Commit d418a919 authored by Micah Anderson's avatar Micah Anderson

setup the backupninja module to enable specification of the location

of the ssh authorized_keys directories and files so that if you are
not using the standard location for authorized_keys files
($HOME/.ssh/authorized_keys) and instead using the
/etc/ssh/sshd_config option "AuthorizedKeysFile" you can then specify
where that will be.

For example, if your /etc/ssh/sshd_config has:

AuthorizedKeysFile /etc/ssh/authorized_keys/$u

then you could specify in the rdiff-backup definition the following
parameters:

...
        ssh_dir => "/etc/ssh/authorized_keys",
        authorized_keys_file => "${hostname}",

to create the file /etc/ssh/authorized_keys/${hostname} instead of the
default location (if unspecifed, the default is used).
parent ef4832d9
...@@ -35,7 +35,7 @@ define backupninja::rdiff($order = 90, ...@@ -35,7 +35,7 @@ define backupninja::rdiff($order = 90,
case $type { case $type {
'remote': { 'remote': {
case $host { false: { err("need to define a host for remote backups!") } } case $host { false: { err("need to define a host for remote backups!") } }
backupninja::server::sandbox { "${user}-${name}": user => $user, host => $host, dir => $directory, installuser => $installuser, backuptag => $backuptag } backupninja::server::sandbox { "${user}-${name}": user => $user, host => $host, dir => $directory, ssh_dir => $ssh_dir, authorized_keys_file => $authorized_keys_file, installuser => $installuser, backuptag => $backuptag }
backupninja::client::key { "${user}-${name}": user => $user, host => $host, installkey => $installkey } backupninja::client::key { "${user}-${name}": user => $user, host => $host, installkey => $installkey }
} }
} }
......
...@@ -24,7 +24,7 @@ class backupninja::server { ...@@ -24,7 +24,7 @@ class backupninja::server {
# this define allows nodes to declare a remote backup sandbox, that have to # this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server # get created on the server
define sandbox($user = false, $host = false, $installuser = true, $dir = false, $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false) { define sandbox($user = false, $host = false, $installuser = true, $dir = false, $ssh_dir = false, $authorized_keys_file = false, $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false)
$real_user = $name ? { $real_user = $name ? {
false => $name, false => $name,
default => $user, default => $user,
...@@ -42,6 +42,14 @@ class backupninja::server { ...@@ -42,6 +42,14 @@ class backupninja::server {
false => "${backupninja::server::real_backupdir}/$fqdn", false => "${backupninja::server::real_backupdir}/$fqdn",
default => $dir, default => $dir,
} }
$real_ssh_dir = $ssh_dir ? {
false => ".ssh",
default => $ssh_dir,
}
$real_authorized_keys_file = $authorized_keys_file ? {
false => "authorized_keys",
default => $authorized_keys_file,
}
$real_backuptag = $backuptag ? { $real_backuptag = $backuptag ? {
false => "backupninja-$real_host", false => "backupninja-$real_host",
default => $backuptag, default => $backuptag,
...@@ -54,17 +62,17 @@ class backupninja::server { ...@@ -54,17 +62,17 @@ class backupninja::server {
} }
case $installuser { case $installuser {
true: { true: {
@@file { "$real_dir/.ssh": @@file { "${real_dir}/${real_ssh_dir}":
ensure => directory, ensure => directory,
mode => 700, owner => $user, group => 0, mode => 700, owner => $user, group => 0,
require => File["$real_dir"], require => File["$real_dir"],
tag => "$real_backuptag", tag => "$real_backuptag",
} }
@@file { "$real_dir/.ssh/authorized_keys": @@file { "${real_dir}/${real_ssh_dir}/${real_authorized_keys_file}":
ensure => present, ensure => present,
mode => 644, owner => 0, group => 0, mode => 644, owner => 0, group => 0,
source => "$real_backupkeys/${user}_id_rsa.pub", source => "$real_backupkeys/${user}_id_rsa.pub",
require => File["$real_dir/.ssh"], require => File["${real_dir}/${real_ssh_dir}"],
tag => "$real_backuptag", tag => "$real_backuptag",
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment