Import-keys: do not use ssh if host is localhost

diff --git a/doc/todo.rst b/doc/todo.rst
index 0f14d45f38dec1a1b12d62f058ec899e17708943..efe4379e41c37921a425ea3103b5b925cb49f1a5 100644 (file)
--- a/doc/todo.rst
+++ b/doc/todo.rst
@@ -1,6 +1,5 @@
 TODO
 ====
 
-* import-keys: do not use ssh if host is localhost.
 * import-certs: concat.pem; cert.pem and cert.crt symlinks; restart services.
 * compile: automatic definitions for per-node backup::users.

diff --git a/share/hydra/import-keys b/share/hydra/import-keys
index cf858c2bfa4025416c5e91d12745a9667f0dbc85..9f10e94f0713d237f86954eec2493f7b52bfc513 100755 (executable)
--- a/share/hydra/import-keys
+++ b/share/hydra/import-keys
@@ -30,52 +30,92 @@ function hydra_import_keys_openpgp {
     continue
   fi
 
-  $HYDRA_CONNECT $hostname <<EOF
-  ##### BEGIN REMOTE SCRIPT #####
-  echo ""
-  echo "-----------------------------"
-  echo "Importing gpg key to $node..."
-  echo "-----------------------------"
-  echo ""
-  echo "$key" | sudo gpg --homedir /root/.gnupg --import
-
-  echo ""
-  echo "Trusting key at $node..."
-  echo ""
-  printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
-
-  echo ""
-  echo "Verifying..."
-  echo ""
-  sudo gpg --homedir /root/.gnupg --list-keys
-  ##### END REMOTE SCRIPT #######
+  if [ "`facter fqdn`" != "$hostname" ]; then
+    $HYDRA_CONNECT $hostname <<EOF
+    ##### BEGIN REMOTE SCRIPT #####
+    echo ""
+    echo "-----------------------------"
+    echo "Importing gpg key to $node..."
+    echo "-----------------------------"
+    echo ""
+    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+
+    echo ""
+    echo "Trusting key at $node..."
+    echo ""
+    printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
+
+    echo ""
+    echo "Verifying..."
+    echo ""
+    sudo gpg --homedir /root/.gnupg --list-keys
+    ##### END REMOTE SCRIPT #######
 EOF
+  else
+    echo ""
+    echo "-----------------------------"
+    echo "Importing gpg key to $node..."
+    echo "-----------------------------"
+    echo ""
+    echo "$key" | sudo gpg --homedir /root/.gnupg --import
+
+    echo ""
+    echo "Trusting key at $node..."
+    echo ""
+    printf "trust\n5\ny\nsave\n" | sudo gpg --homedir /root/.gnupg --no-tty --status-fd=2 --command-fd=0 --edit-key $key_id
+
+    echo ""
+    echo "Verifying..."
+    echo ""
+    sudo gpg --homedir /root/.gnupg --list-keys
+  fi
 }
 
 # Import OpenSSH keypair
 function hydra_import_keys_openssh {
-  echo "-----------------------------------------------------"
-  echo "Importing keypair at $hostname:/root/.ssh..."
-  echo "-----------------------------------------------------"
-
-  echo "Creating folder structure at $hostname:/root/.ssh..."
-  $HYDRA_CONNECT $hostname <<EOF
-  sudo mkdir -p        /root/.ssh
-  sudo chown root.root /root/.ssh
-  sudo chmod 700       /root/.ssh
-  sudo touch           /root/.ssh/id_rsa
-  sudo touch           /root/.ssh/id_rsa.pub
-  sudo chmod 600       /root/.ssh/id_rsa
-  sudo chmod 600       /root/.ssh/id_rsa.pub
+  if [ "`facter fqdn`" != "$hostname" ]; then
+    echo "-----------------------------------------------------"
+    echo "Importing keypair at $hostname:/root/.ssh..."
+    echo "-----------------------------------------------------"
+
+    echo "Creating folder structure at $hostname:/root/.ssh..."
+    $HYDRA_CONNECT $hostname <<EOF
+    sudo mkdir -p        /root/.ssh
+    sudo chown root.root /root/.ssh
+    sudo chmod 700       /root/.ssh
+    sudo touch           /root/.ssh/id_rsa
+    sudo touch           /root/.ssh/id_rsa.pub
+    sudo chmod 600       /root/.ssh/id_rsa
+    sudo chmod 600       /root/.ssh/id_rsa.pub
 EOF
 
-  echo "Importing public key from keyringer to $hostname:/root/.ssh..."
-  keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \
-    $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null"
+    echo "Importing public key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa.pub > /dev/null"
+
+    echo "Importing private key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \
+      $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null"
+  else
+    echo "-----------------------------------------------------"
+    echo "Importing keypair at $hostname:/root/.ssh..."
+    echo "-----------------------------------------------------"
+
+    echo "Creating folder structure at $hostname:/root/.ssh..."
+    sudo mkdir -p        /root/.ssh
+    sudo chown root.root /root/.ssh
+    sudo chmod 700       /root/.ssh
+    sudo touch           /root/.ssh/id_rsa
+    sudo touch           /root/.ssh/id_rsa.pub
+    sudo chmod 600       /root/.ssh/id_rsa
+    sudo chmod 600       /root/.ssh/id_rsa.pub
 
-  echo "Importing private key from keyringer to $hostname:/root/.ssh..."
-  keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | \
-    $HYDRA_CONNECT $hostname "cat - | sudo tee /root/.ssh/id_rsa > /dev/null"
+    echo "Importing public key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa.pub | sudo tee /root/.ssh/id_rsa.pub > /dev/null
+
+    echo "Importing private key from keyringer to $hostname:/root/.ssh..."
+    keyringer $HYDRA decrypt nodes/$hostname/ssh/id_rsa | sudo tee /root/.ssh/id_rsa > /dev/null
+  fi
 }
 
 # Command line arguments