickets.puppetlabs.com/browse/PUP-1174)
   # This line allows default homedir based on $title variable.
   # If $home is empty, the default is used.
   $homedir = $home ? {'' => "/home/${title}", default => $home}
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 2bcde603..d9bc1d51 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,6 +1,6 @@
 class site_sshd {
   $ssh = hiera_hash('ssh')
-  $hosts = hiera_hash('hosts')
+  $hosts = hiera('hosts', '')
 
   ##
   ## SETUP AUTHORIZED KEYS
diff --git a/puppet/modules/site_sshd/templates/authorized_keys.erb b/puppet/modules/site_sshd/templates/authorized_keys.erb
index 3c65e8ab..69f4d8e6 100644
--- a/puppet/modules/site_sshd/templates/authorized_keys.erb
+++ b/puppet/modules/site_sshd/templates/authorized_keys.erb
@@ -2,5 +2,9 @@
 # all manually added keys will be overridden
 
 <% keys.sort.each do |user, hash| -%>
+<% if user == 'monitor' -%>
+command="/usr/bin/check_mk_agent",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty,no-user-rc, <%=hash['type']-%> <%=hash['key']%> <%=user%> 
+<% else -%>
 <%=hash['type']-%> <%=hash['key']%> <%=user%> 
+<% end -%>
 <% end -%>