From ec8169eadc16fde4a8019b67f4966d2b119cb765 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Thu, 1 May 2014 14:07:53 -0700 Subject: create an sshuser parameter, so we can determine when we need to use sudo in the agent authorized_keys command --- manifests/agent.pp | 3 +++ manifests/agent/config.pp | 11 +++++++---- manifests/agent/generate_sshkey.pp | 13 +++++++++++-- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 505db64..9a365a3 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -15,6 +15,7 @@ class check_mk::agent ( $agent_logwatch_package_name = 'check_mk-agent-logwatch', $method = 'xinetd', $generate_sshkey = false, + $sshuser = undef, $use_ssh_tag = 'ssh', $register_agent = true ) { @@ -56,6 +57,7 @@ class check_mk::agent ( user => $user, method => $method, generate_sshkey => $generate_sshkey, + sshuser => $sshuser, require => Class['check_mk::agent::install'], } } else { @@ -70,6 +72,7 @@ class check_mk::agent ( user => $user, method => $method, generate_sshkey => $generate_sshkey, + sshuser => $sshuser, require => Class['check_mk::agent::install'], } } diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index 58e3b1e..b00329b 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -9,6 +9,7 @@ class check_mk::agent::config ( $user, $method = 'xinetd', $generate_sshkey = false, + $sshuser = undef ) { if $use_cache { $server = "${server_dir}/check_mk_caching_agent" @@ -39,15 +40,17 @@ class check_mk::agent::config ( if $authfile { # if authfile is overridden, pass it through check_mk::agent::generate_sshkey { 'check_mk_key': - keydir => $keydir, - authdir => $authdir, - authfile => $authfile + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + sshuser => $sshuser } } else { # otherwise don't check_mk::agent::generate_sshkey { 'check_mk_key': keydir => $keydir, - authdir => $authdir + authdir => $authdir, + sshuser => $sshuser } } } diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 6f88f35..f01d2cf 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -10,6 +10,7 @@ define check_mk::agent::generate_sshkey ( #$ssh_key_basepath = "${common::moduledir::module_dir_path}/check_mk/keys", # for now use a dir we know works $ssh_key_basepath = '/etc/puppet/modules/check_mk/keys', + $sshuser = 'root', $check_mk_tag = 'check_mk_sshkey' ){ @@ -21,7 +22,15 @@ define check_mk::agent::generate_sshkey ( $public_key = $public[1] $secret_key = $ssh_keys[0] + # if we're not root we need to use sudo + if $sshuser != 'root' { + $command = 'sudo /usr/bin/check_mk_agent' + } else { + $command = '/usr/bin/check_mk_agent' + } + # setup the public half of the key in authorized_keys on the agent + # and restrict it to running only the agent if $authdir or $authfile { # if $authkey or $authdir are set, override authorized_keys path and file sshd::ssh_authorized_key { $ssh_key_name: @@ -29,7 +38,7 @@ define check_mk::agent::generate_sshkey ( key => $public_key, user => 'root', target => "${authdir}/${authfile}", - options => 'command="/usr/bin/check_mk_agent"'; + options => "command=\"${command}\""; } } else { # otherwise use the defaults @@ -37,7 +46,7 @@ define check_mk::agent::generate_sshkey ( type => 'ssh-rsa', key => $public_key, user => 'root', - options => 'command="/usr/bin/check_mk_agent"'; + options => "command=\"${command}\""; } } -- cgit v1.2.3