set the user/group the key needs to be owner by on the server, default to nagios, but this might need to be something else for OMD (if so then that will need tobe passed down via agent::config)

author: Matt Taggart <taggart@riseup.net> 2014-05-13 15:56:22 -0700
committer: Matt Taggart <taggart@riseup.net> 2015-04-16 21:08:56 +0000
commit: 4a6e0fe8b1c17d2b35da7b7e548c01d93ee1ea9c (patch)
tree: 4a51ece051aec07085d0306288f40d4b1a65373c /manifests
parent: 0c2c95da25687045bd894e0780d0fd843ac235fd (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp
index c72da91..68c3bf1 100644
--- a/manifests/agent/generate_sshkey.pp
+++ b/manifests/agent/generate_sshkey.pp
@@ -1,6 +1,9 @@
 define check_mk::agent::generate_sshkey (
   # dir on the check-mk-server where the collected key pairs are stored
   $keydir,
+  # user/group the key should be owned by on the check-mk-server
+  $keyuser          = 'nagios',
+  $keygroup         = 'nagios',
   # dir on the check-mk-agent where the authorized_keys file is stored
   $authdir,
   # name of the authorized_keys file
@@ -54,11 +57,11 @@ define check_mk::agent::generate_sshkey (
   }
 
   # resource collector for the private half of the keys, these end up on
-  #  the check-mk-server host
+  #  the check-mk-server host, and the user running check-mk needs access
   @@file { "${keydir}/${ssh_key_name}":
     content => $secret_key,
-    owner   => root,
-    group   => root,
+    owner   => $keyuser,
+    group   => $keygroup,
     mode    => '0600',
     tag     => $check_mk_tag;
   }
author	Matt Taggart <taggart@riseup.net>	2014-05-13 15:56:22 -0700
committer	Matt Taggart <taggart@riseup.net>	2015-04-16 21:08:56 +0000
commit	4a6e0fe8b1c17d2b35da7b7e548c01d93ee1ea9c (patch)
tree	4a51ece051aec07085d0306288f40d4b1a65373c /manifests
parent	0c2c95da25687045bd894e0780d0fd843ac235fd (diff)