remove username from key filename, add comments explaining where things are getting installed, don't install the private key on the agent, it's not needed there

1 files changed, 7 insertions, 13 deletions

diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp
index 3bc9a1d..fb7ce11 100644
--- a/manifests/agent/generate_sshkey.pp
+++ b/manifests/agent/generate_sshkey.pp
@@ -13,14 +13,15 @@ define check_mk::agent::generate_sshkey (
   $check_mk_tag     = 'check_mk_sshkey'
 ){
 
-  # generate check-mk ssh keypair
-  $ssh_key_name = "${user}_${::fqdn}_id_rsa"
+  # generate check-mk ssh keypair, stored on puppetmaster
+  $ssh_key_name = "${::fqdn}_id_rsa"
   $ssh_keys     = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}")
   $public       = split($ssh_keys[1],' ')
   $public_type  = $public[0]
   $public_key   = $public[1]
   $secret_key   = $ssh_keys[0]
 
+  # setup the public half of the key in authorized_keys on the agent
   if $authdir or $authfile {
     # if $authkey or $authdir are set, override authorized_keys path and file
     sshd::ssh_authorized_key { $ssh_key_name:
@@ -40,20 +41,13 @@ define check_mk::agent::generate_sshkey (
     }
   }
 
-  # resource collector, these end up on the check-mk-server host
+  # resource collector for the private half of the keys, these end up on
+  #  the check-mk-server host
   @@file { "${keydir}/${ssh_key_name}":
     content => $secret_key,
-    owner   => $user,
-    group   => $group,
+    owner   => root,
+    group   => root,
     mode    => '0600',
     tag     => $check_mk_tag;
   }
-
-  @@file { "${keydir}/${ssh_key_name}.pub":
-    content => $public_key,
-    owner   => $user,
-    group   => $group,
-    mode    => '0666',
-    tag     => $check_mk_tag;
-  }
 }