diff options
| author | Matt Taggart <taggart@riseup.net> | 2014-04-22 00:17:34 -0700 |
|---|---|---|
| committer | Matt Taggart <taggart@riseup.net> | 2014-04-22 00:17:34 -0700 |
| commit | 25b9b5f7cd2d64f464fb198d90cc757a1bff1c81 (patch) | |
| tree | b45362c40c5afd1dc18e6d8edfb7a6a30eff6b94 /manifests/agent | |
| parent | 88d466e3aca349b3f129dd8e8967b90002a2584b (diff) | |
replace homedir with more specific keydir, authdir, and authfile in order to allow overriding each. modify ::agent, ::agent::config, and ::agent::generate_sshkey to allow changing at each level, with reasonable defaults
Diffstat (limited to 'manifests/agent')
| -rw-r--r-- | manifests/agent/config.pp | 21 | ||||
| -rw-r--r-- | manifests/agent/generate_sshkey.pp | 43 |
2 files changed, 47 insertions, 17 deletions
diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index 256af8f..40b9ff5 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -1,8 +1,10 @@ class check_mk::agent::config ( - $ip_whitelist = '', + $ip_whitelist = '', $port, $server_dir, - $homedir, + $keydir, + $authdir, + $authfile = undef, $use_cache, $user, $method = 'xinetd', @@ -34,8 +36,19 @@ class check_mk::agent::config ( } 'ssh' : { if $generate_sshkey { - check_mk::agent::generate_sshkey { 'check_mk_key': - homedir => $homedir + if $authfile { + # if authfile is overridden, pass it through + check_mk::agent::generate_sshkey { 'check_mk_key': + keydir => $keydir, + authdir => $authdir, + authfile => $authfile + } + } else { + # otherwise don't + check_mk::agent::generate_sshkey { 'check_mk_key': + keydir => $keydir, + authdir => $authdir + } } } } diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 47f3026..3bc9a1d 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -1,27 +1,47 @@ -define check_mk::agent::generate_sshkey( +define check_mk::agent::generate_sshkey ( + # dir on the check-mk-server where the collected key pairs are stored + $keydir, + # dir on the check-mk-agent where the authorized_keys file is stored + $authdir, + # name of the authorized_keys file + $authfile = undef, + # dir on the puppetmaster where keys are stored $ssh_key_basepath = '/etc/puppet/modules/keys/files/check_mk_keys', + # user and group to run the agent as $user = 'monitoring', $group = 'monitoring', - $homedir, $check_mk_tag = 'check_mk_sshkey' ){ # generate check-mk ssh keypair - $ssh_key_name = "monitoring_${::fqdn}_id_rsa" + $ssh_key_name = "${user}_${::fqdn}_id_rsa" $ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}") $public = split($ssh_keys[1],' ') $public_type = $public[0] $public_key = $public[1] $secret_key = $ssh_keys[0] - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => 'root', - options => 'command="/usr/bin/check_mk_agent"'; + if $authdir or $authfile { + # if $authkey or $authdir are set, override authorized_keys path and file + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => 'root', + target => "${authdir}/${authfile}", + options => 'command="/usr/bin/check_mk_agent"'; + } + } else { + # otherwise use the defaults + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => 'root', + options => 'command="/usr/bin/check_mk_agent"'; + } } - @@file { "${homedir}/.ssh/${ssh_key_name}": + # resource collector, these end up on the check-mk-server host + @@file { "${keydir}/${ssh_key_name}": content => $secret_key, owner => $user, group => $group, @@ -29,14 +49,11 @@ define check_mk::agent::generate_sshkey( tag => $check_mk_tag; } - - @@file { "${homedir}/.ssh/${ssh_key_name}.pub": + @@file { "${keydir}/${ssh_key_name}.pub": content => $public_key, owner => $user, group => $group, mode => '0666', tag => $check_mk_tag; } - - } |