updated publisher_ssh_keys to use sunet::ssh_keys

2024-01-11 13:49:27 +01:00 · 2024-01-11 13:49:27 +01:00 · 9036761d48
commit 9036761d48
parent 21c55b7f87
4 changed files with 35 additions and 10 deletions
--- a/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml
+++ b/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml
@ -1,2 +1,10 @@
-publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH
-publisher_ssh_key_type: ssh-ed25519
+publisher_ssh_keys_db:
+   'publisher':
+      key  : 'AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH'
+      type : 'ssh-ed25519'
+      name : 'publisher'
+      options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding'
+
+publisher_ssh_keys_mapping:
+  'root':
+    - 'publisher'
--- a/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml
+++ b/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml
@ -1,2 +1,11 @@
-publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH
-publisher_ssh_key_type: ssh-ed25519
+publisher_ssh_keys_db:
+   'publisher':
+      key  : 'AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH'
+      type : 'ssh-ed25519'
+      name : 'publisher'
+      options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding'
+
+publisher_ssh_keys_mapping:
+  'root':
+    - 'publisher'
+
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@ -242,10 +242,9 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
   # this allows fileage check to work wo sudo
   file { '/var/www': ensure => directory, mode => '0755' } ->
   file { '/var/www/html': ensure => directory, mode => '0755', owner => 'www-data', group =>'www-data' } ->
-   sunet::rrsync {$dir:
-      ro                => false,
-      ssh_key           => safe_hiera('publisher_ssh_key'),
-      ssh_key_type      => safe_hiera('publisher_ssh_key_type')
+   sunet::ssh_keys { 'publisher-keys':
+     config => safe_hiera('publisher_ssh_keys_mapping', {}),
+     key_database_name => 'publisher_ssh_keys_db'
   } ->
   package {['lighttpd','attr']: ensure => latest } ->
   exec {'enable-ssl':
--- a/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml
+++ b/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml
@ -1,3 +1,12 @@
 ---
-publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIJrzCjtN8nf5+MhNgAR61vAd6/6dSvfBDCm5oaGeXIXH
-publisher_ssh_key_type: ssh-ed25519
+publisher_ssh_keys_db:
+   'publisher':
+      key  : 'AAAAC3NzaC1lZDI1NTE5AAAAIJrzCjtN8nf5+MhNgAR61vAd6/6dSvfBDCm5oaGeXIXH'
+      type : 'ssh-ed25519'
+      name : 'publisher'
+      options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding'
+
+publisher_ssh_keys_mapping:
+  'root':
+    - 'publisher'
+