diff options
| author | Matt Taggart <taggart@riseup.net> | 2015-01-22 12:11:04 -0800 |
|---|---|---|
| committer | Matt Taggart <taggart@riseup.net> | 2015-04-16 21:14:53 +0000 |
| commit | ef821fad2dda052fd60255e7c6e3a199d536fa69 (patch) | |
| tree | 4411c331ff451955582e9221fdfe4011f08c91ba | |
| parent | 3736a2b0a2b33bc00231d7222a65ae33af5a43c9 (diff) | |
we don't need to check $authfile, puppet will do the right thing
Conflicts:
manifests/agent/generate_sshkey.pp
| -rw-r--r-- | manifests/agent.pp | 44 | ||||
| -rw-r--r-- | manifests/agent/config.pp | 20 | ||||
| -rw-r--r-- | manifests/agent/generate_sshkey.pp | 27 |
3 files changed, 25 insertions, 66 deletions
diff --git a/manifests/agent.pp b/manifests/agent.pp index e34a293..c455bd5 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -44,37 +44,19 @@ class check_mk::agent ( method => $method } - if $authfile { - # if authfile is set, pass it though - class { 'check_mk::agent::config': - ip_whitelist => $ip_whitelist, - port => $port, - server_dir => $server_dir, - keydir => $keydir, - authdir => $authdir, - authfile => $authfile, - use_cache => $use_cache, - user => $user, - method => $method, - generate_sshkey => $generate_sshkey, - sshuser => $sshuser, - require => Class['check_mk::agent::install'], - } - } else { - # otherwise don't - class { 'check_mk::agent::config': - ip_whitelist => $ip_whitelist, - port => $port, - server_dir => $server_dir, - keydir => $keydir, - authdir => $authdir, - use_cache => $use_cache, - user => $user, - method => $method, - generate_sshkey => $generate_sshkey, - sshuser => $sshuser, - require => Class['check_mk::agent::install'], - } + class { 'check_mk::agent::config': + ip_whitelist => $ip_whitelist, + port => $port, + server_dir => $server_dir, + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + use_cache => $use_cache, + user => $user, + method => $method, + generate_sshkey => $generate_sshkey, + sshuser => $sshuser, + require => Class['check_mk::agent::install'], } if ( $register_agent ) { diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index 934a05f..36f2910 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -37,21 +37,11 @@ class check_mk::agent::config ( } 'ssh' : { if $generate_sshkey { - if $authfile { - # if authfile is overridden, pass it through - check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": - keydir => $keydir, - authdir => $authdir, - authfile => $authfile, - sshuser => $sshuser - } - } else { - # otherwise don't - check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": - keydir => $keydir, - authdir => $authdir, - sshuser => $sshuser - } + check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + sshuser => $sshuser } } diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 68c3bf1..71b58e9 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -34,26 +34,13 @@ define check_mk::agent::generate_sshkey ( # setup the public half of the key in authorized_keys on the agent # and restrict it to running only the agent - if $authdir or $authfile { - # if $authkey or $authdir are set, override authorized_keys path and file - # and also override using the built-in ssh_authorized_key since it may - # not be able to write to $authdir - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => $sshuser, - target => "${authdir}/${authfile}", - override_builtin => true, - options => "command=\"${command}\""; - } - } else { - # otherwise use the defaults - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => 'root', - options => "command=\"${command}\""; - } + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + target => "${authdir}/${authfile}", + override_builtin => true, + options => "command=\"${command}\""; } # resource collector for the private half of the keys, these end up on |