]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/ssh/templates/authorized_keys.erb
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update the way we populate machine ssh keys for da-backup
[dsa-puppet.git] / modules / ssh / templates / authorized_keys.erb
diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb
index 2adfd0743872a55efd38e055a56319b35b5ce3ec..a37c0c683332cacf68bfa32be4bbe94efb9ef406 100644 (file)
--- a/modules/ssh/templates/authorized_keys.erb
+++ b/modules/ssh/templates/authorized_keys.erb
@@ -1,3 +1,8 @@
+<%
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  roles = scope.lookupvar('site::roles')
+%>
+
 # local admin
 <%= hosterkeys = case scope.lookupvar('site::nodeinfo')['hoster']['name']
          when "ubcece" then
@@ -12,9 +17,8 @@ localkeys
 %>
 <%=
   ganetikeys = []
-  allnodeinfo = scope.lookupvar('site::allnodeinfo')
   if scope.lookupvar('::cluster').to_s != 'undefined'
-    scope.lookupvar('::cluster_nodes').to_s.split.sort.each do |node|
+    scope.lookupvar('::cluster_nodes').split.sort.each do |node|
       if allnodeinfo.has_key?(node)
         ganetikeys << "# for ganeti cluster #{scope.lookupvar('::cluster').to_s}: #{allnodeinfo[node]['hostname'][0]}"
         ganetikeys << "from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\" #{allnodeinfo[node]['sshRSAHostKey'][0]}"
@@ -35,19 +39,25 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1zy2/qSBpYaOKYVEnDI+KEiQlPiKsTv96zJeNdu7xLY1
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuWUv0xRqmnrYX/7b80HIAY9s80Qp4QRFH3DXEkuyDeprJC+GdJs2S/fwhWI9eZDF8NN03SLoOg9q7lXoy2Ts6tda8zfqIf/IBnvcqbsoCtbmrOTvwHj5fVFh0fw72KSc8b+Bccs+1aLXUqP2eSKXB9jpR+apUd7DQ0i6si2/fwrQvqXZ71NeRkcSXIuED9PCA2298DKob1tCAXP1XSIswxxgHdGZgVHYhNt33XSM7zksTbMjr7NBZkJOcgk3dLOVz2RSo38+Curv8nPVoD4uIsE551GXnNTPZiMosvDY3Cy3gTwBhpXFxtkRDr0jMQpYj+ahQ3F+MFJr+0S89QeHfQ== Martin Zobel-Helas - debian adm key (2010-01-04) 
 # weasel
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAqtZYwCwuLP2KZOfqdRyKbexfhcfEiwY7en7aYmY7eUxa396Nzhxv1KOl2xpatD40/TPHtU+GUMxa0PLM7Tn5j2HxZ5S/bjp2l881EWJlYUzZjL95e/PBhPM2r6/VvLTHI7dFI+2s2/LDIuRn3dKsIxFncRzZRjPrpks14wpII4UpVTwQSrBMwkweq0anUiUtw/y7s33fSQJKYu7gXkmkm7mtuF8PJnvI6j482pu34GxWGjjSs9f7ZAm2+mXviVedAsrN3E4MgK14Z6+lOIxfgWmZ2gz33u2nbJ5TCTGJYyxbkaYXXLKo8JW2GtcCZchmhw4kUzo0rfRIXI80e4FEeh3Tj2X0518xp7m/SvKa2nE/dcye2a77ruJZJ0tzHqUmXZSMT5ZdOqgIxeqLGksNFK1mPUbMsfkxbCANVLp17CIeqUtiMYfOjzCuKc3GdYe8Mp47dQx824hnfEldJw9dWH8d+ELO64UsQnEIleQt+d2ASdFK0Vc2SmG7gxcFa2OU9V8TAWx/HKhBhW5KkMKUagATYLgbqzMRfgqslJFDJxB8fQ++Xlodq20MTt2TM9L89ilKyzmG/tNawR71l8+U/sxJS6/sVVXCzHLlMEyVnYRZMBeNwiW2ZBjM+mTv300vUS7+iNUOaZasPOMJqV3d4ImgRUMcOmExMDAnHCRGS10= Peter Palfrader - debian adm key (2008-05-11)
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9rh9AuBKt7yEAgtpvTPTl/SJWi2nAe5h5cnhTpWwPQU0VwxpJZlHWDBxldcrqUCZsycpa5e82ABLeZF9n5Sf54PbSRjCMo515/8hOkkGe6EFchI0HL+pVrSDEyVm0ymHFOj7MQn2uC3mQfOzv+v89zK1KR2355cUVjCx6JMuzwn0cQR4bTZ0YA7JSxkDuLgKooIBzck02M6yrJEEZbrk4q+qv6Enls3kwBbPY5KDVmo3apjbBlZMWd4aZtjhL0xT8VqsVhTRZrTg8DrAbW2dmE+fV7x9TeNSh30WYWzx/AdYerMtA4SrnTc2Bhntvngu98w++IILckG1zEsSP6Mr Peter Palfrader (authentication key) - A091F0BBB2A1CD5E (20140504)
 # sgran
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAuGJnElqbhgLtmJp/de8s42cAwKrkAhFq5u8EAkauEv6BZNqvY/6aRBxCNU55e5JZKa7D1qKMG0upZFCOl5K36uv0KXlCvIMgaQqQcce41dtNRmiyHpw3LXqdV2qJNpJAXMpsEN4F/STkftTOcFhI9nhz88IIwsboCErla1W8NxxRkBU0FxpT4Zn1wBlq30o12gtBFs3lO+nE7+k8H8I791V+3kjVAXCDh5Ep8BY4Bg8eSuhwUgmiNvWf6E6/D0s9pFJdAMFKFLPivsnc13nfgYDmxZQKrkVV8LqIGaisy7Q3LdQLKBraWYmfQ5idkaPK+EUSERdusG7pB0wzp1ieA1iEkgMRFFLBx22tQmEdmu+Wo3vM77FmNYWvvPKDwKYn1uwg0Kgf1JTWlFwq5C73EG3Q6Vb6ExNPaX/GMDkpi0Km5p2/BIM/jyCmCH+ScFRCtzJoxEg3L7BFdCKgY1bQW2pZDMRQ9nc32+EDUGQQbYp44/8mr4mXqDYV4VElZTqWZ6hJZk1cS7hustO8lJE3Yykp+q/5I0cq7fxe5aLBO5DwTPq9EY/dlcTy8z09Itm/AcJuCipg4I0nQ1cSDTNYn+4NVxoga/yS3gJlU5euXKmcaK9SaRCBIHtWR/Semza3Imvgtgd25bwKI+6VT/fHgqgmvo184NZID099w2E90eE= sgran's root key for debian.org machines
 
-<%= machine_keys = case fqdn
-   when "beethoven.debian.org" then
-     out = ''
-     scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
-       out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '
-command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + '
+<%=
 
-'
-     end
-     out
-   end
-machine_keys
+machine_keys = []
+case fqdn
+  when "backuphost.debian.org" then
+    roles['dabackup_client'].each do |node|
+      if allnodeinfo.has_key?(node)
+        hostname = allnodeinfo[node]['hostname'][0]
+
+        machine_keys << "#  #{hostname}"
+        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}"
+      else
+        machine_keys << "# host #{node} not found in allnodeinfo"
+      end
+  end
+end
+machine_keys.join("\n")
 %>
Unnamed repository; edit this file 'description' to name the repository.