From: Peter Palfrader Date: Tue, 22 Jul 2014 20:34:12 +0000 (+0200) Subject: Update the way we populate machine ssh keys for da-backup X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=f79ea6dfc8236090b64955613e959f6a6e710536 Update the way we populate machine ssh keys for da-backup --- diff --git a/hieradata/common.yaml b/hieradata/common.yaml index c83c541e..3900acee 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -116,5 +116,8 @@ roles: - wolkenstein.debian.org postgres_backup_server: - backuphost.debian.org + dabackup_client: + - moszumanska.debian.org + - lw03.debian.org gobby_debian_org: - gombert.debian.org diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index c80a02ef..a37c0c68 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -1,3 +1,8 @@ +<% + allnodeinfo = scope.lookupvar('site::allnodeinfo') + roles = scope.lookupvar('site::roles') +%> + # local admin <%= hosterkeys = case scope.lookupvar('site::nodeinfo')['hoster']['name'] when "ubcece" then @@ -12,7 +17,6 @@ localkeys %> <%= ganetikeys = [] - allnodeinfo = scope.lookupvar('site::allnodeinfo') if scope.lookupvar('::cluster').to_s != 'undefined' scope.lookupvar('::cluster_nodes').split.sort.each do |node| if allnodeinfo.has_key?(node) @@ -39,27 +43,21 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9rh9AuBKt7yEAgtpvTPTl/SJWi2nAe5h5cnhTpWw # sgran ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAuGJnElqbhgLtmJp/de8s42cAwKrkAhFq5u8EAkauEv6BZNqvY/6aRBxCNU55e5JZKa7D1qKMG0upZFCOl5K36uv0KXlCvIMgaQqQcce41dtNRmiyHpw3LXqdV2qJNpJAXMpsEN4F/STkftTOcFhI9nhz88IIwsboCErla1W8NxxRkBU0FxpT4Zn1wBlq30o12gtBFs3lO+nE7+k8H8I791V+3kjVAXCDh5Ep8BY4Bg8eSuhwUgmiNvWf6E6/D0s9pFJdAMFKFLPivsnc13nfgYDmxZQKrkVV8LqIGaisy7Q3LdQLKBraWYmfQ5idkaPK+EUSERdusG7pB0wzp1ieA1iEkgMRFFLBx22tQmEdmu+Wo3vM77FmNYWvvPKDwKYn1uwg0Kgf1JTWlFwq5C73EG3Q6Vb6ExNPaX/GMDkpi0Km5p2/BIM/jyCmCH+ScFRCtzJoxEg3L7BFdCKgY1bQW2pZDMRQ9nc32+EDUGQQbYp44/8mr4mXqDYV4VElZTqWZ6hJZk1cS7hustO8lJE3Yykp+q/5I0cq7fxe5aLBO5DwTPq9EY/dlcTy8z09Itm/AcJuCipg4I0nQ1cSDTNYn+4NVxoga/yS3gJlU5euXKmcaK9SaRCBIHtWR/Semza3Imvgtgd25bwKI+6VT/fHgqgmvo184NZID099w2E90eE= sgran's root key for debian.org machines -<%= machine_keys = case fqdn - when "beethoven.debian.org" then - out = '' - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + ' -command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + ' +<%= -' - end - out - when "backuphost.debian.org" then - out = '' - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - if %w{moszumanska.debian.org stabile.debian.org}.include?(node) then - out += '# ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + ' -command="/usr/lib/da-backup/da-backup-ssh-wrap ' + scope.lookupvar('site::allnodeinfo')[node]['hostname'][0] + '",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="' + scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].join(',') + '" ' + scope.lookupvar('site::allnodeinfo')[node]['sshRSAHostKey'][0] + ' +machine_keys = [] +case fqdn + when "backuphost.debian.org" then + roles['dabackup_client'].each do |node| + if allnodeinfo.has_key?(node) + hostname = allnodeinfo[node]['hostname'][0] -' + machine_keys << "# #{hostname}" + machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}" + else + machine_keys << "# host #{node} not found in allnodeinfo" end - end - out - end -machine_keys + end +end +machine_keys.join("\n") %>