From 102a22ff35c8cf844a3eabeb213a508e658e47c2 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Feb 2014 23:46:04 +0100 Subject: add a comment why we use a custom way to populate authorized_keys --- puppet/modules/site_sshd/manifests/authorized_keys.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_sshd') diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp index c18f691c..f36fe20f 100644 --- a/puppet/modules/site_sshd/manifests/authorized_keys.pp +++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp @@ -1,4 +1,7 @@ define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') { + # We use a custom define here to deploy the authorized_keys file + # cause puppet doesn't allow purgin before populating this file + # (see https://tickets.puppetlabs.com/browse/PUP-1174) # This line allows default homedir based on $title variable. # If $home is empty, the default is used. $homedir = $home ? {'' => "/home/${title}", default => $home} -- cgit v1.2.3 From 8054778e83fbc1f5a34dcaee4b364b8ded44dbab Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 10 Feb 2014 14:44:01 +0100 Subject: use default value for hiera lookup (#5118) --- puppet/modules/site_sshd/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_sshd') diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index d2b13822..d2de41c8 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -1,6 +1,6 @@ class site_sshd { $ssh = hiera_hash('ssh') - $hosts = hiera_hash('hosts') + $hosts = hiera('hosts', '') ## ## SETUP AUTHORIZED KEYS -- cgit v1.2.3 From d0eea33d88a6ffcbe01544678372d80e8c8de51f Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 14 Feb 2014 17:38:02 +0100 Subject: Include check_mk monitor pubkey in /root/.ssh/authorized_keys instead of creating a /root/.ssh/authorized_keys2 see https://review.leap.se/r/148/#comment153 --- puppet/modules/site_sshd/templates/authorized_keys.erb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_sshd') diff --git a/puppet/modules/site_sshd/templates/authorized_keys.erb b/puppet/modules/site_sshd/templates/authorized_keys.erb index 3c65e8ab..69f4d8e6 100644 --- a/puppet/modules/site_sshd/templates/authorized_keys.erb +++ b/puppet/modules/site_sshd/templates/authorized_keys.erb @@ -2,5 +2,9 @@ # all manually added keys will be overridden <% keys.sort.each do |user, hash| -%> +<% if user == 'monitor' -%> +command="/usr/bin/check_mk_agent",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty,no-user-rc, <%=hash['type']-%> <%=hash['key']%> <%=user%> +<% else -%> <%=hash['type']-%> <%=hash['key']%> <%=user%> +<% end -%> <% end -%> -- cgit v1.2.3