Changed ssh::known_hosts to use use exported resources

2011-06-08 14:21:50 +03:00 · 2011-06-08 14:21:50 +03:00 · 8562ddec5b
commit 8562ddec5b
parent b70e9c2674
2 changed files with 15 additions and 79 deletions
--- a/ssh/manifests/init.pp
+++ b/ssh/manifests/init.pp
@ -1,17 +1,9 @@
-
-# Class: ssh::known_hosts
-#
-# Install global ssh_known_hosts file generated from LDAP directory.
-#
-# === Depencies:
-#
-# Template file generation requires Ruby LDAP bindings[http://ruby-ldap.sourceforge.net/] on puppet server.
+# Export and collect public host keys.
 #
 class ssh::known_hosts {

    file { "/etc/ssh/ssh_known_hosts":
        ensure => present,
-        content => template("ssh/ssh_known_hosts.erb"),
        mode   => 0644,
        owner  => root,
        group  => $operatingsystem ? {
@ -20,6 +12,16 @@ class ssh::known_hosts {
        },
    }

+    @@sshkey { "${homename}":
+        ensure       => present,
+        type         => rsa,
+        key          => "${sshrsakey}",
+        host_aliases => inline_template("<%= homename.split('.')[0] %>"),
+        require      => File["/etc/ssh/ssh_known_hosts"],
+    }
+
+    Sshkey <<| |>>
+
 }


--- a/ssh/templates/ssh_known_hosts.erb
+++ b/ssh/templates/ssh_known_hosts.erb
@ -1,66 +0,0 @@
-<%
-
-require 'ldap'
-require 'uri'
-
-basedn = ''
-conn = ''
-
-f = File.new('/etc/openldap/ldap.conf', 'r')
-f.readlines.each do |line|
-    line = line.strip
-    next if line =~ /^#/
-    next if line == ''
-    line = line.split
-    if line[0] == 'BASE'
-        basedn = line[1]
-    elsif line[0] == 'URI'
-        line.shift
-        line.each do |uri|
-            uri = URI.parse(uri)
-            begin
-                if uri.scheme == 'ldaps'
-                    if ! uri.port
-                        uri.port = 636
-                    end
-                    conn = LDAP::SSLConn.new(uri.host, uri.port)
-                else
-                    if ! uri.port
-                        uri.port = 389
-                    end
-                    conn = LDAP::Conn.new(uri.host, uri.port)
-                end
-                conn.bind
-                break
-            rescue LDAP::ResultError
-                next
-            end
-        end
-    end
-end
-f.close
-
-filter = '(&(objectClass=ipHost)(sshPublicKey=*))'
-attrs = ['cn', 'sshPublicKey', 'ipHostNumber']
-
-data = []
-conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) { |entry|
-    names = []
-    entry.vals('cn').each do |v|
-        names.push(v)
-        names.push(v.split('.')[0])
-    end
-    names.push(entry.vals('ipHostNumber')[0])
-    names = names.uniq.sort
-    data.push(names.join(',') + ' ' + entry.vals('sshPublicKey')[0])
-}
-data.sort
-
-data.each do |line|
-
-%><%= line %>
-<%
-
-end
-
-%>