From ef821fad2dda052fd60255e7c6e3a199d536fa69 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Thu, 22 Jan 2015 12:11:04 -0800 Subject: we don't need to check $authfile, puppet will do the right thing Conflicts: manifests/agent/generate_sshkey.pp --- manifests/agent.pp | 44 +++++++++++--------------------------- manifests/agent/config.pp | 20 +++++------------ manifests/agent/generate_sshkey.pp | 27 ++++++----------------- 3 files changed, 25 insertions(+), 66 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index e34a293..c455bd5 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -44,37 +44,19 @@ class check_mk::agent ( method => $method } - if $authfile { - # if authfile is set, pass it though - class { 'check_mk::agent::config': - ip_whitelist => $ip_whitelist, - port => $port, - server_dir => $server_dir, - keydir => $keydir, - authdir => $authdir, - authfile => $authfile, - use_cache => $use_cache, - user => $user, - method => $method, - generate_sshkey => $generate_sshkey, - sshuser => $sshuser, - require => Class['check_mk::agent::install'], - } - } else { - # otherwise don't - class { 'check_mk::agent::config': - ip_whitelist => $ip_whitelist, - port => $port, - server_dir => $server_dir, - keydir => $keydir, - authdir => $authdir, - use_cache => $use_cache, - user => $user, - method => $method, - generate_sshkey => $generate_sshkey, - sshuser => $sshuser, - require => Class['check_mk::agent::install'], - } + class { 'check_mk::agent::config': + ip_whitelist => $ip_whitelist, + port => $port, + server_dir => $server_dir, + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + use_cache => $use_cache, + user => $user, + method => $method, + generate_sshkey => $generate_sshkey, + sshuser => $sshuser, + require => Class['check_mk::agent::install'], } if ( $register_agent ) { diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index 934a05f..36f2910 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -37,21 +37,11 @@ class check_mk::agent::config ( } 'ssh' : { if $generate_sshkey { - if $authfile { - # if authfile is overridden, pass it through - check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": - keydir => $keydir, - authdir => $authdir, - authfile => $authfile, - sshuser => $sshuser - } - } else { - # otherwise don't - check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": - keydir => $keydir, - authdir => $authdir, - sshuser => $sshuser - } + check_mk::agent::generate_sshkey { "check_mk_key_${::fqdn}": + keydir => $keydir, + authdir => $authdir, + authfile => $authfile, + sshuser => $sshuser } } diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 68c3bf1..71b58e9 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -34,26 +34,13 @@ define check_mk::agent::generate_sshkey ( # setup the public half of the key in authorized_keys on the agent # and restrict it to running only the agent - if $authdir or $authfile { - # if $authkey or $authdir are set, override authorized_keys path and file - # and also override using the built-in ssh_authorized_key since it may - # not be able to write to $authdir - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => $sshuser, - target => "${authdir}/${authfile}", - override_builtin => true, - options => "command=\"${command}\""; - } - } else { - # otherwise use the defaults - sshd::ssh_authorized_key { $ssh_key_name: - type => 'ssh-rsa', - key => $public_key, - user => 'root', - options => "command=\"${command}\""; - } + sshd::ssh_authorized_key { $ssh_key_name: + type => 'ssh-rsa', + key => $public_key, + user => $sshuser, + target => "${authdir}/${authfile}", + override_builtin => true, + options => "command=\"${command}\""; } # resource collector for the private half of the keys, these end up on -- cgit v1.2.3