From: mh Date: Wed, 2 Jan 2013 19:55:28 +0000 (+0100) Subject: Merge remote-tracking branch 'vireo/master' into merge X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=23398fc3f0178f73fa3dee5149426b1b28ce3a8a;p=puppet-monkeysphere.git Merge remote-tracking branch 'vireo/master' into merge Conflicts: .gitignore manifests/init.pp --- 23398fc3f0178f73fa3dee5149426b1b28ce3a8a diff --cc .gitignore index 1377554,b25c15b..d38c149 --- a/.gitignore +++ b/.gitignore @@@ -1,1 -1,1 +1,2 @@@ +*.swp + *~ diff --cc README index 0000000,4fcec87..569e512 mode 000000,100644..100644 --- a/README +++ b/README @@@ -1,0 -1,36 +1,28 @@@ + puppet module for monkeysphere + + for information about monkeysphere, see http://web.monkeysphere.info/ + + To install the monkeypshere module: + -* storeconfigs must be enabled in your puppet server. see: - http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs - -* copy the code to a directory named "monkeysphere" in the modules - directory of your puppet install. This will usually be - /etc/puppetd/modules/monkeysphere - -* add the following line to modules.pp: - - import "monkeysphere" ++* storeconfigs should be enabled in your puppet server to use certain features. ++ see: http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs + + * in node definitions that should export a ssh host key via + monkeyshere, add: + + include monkeysphere::sshserver + + * You can specify pgpids of identity certifiers: + + identity_certifier { "A3AE44A4": + ensure => present + } + + A host can be configured as a host you would use to sign the gpg keys by placing: + + include monkeysphere::signer + + into the node definition. ON this host, a file will be placed in -/var/lib/puppet/monkeysphere/hosts for each host configured as a ++/var/lib/puppet/modules/monkeysphere/hosts for each host configured as a + sshserver. Each file will contin the gpg id, the gpg fingerprint, and -the ssh fingerprint of the sshserver. ++the ssh fingerprint of the sshserver. diff --cc manifests/init.pp index ca73120,943d3eb..853aed7 --- a/manifests/init.pp +++ b/manifests/init.pp @@@ -1,74 -1,22 +1,79 @@@ -# monkeysphere module -class monkeysphere { - module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: } +# This module is distributed under the GNU Affero General Public License: +# +# Monkeysphere module for puppet +# Copyright (C) 2009-2010 Sarava Group +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . - case $operatingsystem { - debian: { include monkeysphere::debian } - } +# +# Class for monkeysphere management +# +class monkeysphere( - $ssh_port = '', - $publish_key = false ++ $ssh_port = '', ++ $publish_key = false, ++ $ensure_version = 'installed' +) { + # The needed packages - package { monkeysphere: ensure => installed, } ++ package{'monkeysphere': ++ ensure => $ensure_version, ++ } - if $monkeysphere_ensure_version == '' - { - $monkeysphere_ensure_version = 'installed' - } + $port = $monkeysphere::ssh_port ? { + '' => '', + default => ":${monkeysphere::ssh_port}", + } - if $gnupg_ensure_version == '' - { - $gnupg_ensure_version = 'installed' - } + $key = "ssh://${::fqdn}${port}" - file { "/usr/local/sbin/monkeysphere-check-key": - ensure => present, - owner => root, - group => root, - mode => 0755, - content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", - package {"gnupg": ensure => $gnupg_ensure_version, } - package {"monkeysphere": ensure => $monkeysphere_ensure_version, require => [ Package["gnupg"] ] } ++ common::module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: } ++ file { ++ '/usr/local/sbin/monkeysphere-check-key': ++ ensure => present, ++ owner => root, ++ group => root, ++ mode => 0755, ++ content => "#!/bin/bash\n/usr/bin/gpg --homedir /var/lib/monkeysphere/host --list-keys '=${key}' &> /dev/null || false", + } + # Server host key publication + case $monkeysphere::publish_key { + false: { + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key}": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + 'mail': { + $mail_loc = $::operatingsystem ? { + 'centos' => '/bin/mail', + default => '/usr/bin/mail', + } + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + ${mail_loc} -s 'monkeysphere host pgp key for ${::fqdn}' root < /var/lib/monkeysphere/host_keys.pub.pgp": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + default: { + exec { "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ${key} && \ + /usr/sbin/monkeysphere-host publish-key": + unless => "/usr/local/sbin/monkeysphere-check-key", + user => "root", + require => [ Package["monkeysphere"], File["/usr/local/sbin/monkeysphere-check-key"] ], + } + } + } }