Changed backuppc to use server's host key for authenticating to clients.
This commit is contained in:
parent
ffe51ea0b1
commit
6d44f55755
2 changed files with 29 additions and 38 deletions
|
|
@ -1,13 +0,0 @@
|
|||
Facter.add('backuppc_sshkey') do
|
||||
setcode do
|
||||
begin
|
||||
match = File.read('/var/lib/BackupPC/.ssh/id_rsa.pub')[/^ssh-rsa ([^ ]+)/, 1]
|
||||
if match
|
||||
data = match
|
||||
end
|
||||
rescue
|
||||
data = ''
|
||||
end
|
||||
data
|
||||
end
|
||||
end
|
||||
|
|
@ -63,8 +63,8 @@ class backuppc::server {
|
|||
file { "${backuppc_datadir}":
|
||||
ensure => directory,
|
||||
mode => 0750,
|
||||
owner => backuppc,
|
||||
group => root,
|
||||
owner => "backuppc",
|
||||
group => "root",
|
||||
require => Package["BackupPC"],
|
||||
}
|
||||
|
||||
|
|
@ -73,8 +73,7 @@ class backuppc::server {
|
|||
force => true,
|
||||
backup => ".orig",
|
||||
require => File["${backuppc_datadir}"],
|
||||
before => [ Exec["generate-backuppc-sshkey"],
|
||||
Service["backuppc"], ],
|
||||
before => Service["backuppc"],
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -83,14 +82,14 @@ class backuppc::server {
|
|||
content => template("backuppc/BackupPC.conf.erb"),
|
||||
require => Package["BackupPC"],
|
||||
}
|
||||
|
||||
file { "/usr/share/BackupPC/sbin/BackupPC_Admin":
|
||||
ensure => present,
|
||||
mode => 4750,
|
||||
owner => "backuppc",
|
||||
group => "httpsd",
|
||||
group => $apache::sslserver::group,
|
||||
require => Package["BackupPC"],
|
||||
}
|
||||
|
||||
file { "/etc/BackupPC/config.pl":
|
||||
ensure => present,
|
||||
source => "puppet:///files/backuppc/config.pl",
|
||||
|
|
@ -107,8 +106,8 @@ class backuppc::server {
|
|||
source => [ "puppet:///files/backuppc/hosts.in",
|
||||
"puppet:///modules/backuppc/hosts.in", ],
|
||||
mode => 0644,
|
||||
owner => root,
|
||||
group => backuppc,
|
||||
owner => "root",
|
||||
group => "backuppc",
|
||||
seltype => "httpd_sys_script_rw_t",
|
||||
require => Package["BackupPC"],
|
||||
notify => Exec["generate-backuppc-hosts"],
|
||||
|
|
@ -120,8 +119,8 @@ class backuppc::server {
|
|||
force => true,
|
||||
recurse => true,
|
||||
mode => 0640,
|
||||
owner => root,
|
||||
group => backuppc,
|
||||
owner => "root",
|
||||
group => "backuppc",
|
||||
seltype => "httpd_sys_script_rw_t",
|
||||
source => "puppet:///modules/custom/empty",
|
||||
require => Package["BackupPC"],
|
||||
|
|
@ -144,23 +143,28 @@ class backuppc::server {
|
|||
require => Package["BackupPC"],
|
||||
}
|
||||
|
||||
exec { "generate-backuppc-sshkey":
|
||||
command => "ssh-keygen -q -t rsa -f /var/lib/BackupPC/.ssh/id_rsa",
|
||||
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
||||
user => "backuppc",
|
||||
require => [ User["backuppc"],
|
||||
Package["BackupPC"], ],
|
||||
creates => [ "/var/lib/BackupPC/.ssh/id_rsa",
|
||||
"/var/lib/BackupPC/.ssh/id_rsa.pub", ],
|
||||
file { "/var/lib/BackupPC/.ssh":
|
||||
ensure => directory,
|
||||
mode => 0750,
|
||||
owner => "root",
|
||||
group => "backuppc",
|
||||
}
|
||||
file { "/var/lib/BackupPC/.ssh/id_rsa":
|
||||
ensure => present,
|
||||
source => "/etc/ssh/ssh_host_rsa_key",
|
||||
mode => 0640,
|
||||
owner => "root",
|
||||
group => "backuppc",
|
||||
require => File["/var/lib/BackupPC/.ssh"],
|
||||
before => Service["backuppc"],
|
||||
}
|
||||
|
||||
@@ssh_authorized_key { "backuppc":
|
||||
ensure => present,
|
||||
key => $backuppc_sshkey,
|
||||
type => "ssh-rsa",
|
||||
user => "root",
|
||||
target => "/root/.ssh/authorized_keys",
|
||||
tag => "backuppc",
|
||||
ensure => present,
|
||||
key => $sshrsakey,
|
||||
type => "ssh-rsa",
|
||||
user => "root",
|
||||
target => "/root/.ssh/authorized_keys",
|
||||
tag => "backuppc",
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue