From 8895d64289ef20f5760536057f0d0616324a5d13 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 25 Apr 2014 09:57:12 -0700 Subject: [PATCH] Fix up ssh key usage We need for the keys to only have the key content. Also, we've learned that the ssh_authorized_key title is important. Change-Id: Ie772572e041ea6c1587dddb02937b89541a37e1b --- modules/jenkins/manifests/jenkinsuser.pp | 6 +++++- modules/jenkins/manifests/master.pp | 2 +- modules/openstack_project/manifests/git_backend.pp | 6 +++++- modules/openstack_project/manifests/init.pp | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/jenkins/manifests/jenkinsuser.pp b/modules/jenkins/manifests/jenkinsuser.pp index 069c09278b..b4f1f12894 100644 --- a/modules/jenkins/manifests/jenkinsuser.pp +++ b/modules/jenkins/manifests/jenkinsuser.pp @@ -52,13 +52,17 @@ class jenkins::jenkinsuser( require => File['/home/jenkins'], } - ssh_authorized_key { '/home/jenkins/.ssh/authorized_keys': + ssh_authorized_key { 'jenkins-master-2014-04-24': ensure => present, user => 'jenkins', type => 'ssh-rsa', key => $ssh_key, require => File['/home/jenkins/.ssh'], } + ssh_authorized_key { '/home/jenkins/.ssh/authorized_keys': + ensure => absent, + user => 'jenkins', + } #NOTE: not all distributions have default bash files in /etc/skel if ($::osfamily == 'Debian') { diff --git a/modules/jenkins/manifests/master.pp b/modules/jenkins/manifests/master.pp index a54108647b..ff374432a2 100644 --- a/modules/jenkins/manifests/master.pp +++ b/modules/jenkins/manifests/master.pp @@ -149,7 +149,7 @@ class jenkins::master( owner => 'jenkins', group => 'nogroup', mode => '0644', - content => $jenkins_ssh_public_key, + content => "ssh_rsa ${jenkins_ssh_public_key} jenkins@${::fqdn}", replace => true, require => File['/var/lib/jenkins/.ssh/'], } diff --git a/modules/openstack_project/manifests/git_backend.pp b/modules/openstack_project/manifests/git_backend.pp index 3c4d7514d5..cb0ca26758 100644 --- a/modules/openstack_project/manifests/git_backend.pp +++ b/modules/openstack_project/manifests/git_backend.pp @@ -64,13 +64,17 @@ class openstack_project::git_backend ( require => User['cgit'], } - ssh_authorized_key { '/home/cgit/.ssh/authorized_keys': + ssh_authorized_key { 'gerrit-replication-2014-04-25': ensure => present, user => 'cgit', type => 'ssh-rsa', key => $git_gerrit_ssh_key, require => File['/home/cgit/.ssh/'] } + ssh_authorized_key { '/home/cgit/.ssh/authorized_keys': + ensure => absent, + user => 'cgit', + } file { '/home/cgit/projects.yaml': ensure => present, diff --git a/modules/openstack_project/manifests/init.pp b/modules/openstack_project/manifests/init.pp index 8267319c0b..91f3b41cb3 100644 --- a/modules/openstack_project/manifests/init.pp +++ b/modules/openstack_project/manifests/init.pp @@ -2,8 +2,8 @@ # class openstack_project { - $jenkins_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6WutNHfM+YdnjeNFeaIpvxqt+9aDn95Ykpmc+fASSjlDZJtOrueH3ch/v08wkE4WQKg03i+t8VonqEwMGmApYA3VzFsURUQbxzlSz5kHlBQSqgz5JTwUmnt1RH5sePL5pkuJ6JgqJ8PxJod6fiD7YDjaKJW/wBzXGnGg2EkgqrkBQXYL4hyaPuSwsQF0Gdwg3QFqXl+R/GrM6FscUkkJzbjqGKI2GhLT8mf2BIMEAiMFhF5Wl4FFrbvhTfPfW+9VdcsiMxCXaxp00n1x1+Y7OqR5AZ/id0Lkz9ZoFVGS901OB/L4xXrvUtI2y+kIYeF6hxfmAl/zhY0eWzwo9lDPz jenkins@jenkins.openstack.org\n" + $jenkins_ssh_key = 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC6WutNHfM+YdnjeNFeaIpvxqt+9aDn95Ykpmc+fASSjlDZJtOrueH3ch/v08wkE4WQKg03i+t8VonqEwMGmApYA3VzFsURUQbxzlSz5kHlBQSqgz5JTwUmnt1RH5sePL5pkuJ6JgqJ8PxJod6fiD7YDjaKJW/wBzXGnGg2EkgqrkBQXYL4hyaPuSwsQF0Gdwg3QFqXl+R/GrM6FscUkkJzbjqGKI2GhLT8mf2BIMEAiMFhF5Wl4FFrbvhTfPfW+9VdcsiMxCXaxp00n1x1+Y7OqR5AZ/id0Lkz9ZoFVGS901OB/L4xXrvUtI2y+kIYeF6hxfmAl/zhY0eWzwo9lDPz' - $jenkins_dev_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbqsicu+KLV4W+XYDmGO9+1RgDO08KFYK3aElpXRU8zTmZfOMOVWdYYrKzj/GTfHMZQPzGHIsgfZYOBDFzplT5K/bhFwBCpyR68pkA1tXlqcJnoNIweC+MhCcWiX2AkjcR/WLiVrUiBj6L4Hl/2LigcbJU8TWZZrilrnki8iJvvgXKXJntOlcyNFDsABFOjl6zybi0vqFRZHAQTVDpVIr3ihrBIRMEYnAbJX8+zDNZmkIhyOFWLQ2uHaDclVH4ZJT/d7xbE7oqUnb3PxMke81uf/AqwfPCa1QKanH89raSwwIFrBKE+XBtdgoLhdS658rYWmMl2ISgQ85BSHv52HTn jenkins@jenkins-dev.openstack.org\n" + $jenkins_dev_ssh_key = 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDbqsicu+KLV4W+XYDmGO9+1RgDO08KFYK3aElpXRU8zTmZfOMOVWdYYrKzj/GTfHMZQPzGHIsgfZYOBDFzplT5K/bhFwBCpyR68pkA1tXlqcJnoNIweC+MhCcWiX2AkjcR/WLiVrUiBj6L4Hl/2LigcbJU8TWZZrilrnki8iJvvgXKXJntOlcyNFDsABFOjl6zybi0vqFRZHAQTVDpVIr3ihrBIRMEYnAbJX8+zDNZmkIhyOFWLQ2uHaDclVH4ZJT/d7xbE7oqUnb3PxMke81uf/AqwfPCa1QKanH89raSwwIFrBKE+XBtdgoLhdS658rYWmMl2ISgQ85BSHv52HTn' }