X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fssh%2Ftemplates%2Fauthorized_keys.erb;h=b786c2050cc97a8f0b7aa7f2a613e7ad7af33a11;hb=ce4abf34eea6d7f988e2a0757fd84d193bccfb0e;hp=7586e57d2855cd931e40ceb755800a78605c1d47;hpb=60d8a2dcbe2d123e356c9fd176a6ac7fd3dc6142;p=dsa-puppet.git diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index 7586e57d..b786c205 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -1,10 +1,9 @@ -# local admin -<%= hosterkeys = case scope.lookupvar('site::nodeinfo')['hoster']['name'] - when "ubcece" then - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvEEyxznxleAhk98K7SkAeAKWibijL5uFjIl1+tr8rz+XmFsjabTK2+hQXkgzmU+jqQ2+MPp6btfAq9Oe27GQYWUFfsAZMRb907dReFQYPKbPhQZoo5LUfkrCiR3tD0Nm2JfepTV0079K1+Q50EMImttwbI94FfSoSgTxgF4rCoLpUgmF0IHDR1+kTGow7YnuS1Y/I1zKAbofg8KBGXOLArkcZbxArt25Y2wlnE+ZHIb3Rn3pYc3/KmPPvEQy9IkR/uzzkWSaCBVMFJEO0ejjWrV4HR64GlKUPQ0CekSYn1EErY55CF5sWkasXhflluwSf7b+/jedDM1A1Vrp9Z/F8Q== chrisd" - end -hosterkeys +<% + allnodeinfo = scope.lookupvar('site::allnodeinfo') + roles = scope.lookupvar('site::roles') %> + +# local admin <%= localkeys = case fqdn when "pettersson.debian.org" then "from=\"nixon.acc.umu.se\" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwDw56/XK0/uQB+ZIOZIfZ3vpz9zLRuv6G0U4eU4VavqvaL0dXSNhGJLBDLlfpxtJYwYf/mSoK4WZasbbfHxz8jtIxK9c9aGkVA0GKT+xiHWB3J1SlwJaA7S7Ed8nNcG5PNOVd30BD5LimkS53Nz841e+MgZRuL9SfLALq7er03U= root@nixon" end @@ -12,12 +11,13 @@ localkeys %> <%= ganetikeys = [] - allnodeinfo = scope.lookupvar('site::allnodeinfo') - if scope.lookupvar('::cluster').to_s != 'undefined' - scope.lookupvar('::cluster_nodes').to_s.split.sort.each do |node| + if scope.lookupvar('::cluster') + scope.lookupvar('::cluster_nodes').split.sort.each do |node| if allnodeinfo.has_key?(node) ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'][0]}" - ganetikeys << "from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\" #{allnodeinfo[node]['sshRSAHostKey'][0]}" + allnodeinfo[node]['sshRSAHostKey'].sort.each do |key| + ganetikeys << "from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\" #{key}" + end else ganetikeys << "# host #{node} not found in allnodeinfo" end @@ -38,28 +38,26 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAqtZYwCwuLP2KZOfqdRyKbexfhcfEiwY7en7aYmY7eUxa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9rh9AuBKt7yEAgtpvTPTl/SJWi2nAe5h5cnhTpWwPQU0VwxpJZlHWDBxldcrqUCZsycpa5e82ABLeZF9n5Sf54PbSRjCMo515/8hOkkGe6EFchI0HL+pVrSDEyVm0ymHFOj7MQn2uC3mQfOzv+v89zK1KR2355cUVjCx6JMuzwn0cQR4bTZ0YA7JSxkDuLgKooIBzck02M6yrJEEZbrk4q+qv6Enls3kwBbPY5KDVmo3apjbBlZMWd4aZtjhL0xT8VqsVhTRZrTg8DrAbW2dmE+fV7x9TeNSh30WYWzx/AdYerMtA4SrnTc2Bhntvngu98w++IILckG1zEsSP6Mr Peter Palfrader (authentication key) - A091F0BBB2A1CD5E (20140504) # sgran ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAuGJnElqbhgLtmJp/de8s42cAwKrkAhFq5u8EAkauEv6BZNqvY/6aRBxCNU55e5JZKa7D1qKMG0upZFCOl5K36uv0KXlCvIMgaQqQcce41dtNRmiyHpw3LXqdV2qJNpJAXMpsEN4F/STkftTOcFhI9nhz88IIwsboCErla1W8NxxRkBU0FxpT4Zn1wBlq30o12gtBFs3lO+nE7+k8H8I791V+3kjVAXCDh5Ep8BY4Bg8eSuhwUgmiNvWf6E6/D0s9pFJdAMFKFLPivsnc13nfgYDmxZQKrkVV8LqIGaisy7Q3LdQLKBraWYmfQ5idkaPK+EUSERdusG7pB0wzp1ieA1iEkgMRFFLBx22tQmEdmu+Wo3vM77FmNYWvvPKDwKYn1uwg0Kgf1JTWlFwq5C73EG3Q6Vb6ExNPaX/GMDkpi0Km5p2/BIM/jyCmCH+ScFRCtzJoxEg3L7BFdCKgY1bQW2pZDMRQ9nc32+EDUGQQbYp44/8mr4mXqDYV4VElZTqWZ6hJZk1cS7hustO8lJE3Yykp+q/5I0cq7fxe5aLBO5DwTPq9EY/dlcTy8z09Itm/AcJuCipg4I0nQ1cSDTNYn+4NVxoga/yS3gJlU5euXKmcaK9SaRCBIHtWR/Semza3Imvgtgd25bwKI+6VT/fHgqgmvo184NZID099w2E90eE= sgran's root key for debian.org machines +# jcristau +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy6ZvBw8WOaCCVlbzvThJtTey/ei32mHHaaSBvD1E/pQfvvpx5688F8DulMSEL3gsNa9q0n3bnAyG/d0E6PcLbXGiQbTVWpGB4dHpdIJ1LTL3XKeNDVQLQZ+2X0t251JnKGCbEVLinQtwf9WokDZxX0JhcZryM2bQEHMtf7bkmrCxBGJmnsI3c6Gn+sHvtVCcsudkUYPdXNlXUBb/MTRJLx0An63Tj7nWypFexk8PSEI6UXFlv6ri/jAEqwE1JO6gBQUxp11E6STgJ7Dd3DVE47aoOPSaftejbQLzRJ7MfiA/spisIglb5wQoGbQN263Kuk6PKlSru/JoRdY1KQWoB jcristau's root key for debian.org +# aurel32 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDJp6ryOTW7VgqEa+n6uKpi/bh2PO4P9Z/voz0zPYtPOWPpJdg7YiTlCt46feC3MrYnU0FN7Hsv+mS3syioNC3e6SemSAHwrdUTE+bsnwF+9TJN+D4AgGmw6b9gjtD4s8l8DTgLYZbYoYZ4g3YE/hdE7BNaSzMy/OaHxCxHXqmJ/3KKgHFZnhP0gziSWRjTjhWpXxQ4zR8D6EBCR+RKg1TNJmLCcRuiLOecnqNglSURyHjL5ZQHwY1kWS4BPTc5Cw09PhqsW/tdy7XtmChTMM3n+xkSmrTv89tQkz0RvpURHVUK6X/i3EwpWRmZZlb/ZGpyO71MjBoTo/K5Zhs6uisQq9eq0IFT0CY8ejkySUWQoldFw/fVNF7uAH0RiK14r8c0bC02YinFfTYHO2bKeVi+bSyV7hWfz+E39OzZ3OnWspEHrtP0XP3pMe/y2KBNBmFTePk3/yPukS0QtejYl1FjHWRb3mymkz8sv5MTAhJSmjKCOvXqJgECrdopOnJgcWy7rQ23BAvgGuUDFhZY0pVgmX40NGMlKldB+86Df5le+xR9LLjvozOxBVsrA+m8jM9tIRoCGcaf4c1mHmTloEYVwsN7UeDpaWQYSSQCc9f1oX8utPfbg7CDme9gokyaVupiYKRZCv2oxLzzQWMb6j6PcxiH1kcXw6hvqR9G2xFwktoNHgmm1HvTfmstPKssXIjKBH4kfR6PsVB+NO48EeIGv7+a0RixtG+39bFaU70i6NhXqMbcpSClOdSH6XucwX4SCni5ih7K6lNH3hmiMNTSI+OTKx2Ci0wOT3+Qt+G2L1gAtpQPpYxiIzcDTY3DXvxrsM3lmORWy9RQ0qGsjzuzMWX0PP7iv91sWGytEx3CSWw6VxEP8GGDcqcooEJOOhd/x5iFTCKJ70iHsHsK/RvsOVZhDv5mfvGVoAhyVI5RtT+Mj6U22fFP+kBv/BdRpBx8BxMxwxCQVWQLUeDpfWQDzXE5wCS4bVcVGx9GbM+xIMu7m/Kni/j5TydPEjEA7hVFHNz56pbnEYhwTXWYr6nTauByThldIPEk0ug+zIxIabAXaoxKzF6UMEZ/SZtDSYAjgHsYYx4w0sES+0nxNIha9CuGGA2rFzi3NBnrMucsPwtTcw/3SOVAuid9kUR6Sjq6/0ZeaoQ+Mk7YFkYQ7HZEoraVZy6N6UrrIdNj9WWarKpig+aHMBDCLT8Rep07BtAGJHnQjld0tssMtFnK0TV5BhPyY/I9g1sla3vHn3eaCtzQ68pbS9JnCGXHYTbFnVJa0TAIlCi7+pQC9Az/pUta05E382cD7f04o/yTCEWd7BcDZSRuyuTInZZVseD1pCVg9O4H4THVtsqVqWWfuxbZ aurel32's root key for debian.org -<%= machine_keys = case fqdn - when "beethoven.debian.org" then - out = '' - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + ' -command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + ' +<%= -' - end - out - when "backuphost.debian.org" then - out = '' - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - if %w{moszumanska.debian.org stabile.debian.org}.include?(node) then - out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + ' -command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + ' +machine_keys = [] +case fqdn + when "storace.debian.org" then + roles['dabackup_client'].each do |node| + if allnodeinfo.has_key?(node) + hostname = allnodeinfo[node]['hostname'][0] -' + machine_keys << "# #{hostname}" + machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}" + else + machine_keys << "# host #{node} not found in allnodeinfo" end - end - out - end -machine_keys + end +end +machine_keys.join("\n") %>