Changed ssh::known_hosts to use use exported resources

2011-06-08 14:21:50 +03:00 · 2011-06-08 14:21:50 +03:00 · 8562ddec5b
commit 8562ddec5b
parent b70e9c2674
2 changed files with 15 additions and 79 deletions
--- a/ssh/manifests/init.pp
+++ b/ssh/manifests/init.pp
@ -1,17 +1,9 @@
-
+# Export and collect public host keys.
 # Class: ssh::known_hosts
 #
 # Install global ssh_known_hosts file generated from LDAP directory.
 #
 # === Depencies:
 #
 # Template file generation requires Ruby LDAP bindings[http://ruby-ldap.sourceforge.net/] on puppet server.
 #
 class ssh::known_hosts {
    file { "/etc/ssh/ssh_known_hosts":
        ensure => present,
        content => template("ssh/ssh_known_hosts.erb"),
        mode   => 0644,
        owner  => root,
        group  => $operatingsystem ? {
@ -20,6 +12,16 @@ class ssh::known_hosts {
        },
    }
    @@sshkey { "${homename}":
        ensure       => present,
        type         => rsa,
        key          => "${sshrsakey}",
        host_aliases => inline_template("<%= homename.split('.')[0] %>"),
        require      => File["/etc/ssh/ssh_known_hosts"],
    }
    Sshkey <<| |>>
 }
--- a/ssh/templates/ssh_known_hosts.erb
+++ b/ssh/templates/ssh_known_hosts.erb
@ -1,66 +0,0 @@
 <%
 require 'ldap'
 require 'uri'
 basedn = ''
 conn = ''
 f = File.new('/etc/openldap/ldap.conf', 'r')
 f.readlines.each do |line|
    line = line.strip
    next if line =~ /^#/
    next if line == ''
    line = line.split
    if line[0] == 'BASE'
        basedn = line[1]
    elsif line[0] == 'URI'
        line.shift
        line.each do |uri|
            uri = URI.parse(uri)
            begin
                if uri.scheme == 'ldaps'
                    if ! uri.port
                        uri.port = 636
                    end
                    conn = LDAP::SSLConn.new(uri.host, uri.port)
                else
                    if ! uri.port
                        uri.port = 389
                    end
                    conn = LDAP::Conn.new(uri.host, uri.port)
                end
                conn.bind
                break
            rescue LDAP::ResultError
                next
            end
        end
    end
 end
 f.close
 filter = '(&(objectClass=ipHost)(sshPublicKey=*))'
 attrs = ['cn', 'sshPublicKey', 'ipHostNumber']
 data = []
 conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) { |entry|
    names = []
    entry.vals('cn').each do |v|
        names.push(v)
        names.push(v.split('.')[0])
    end
    names.push(entry.vals('ipHostNumber')[0])
    names = names.uniq.sort
    data.push(names.join(',') + ' ' + entry.vals('sshPublicKey')[0])
 }
 data.sort
 data.each do |line|
 %><%= line %>
 <%
 end
 %>