Changed backuppc to use server's host key for authenticating to clients.

2011-03-15 13:07:30 +02:00 · 2011-03-15 13:07:30 +02:00 · 6d44f55755
commit 6d44f55755
parent ffe51ea0b1
2 changed files with 29 additions and 38 deletions
--- a/backuppc/lib/facter/backuppc_sshkey.rb
+++ b/backuppc/lib/facter/backuppc_sshkey.rb
@ -1,13 +0,0 @@
 Facter.add('backuppc_sshkey') do
    setcode do
 	begin
 	    match = File.read('/var/lib/BackupPC/.ssh/id_rsa.pub')[/^ssh-rsa ([^ ]+)/, 1]
 	    if match
 		data = match
 	    end
 	rescue
 	    data = ''
 	end
 	data
    end
 end
--- a/backuppc/manifests/init.pp
+++ b/backuppc/manifests/init.pp
@ -63,8 +63,8 @@ class backuppc::server {
        file { "${backuppc_datadir}":
            ensure  => directory,
            mode    => 0750,
-            owner   => backuppc,
+            owner   => "backuppc",
-            group   => root,
+            group   => "root",
            require => Package["BackupPC"],
        }
@ -73,8 +73,7 @@ class backuppc::server {
            force   => true,
            backup  => ".orig",
            require => File["${backuppc_datadir}"],
-            before  => [ Exec["generate-backuppc-sshkey"],
+            before  => Service["backuppc"],
                         Service["backuppc"], ],
        }
    }
@ -83,14 +82,14 @@ class backuppc::server {
        content => template("backuppc/BackupPC.conf.erb"),
        require => Package["BackupPC"],
    }
    file { "/usr/share/BackupPC/sbin/BackupPC_Admin":
        ensure  => present,
        mode    => 4750,
        owner   => "backuppc",
-        group   => "httpsd",
+        group   => $apache::sslserver::group,
        require => Package["BackupPC"],
    }
    file { "/etc/BackupPC/config.pl":
 	ensure  => present,
 	source  => "puppet:///files/backuppc/config.pl",
@ -107,8 +106,8 @@ class backuppc::server {
 	source  => [ "puppet:///files/backuppc/hosts.in",
 		     "puppet:///modules/backuppc/hosts.in", ],
 	mode    => 0644,
-	owner   => root,
+	owner   => "root",
-	group   => backuppc,
+	group   => "backuppc",
        seltype => "httpd_sys_script_rw_t",
 	require => Package["BackupPC"],
 	notify  => Exec["generate-backuppc-hosts"],
@ -120,8 +119,8 @@ class backuppc::server {
 	force   => true,
 	recurse => true,
 	mode    => 0640,
-	owner   => root,
+	owner   => "root",
-	group   => backuppc,
+	group   => "backuppc",
        seltype => "httpd_sys_script_rw_t",
 	source  => "puppet:///modules/custom/empty",
 	require => Package["BackupPC"],
@ -144,19 +143,24 @@ class backuppc::server {
 	require => Package["BackupPC"],
    }
-    exec { "generate-backuppc-sshkey":
+    file { "/var/lib/BackupPC/.ssh":
-        command => "ssh-keygen -q -t rsa -f /var/lib/BackupPC/.ssh/id_rsa",
+        ensure  => directory,
-        path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
+        mode    => 0750,
-        user    => "backuppc",
+        owner   => "root",
-        require => [ User["backuppc"],
+        group   => "backuppc",
-                     Package["BackupPC"], ],
+    }
-        creates => [ "/var/lib/BackupPC/.ssh/id_rsa",
+    file { "/var/lib/BackupPC/.ssh/id_rsa":
-                     "/var/lib/BackupPC/.ssh/id_rsa.pub", ],
+        ensure  => present,
        source  => "/etc/ssh/ssh_host_rsa_key",
        mode    => 0640,
        owner   => "root",
        group   => "backuppc",
        require => File["/var/lib/BackupPC/.ssh"],
        before  => Service["backuppc"],
    }
    @@ssh_authorized_key { "backuppc":
        ensure  => present,
-        key    => $backuppc_sshkey,
+        key     => $sshrsakey,
        type    => "ssh-rsa",
        user    => "root",
        target  => "/root/.ssh/authorized_keys",