[MediaWiki-commits] [Gerrit] Set up ssh keys so that designate can clear salt and puppet ... - change (operations/puppet)

Andrew Bogott (Code Review) Tue, 14 Apr 2015 09:07:10 -0700

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/204067


Change subject: Set up ssh keys so that designate can clear salt and puppet 
certs.
......................................................................

Set up ssh keys so that designate can clear salt and puppet certs.

Change-Id: I1ecca050b2ce2eb3020f36d2e09bc5cc32f259e0
---
M manifests/role/puppet.pp
M manifests/role/salt.pp
A modules/openstack/files/labs_certs.pub
M modules/openstack/manifests/designate/service.pp
4 files changed, 18 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/67/204067/1

diff --git a/manifests/role/puppet.pp b/manifests/role/puppet.pp
index 2a950e3..fe60da5 100644
--- a/manifests/role/puppet.pp
+++ b/manifests/role/puppet.pp
@@ -34,6 +34,13 @@
             'ldaptls'           => true
         };
     }
+
+    if ! defined(Ssh:userkey['labs_certs.pub']) {
+        # Allow remote execution for cert cleanup
+        ssh::userkey { 'labs_certs.pub':
+            source => 'puppet:///modules/openstack/labs_certs.pub'
+        }
+    }
 }
 
 
diff --git a/manifests/role/salt.pp b/manifests/role/salt.pp
index 655f218..6afed1a 100644
--- a/manifests/role/salt.pp
+++ b/manifests/role/salt.pp
@@ -44,6 +44,12 @@
         salt_reactor_options => { 'puppet_server' => 'virt1000.wikimedia.org' 
},
     }
 
+    if ! defined(Ssh:userkey['labs_certs.pub']) {
+        # Allow remote execution for cert cleanup
+        ssh::userkey { 'labs_certs.pub':
+            source => 'puppet:///modules/openstack/labs_certs.pub'
+        }
+    }
 }
 
 # A salt master manages minions within a project
diff --git a/modules/openstack/files/labs_certs.pub 
b/modules/openstack/files/labs_certs.pub
new file mode 100644
index 0000000..7188077
--- /dev/null
+++ b/modules/openstack/files/labs_certs.pub
@@ -0,0 +1 @@
+ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABAQC58c3tShWchHSCEGp4LeJ3hcKhfgNMSF3FFmblVbp5ZUQ7EyL23q2hBr6Wdo2WoWAiiZN7BvQRjoykMvCEJoUVr2Kot8T84pyzR+U1l7ASuuGMQF5z4ftyWT34icEzbTCPdsPx+yPOHfPn9N5i7B55+5D2/R2xgeZ6J0/ab+ZS6vZ+oNnMEvD29RmfwCYdOcVZH6O66Pi4e44kd78rhhLlws0G2XVRvng1Urte75KuBq57G6axFHq7oQyjOQ+yLLlYvr35nDruXZ5ggW2+i9x/6KbybSURWQpXOy8I4e0Uv7K+4fqC1XPwVGexsnmWcMeqbIPpijL+jKe8kq2Q89C9
 labs_certs
diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index 87d0c71..a3383f8 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -62,7 +62,9 @@
             mode    => '0440';
     }
 
+    ssh::userkey { 'labs_certs':
+        source => 'puppet:///private/ssh/lab_certs/lab_certs'
+    }
+
     # include rootwrap.d entries
 }
-
-

-- 
To view, visit https://gerrit.wikimedia.org/r/204067
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ecca050b2ce2eb3020f36d2e09bc5cc32f259e0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Set up ssh keys so that designate can clear salt and puppet ... - change (operations/puppet)

Reply via email to