diff options
author | Matt Taggart <taggart@riseup.net> | 2015-01-22 12:40:06 -0800 |
---|---|---|
committer | Matt Taggart <taggart@riseup.net> | 2015-04-16 21:15:12 +0000 |
commit | 23a17e5c42e185034e9de809625de1125fa08873 (patch) | |
tree | 0d4afc0f23ccd7e3a3cab29b8e2d0dcd830bde15 /manifests/agent/generate_sshkey.pp | |
parent | ef821fad2dda052fd60255e7c6e3a199d536fa69 (diff) |
revert this part, since we contruct $target we _do_ need to check authdir/authfile
Diffstat (limited to 'manifests/agent/generate_sshkey.pp')
-rw-r--r-- | manifests/agent/generate_sshkey.pp | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 71b58e9..419e73f 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -34,13 +34,25 @@ define check_mk::agent::generate_sshkey ( # setup the public half of the key in authorized_keys on the agent # and restrict it to running only the agent - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => $sshuser, - target => "${authdir}/${authfile}", - override_builtin => true, - options => "command=\"${command}\""; + if $authdir or $authfile { + # if $authkey or $authdir are set, override authorized_keys path and file + # and also override using the built-in ssh_authorized_key since it may + # not be able to write to $authdir + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + target => "${authdir}/${authfile}", + override_builtin => true, + options => "command=\"${command}\""; + } else { + # otherwise use the defaults + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + options => "command=\"${command}\""; + } } # resource collector for the private half of the keys, these end up on |