summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/agent/generate_sshkey.pp20
1 files changed, 7 insertions, 13 deletions
diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp
index 3bc9a1d..fb7ce11 100644
--- a/manifests/agent/generate_sshkey.pp
+++ b/manifests/agent/generate_sshkey.pp
@@ -13,14 +13,15 @@ define check_mk::agent::generate_sshkey (
$check_mk_tag = 'check_mk_sshkey'
){
- # generate check-mk ssh keypair
- $ssh_key_name = "${user}_${::fqdn}_id_rsa"
+ # generate check-mk ssh keypair, stored on puppetmaster
+ $ssh_key_name = "${::fqdn}_id_rsa"
$ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}")
$public = split($ssh_keys[1],' ')
$public_type = $public[0]
$public_key = $public[1]
$secret_key = $ssh_keys[0]
+ # setup the public half of the key in authorized_keys on the agent
if $authdir or $authfile {
# if $authkey or $authdir are set, override authorized_keys path and file
sshd::ssh_authorized_key { $ssh_key_name:
@@ -40,20 +41,13 @@ define check_mk::agent::generate_sshkey (
}
}
- # resource collector, these end up on the check-mk-server host
+ # resource collector for the private half of the keys, these end up on
+ # the check-mk-server host
@@file { "${keydir}/${ssh_key_name}":
content => $secret_key,
- owner => $user,
- group => $group,
+ owner => root,
+ group => root,
mode => '0600',
tag => $check_mk_tag;
}
-
- @@file { "${keydir}/${ssh_key_name}.pub":
- content => $public_key,
- owner => $user,
- group => $group,
- mode => '0666',
- tag => $check_mk_tag;
- }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 23:09:30 +0000