--- /dev/null
-* storeconfigs must be enabled in your puppet server. see:
- http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs
-
-* copy the code to a directory named "monkeysphere" in the modules
- directory of your puppet install. This will usually be
- /etc/puppetd/modules/monkeysphere
-
-* add the following line to modules.pp:
-
- import "monkeysphere"
+ puppet module for monkeysphere
+
+ for information about monkeysphere, see http://web.monkeysphere.info/
+
+ To install the monkeypshere module:
+
-/var/lib/puppet/monkeysphere/hosts for each host configured as a
++* storeconfigs should be enabled in your puppet server to use certain features.
++ see: http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs
+
+ * in node definitions that should export a ssh host key via
+ monkeyshere, add:
+
+ include monkeysphere::sshserver
+
+ * You can specify pgpids of identity certifiers:
+
+ identity_certifier { "A3AE44A4":
+ ensure => present
+ }
+
+ A host can be configured as a host you would use to sign the gpg keys by placing:
+
+ include monkeysphere::signer
+
+ into the node definition. ON this host, a file will be placed in
-the ssh fingerprint of the sshserver.
++/var/lib/puppet/modules/monkeysphere/hosts for each host configured as a
+ sshserver. Each file will contin the gpg id, the gpg fingerprint, and
++the ssh fingerprint of the sshserver.
-# monkeysphere module
-class monkeysphere {
- module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: }
+# This module is distributed under the GNU Affero General Public License:
+#
+# Monkeysphere module for puppet
+# Copyright (C) 2009-2010 Sarava Group
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
- case $operatingsystem {
- debian: { include monkeysphere::debian }
- }
+#
+# Class for monkeysphere management
+#
+class monkeysphere(
- $ssh_port = '',
- $publish_key = false
++ $ssh_port = '',
++ $publish_key = false,
++ $ensure_version = 'installed'
+) {
+ # The needed packages
- package { monkeysphere: ensure => installed, }
++ package{'monkeysphere':
++ ensure => $ensure_version,
++ }
- if $monkeysphere_ensure_version == ''
- {
- $monkeysphere_ensure_version = 'installed'
- }
+ $port = $monkeysphere::ssh_port ? {
+ '' => '',
+ default => ":${monkeysphere::ssh_port}",
+ }
- if $gnupg_ensure_version == ''
- {
- $gnupg_ensure_version = 'installed'
- }
+ $key = "ssh://${::fqdn}${port}"
- file { "/usr/local/sbin/monkeysphere-check-key":
- ensure => present,
- owner => root,
- group => root,
- mode => 0755,
- content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false",
- package {"gnupg": ensure => $gnupg_ensure_version, }
- package {"monkeysphere": ensure => $monkeysphere_ensure_version, require => [ Package["gnupg"] ] }
++ common::module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: }
++ file {
++ '/usr/local/sbin/monkeysphere-check-key':
++ ensure => present,
++ owner => root,
++ group => root,
++ mode => 0755,
++ content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false",
+ }
+ # Server host key publication
+ case $monkeysphere::publish_key {
+ false: {
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}":
+ unless => "/usr/local/sbin/monkeysphere-check-key",
+ user => "root",
+ require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
+ }
+ }
+ 'mail': {
+ $mail_loc = $::operatingsystem ? {
+ 'centos' => '/bin/mail',
+ default => '/usr/bin/mail',
+ }
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
+ ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp":
+ unless => "/usr/local/sbin/monkeysphere-check-key",
+ user => "root",
+ require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
+ }
+ }
+ default: {
+ exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \
+ /usr/sbin/monkeysphere-host publish-key":
+ unless => "/usr/local/sbin/monkeysphere-check-key",
+ user => "root",
+ require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ],
+ }
+ }
+ }
}
projects / puppet-monkeysphere.git / commitdiff