From 8562ddec5b2c32041f0ab28609754786ae7bfa08 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Wed, 8 Jun 2011 14:21:50 +0300
Subject: [PATCH] Changed ssh::known_hosts to use use exported resources

---
 ssh/manifests/init.pp             | 28 +++++++------
 ssh/templates/ssh_known_hosts.erb | 66 -------------------------------
 2 files changed, 15 insertions(+), 79 deletions(-)
 delete mode 100644 ssh/templates/ssh_known_hosts.erb

diff --git a/ssh/manifests/init.pp b/ssh/manifests/init.pp
index 73f3120..69afa1e 100644
--- a/ssh/manifests/init.pp
+++ b/ssh/manifests/init.pp
@@ -1,25 +1,27 @@
-
-# Class: ssh::known_hosts
-#
-# Install global ssh_known_hosts file generated from LDAP directory.
-#
-# === Depencies:
-#
-# Template file generation requires Ruby LDAP bindings[http://ruby-ldap.sourceforge.net/] on puppet server.
+# Export and collect public host keys.
 #
 class ssh::known_hosts {
 
     file { "/etc/ssh/ssh_known_hosts":
-        ensure  => present,
-        content => template("ssh/ssh_known_hosts.erb"),
-        mode    => 0644,
-        owner   => root,
-        group   => $operatingsystem ? {
+        ensure => present,
+        mode   => 0644,
+        owner  => root,
+        group  => $operatingsystem ? {
             OpenBSD => wheel,
             default => root,
         },
     }
 
+    @@sshkey { "${homename}":
+        ensure       => present,
+        type         => rsa,
+        key          => "${sshrsakey}",
+        host_aliases => inline_template("<%= homename.split('.')[0] %>"),
+        require      => File["/etc/ssh/ssh_known_hosts"],
+    }
+
+    Sshkey <<| |>>
+
 }
 
 
diff --git a/ssh/templates/ssh_known_hosts.erb b/ssh/templates/ssh_known_hosts.erb
deleted file mode 100644
index c7cfb00..0000000
--- a/ssh/templates/ssh_known_hosts.erb
+++ /dev/null
@@ -1,66 +0,0 @@
-<%
-
-require 'ldap'
-require 'uri'
-
-basedn = ''
-conn = ''
-
-f = File.new('/etc/openldap/ldap.conf', 'r')
-f.readlines.each do |line|
-    line = line.strip
-    next if line =~ /^#/
-    next if line == ''
-    line = line.split
-    if line[0] == 'BASE'
-        basedn = line[1]
-    elsif line[0] == 'URI'
-        line.shift
-        line.each do |uri|
-            uri = URI.parse(uri)
-            begin
-                if uri.scheme == 'ldaps'
-                    if ! uri.port
-                        uri.port = 636
-                    end
-                    conn = LDAP::SSLConn.new(uri.host, uri.port)
-                else
-                    if ! uri.port
-                        uri.port = 389
-                    end
-                    conn = LDAP::Conn.new(uri.host, uri.port)
-                end
-                conn.bind
-                break
-            rescue LDAP::ResultError
-                next
-            end
-        end
-    end
-end
-f.close
-
-filter = '(&(objectClass=ipHost)(sshPublicKey=*))'
-attrs = ['cn', 'sshPublicKey', 'ipHostNumber']
-
-data = []
-conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) { |entry|
-    names = []
-    entry.vals('cn').each do |v|
-        names.push(v)
-        names.push(v.split('.')[0])
-    end
-    names.push(entry.vals('ipHostNumber')[0])
-    names = names.uniq.sort
-    data.push(names.join(',') + ' ' + entry.vals('sshPublicKey')[0])
-}
-data.sort
-
-data.each do |line|
-
-%><%= line %>
-<%
-
-end
-
-%>
\ No newline at end of file