Commit d418a919 authored by Micah Anderson's avatar Micah Anderson

setup the backupninja module to enable specification of the location

of the ssh authorized_keys directories and files so that if you are
not using the standard location for authorized_keys files
($HOME/.ssh/authorized_keys) and instead using the
/etc/ssh/sshd_config option "AuthorizedKeysFile" you can then specify
where that will be.

For example, if your /etc/ssh/sshd_config has:

AuthorizedKeysFile /etc/ssh/authorized_keys/$u

then you could specify in the rdiff-backup definition the following
parameters:

...
        ssh_dir => "/etc/ssh/authorized_keys",
        authorized_keys_file => "${hostname}",

to create the file /etc/ssh/authorized_keys/${hostname} instead of the
default location (if unspecifed, the default is used).
parent ef4832d9
......@@ -35,7 +35,7 @@ define backupninja::rdiff($order = 90,
case $type {
'remote': {
case $host { false: { err("need to define a host for remote backups!") } }
backupninja::server::sandbox { "${user}-${name}": user => $user, host => $host, dir => $directory, installuser => $installuser, backuptag => $backuptag }
backupninja::server::sandbox { "${user}-${name}": user => $user, host => $host, dir => $directory, ssh_dir => $ssh_dir, authorized_keys_file => $authorized_keys_file, installuser => $installuser, backuptag => $backuptag }
backupninja::client::key { "${user}-${name}": user => $user, host => $host, installkey => $installkey }
}
}
......
......@@ -24,7 +24,7 @@ class backupninja::server {
# this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server
define sandbox($user = false, $host = false, $installuser = true, $dir = false, $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false) {
define sandbox($user = false, $host = false, $installuser = true, $dir = false, $ssh_dir = false, $authorized_keys_file = false, $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false)
$real_user = $name ? {
false => $name,
default => $user,
......@@ -42,6 +42,14 @@ class backupninja::server {
false => "${backupninja::server::real_backupdir}/$fqdn",
default => $dir,
}
$real_ssh_dir = $ssh_dir ? {
false => ".ssh",
default => $ssh_dir,
}
$real_authorized_keys_file = $authorized_keys_file ? {
false => "authorized_keys",
default => $authorized_keys_file,
}
$real_backuptag = $backuptag ? {
false => "backupninja-$real_host",
default => $backuptag,
......@@ -54,17 +62,17 @@ class backupninja::server {
}
case $installuser {
true: {
@@file { "$real_dir/.ssh":
@@file { "${real_dir}/${real_ssh_dir}":
ensure => directory,
mode => 700, owner => $user, group => 0,
require => File["$real_dir"],
tag => "$real_backuptag",
}
@@file { "$real_dir/.ssh/authorized_keys":
@@file { "${real_dir}/${real_ssh_dir}/${real_authorized_keys_file}":
ensure => present,
mode => 644, owner => 0, group => 0,
source => "$real_backupkeys/${user}_id_rsa.pub",
require => File["$real_dir/.ssh"],
require => File["${real_dir}/${real_ssh_dir}"],
tag => "$real_backuptag",
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment