From 9036761d48c2cfc924874c191256e13b5c3b4f07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= Date: Thu, 11 Jan 2024 13:49:27 +0100 Subject: [PATCH] updated publisher_ssh_keys to use sunet::ssh_keys --- .../overlay/etc/hiera/data/local.yaml | 12 ++++++++++-- .../overlay/etc/hiera/data/local.yaml | 13 +++++++++++-- global/overlay/etc/puppet/manifests/cosmos-site.pp | 7 +++---- p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml | 13 +++++++++++-- 4 files changed, 35 insertions(+), 10 deletions(-) diff --git a/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml b/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml index 0cf37786..a5aa73f2 100644 --- a/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml +++ b/eupub-test-1.komreg.net/overlay/etc/hiera/data/local.yaml @@ -1,2 +1,10 @@ -publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH -publisher_ssh_key_type: ssh-ed25519 +publisher_ssh_keys_db: + 'publisher': + key : 'AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH' + type : 'ssh-ed25519' + name : 'publisher' + options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding' + +publisher_ssh_keys_mapping: + 'root': + - 'publisher' diff --git a/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml b/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml index 0cf37786..f6984a88 100644 --- a/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml +++ b/eupub-test-2.komreg.net/overlay/etc/hiera/data/local.yaml @@ -1,2 +1,11 @@ -publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH -publisher_ssh_key_type: ssh-ed25519 +publisher_ssh_keys_db: + 'publisher': + key : 'AAAAC3NzaC1lZDI1NTE5AAAAIBCp8IWCkQ9apLGj/cNmNFtJX68+k2CC36WOldwtJLZH' + type : 'ssh-ed25519' + name : 'publisher' + options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding' + +publisher_ssh_keys_mapping: + 'root': + - 'publisher' + diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index f57a228e..a607da56 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -242,10 +242,9 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v # this allows fileage check to work wo sudo file { '/var/www': ensure => directory, mode => '0755' } -> file { '/var/www/html': ensure => directory, mode => '0755', owner => 'www-data', group =>'www-data' } -> - sunet::rrsync {$dir: - ro => false, - ssh_key => safe_hiera('publisher_ssh_key'), - ssh_key_type => safe_hiera('publisher_ssh_key_type') + sunet::ssh_keys { 'publisher-keys': + config => safe_hiera('publisher_ssh_keys_mapping', {}), + key_database_name => 'publisher_ssh_keys_db' } -> package {['lighttpd','attr']: ensure => latest } -> exec {'enable-ssl': diff --git a/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml b/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml index 707397ca..d7ba0182 100644 --- a/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml +++ b/p2.qa.komreg.net/overlay/etc/hiera/data/local.yaml @@ -1,3 +1,12 @@ --- -publisher_ssh_key: AAAAC3NzaC1lZDI1NTE5AAAAIJrzCjtN8nf5+MhNgAR61vAd6/6dSvfBDCm5oaGeXIXH -publisher_ssh_key_type: ssh-ed25519 +publisher_ssh_keys_db: + 'publisher': + key : 'AAAAC3NzaC1lZDI1NTE5AAAAIJrzCjtN8nf5+MhNgAR61vAd6/6dSvfBDCm5oaGeXIXH' + type : 'ssh-ed25519' + name : 'publisher' + options : 'command="/usr/bin/rrsync /var/www/html",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding' + +publisher_ssh_keys_mapping: + 'root': + - 'publisher' +