}
+class monkeysphere::defaults inherits monkeysphere {
+ $keyserver = $monkeysphere_keyserver ? {
+ '' => "pool.sks-keyservers.net",
+ default => $monkeysphere_keyserver,
+ }
+}
+
class monkeysphere::import_key inherits monkeysphere {
$key = "ssh://${fqdn}"
# Server host key import
exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key $key":
+ alias => "monkeysphere-import-key",
user => "root",
unless => "/usr/sbin/monkeysphere-host s | grep $key"
}
# Server host key publication
class monkeysphere::publish_key inherits monkeysphere {
+ include monkeysphere::defaults
$no_publish = $monkeysphere_no_publish ? {
'' => '',
default => $monkeysphere_no_publish
info("Not publishing $fqdn monkeysphere key")
} else {
exec { "/usr/sbin/monkeysphere-host publish-key":
- environment => "MONKEYSPHERE_PROMPT=false",
+ environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
user => "root",
}
}
# add certifiers
define monkeysphere::add_certifiers( $keyid ) {
+ include monkeysphere::defaults
exec { "/usr/sbin/monkeysphere-authentication add-id-certifier $keyid":
- environment => "MONKEYSPHERE_PROMPT=false",
+ environment => [ "MONKEYSPHERE_PROMPT=false", "MONKEYSPHERE_KEYSERVER=$keyserver" ],
user => "root",
- require => [ Package["monkeysphere"] ],
+ require => [ Package["monkeysphere"], Exec["monkeysphere-import-key"] ],
unless => "/usr/sbin/monkeysphere-authentication list-id-certifiers | grep $keyid"
}
}
recurse => true,
}
exec { "/usr/sbin/monkeysphere-authentication update-users root":
+ environment => "MONKEYSPHERE_KEYSERVER=$keyserver",
user => "root",
require => [ Package["monkeysphere"] ],
onlyif => "/usr/bin/test /root/.monkeysphere/authorized_user_ids -nt /var/lib/monkeysphere/authorized_keys/root"
projects / puppet-monkeysphere.git / commitdiff