From 95947b5213b58be61563f966e2fb3a0cf3a072c1 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Tue, 29 Apr 2014 11:33:41 -0700 Subject: remove username from key filename, add comments explaining where things are getting installed, don't install the private key on the agent, it's not needed there --- manifests/agent/generate_sshkey.pp | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'manifests') diff --git a/manifests/agent/generate_sshkey.pp b/manifests/agent/generate_sshkey.pp index 3bc9a1d..fb7ce11 100644 --- a/manifests/agent/generate_sshkey.pp +++ b/manifests/agent/generate_sshkey.pp @@ -13,14 +13,15 @@ define check_mk::agent::generate_sshkey ( $check_mk_tag = 'check_mk_sshkey' ){ - # generate check-mk ssh keypair - $ssh_key_name = "${user}_${::fqdn}_id_rsa" + # generate check-mk ssh keypair, stored on puppetmaster + $ssh_key_name = "${::fqdn}_id_rsa" $ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}") $public = split($ssh_keys[1],' ') $public_type = $public[0] $public_key = $public[1] $secret_key = $ssh_keys[0] + # setup the public half of the key in authorized_keys on the agent if $authdir or $authfile { # if $authkey or $authdir are set, override authorized_keys path and file sshd::ssh_authorized_key { $ssh_key_name: @@ -40,20 +41,13 @@ define check_mk::agent::generate_sshkey ( } } - # resource collector, these end up on the check-mk-server host + # resource collector for the private half of the keys, these end up on + # the check-mk-server host @@file { "${keydir}/${ssh_key_name}": content => $secret_key, - owner => $user, - group => $group, + owner => root, + group => root, mode => '0600', tag => $check_mk_tag; } - - @@file { "${keydir}/${ssh_key_name}.pub": - content => $public_key, - owner => $user, - group => $group, - mode => '0666', - tag => $check_mk_tag; - } } -- cgit v1.2.3