Working on git config

49c94760 · Srinivas Rao Puttagunta · 1c64d944 · 49c94760 · 49c94760 · 49c94760
Commit 49c94760 authored 5 years ago by Srinivas Rao Puttagunta
--- a/files/etc/ldap-git-config/config.erb
+++ b/files/etc/ldap-git-config/config.erb
+git_url: <%= @git_url %>
+ssh_key: <%= @ssh_key %>
--- a/files/etc/ldap-git-config/git-cn-config-sshkey-nonprod.public
+++ b/files/etc/ldap-git-config/git-cn-config-sshkey-nonprod.public
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRocpeGrhdEFU6wFpK3mFjVv7NaPF4R15BQgMFwAywIFwwvJfE1Pd0qlcbdjbu7gSN6z3v55nm3931580NZXeR6MhP1rxzjvdS0TnleIA8E8i7P3W7G0wr9v5ZJk1gRPXUBy/aPZrMOzLvyvZ4N0y9FOZbDoypmF2V04PhNSSCgRCQGzI1kimjbt1AUXXl7tdkRsXL5Q/LlP6Hv/7vEuabUqPgTk4oJYCzIjTIEHi1yWgBFdia9nscmwdY5HZuEm2YtJaUDS8/MCBpeN4OmCgYe5GgO7m03lsnPHKyy2fTVb6q9UcoLTfSdggeCEulkVSmOLECFOnlFOc1DNS2hfPj ldap-nonprod
--- a/files/etc/ldap-git-config/git-cn-config-sshkey-prod.public
+++ b/files/etc/ldap-git-config/git-cn-config-sshkey-prod.public
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC24HoBfRJR8RmoUJYUPbdXrhZeyQ4oMFScCnKjlHnuZWrFhGjBVpDcahFYBFv4Kd21pEqKIrxnh5YvjIiPseULaaNTBZ5bLsATS5HZYvpkCpZ8b7lUsqbkPcxyIsaU3dx1nRt4rWtgqerAXGNOWIzw+/cbvUzNrWlsAiBj2v+G1NhsaflsKiMGL+xIHJwkwNG9BOjmlQCAK1ow/Gj9V7husRGmB/TOY3mP5Q01M+U2GBT9QPvKUwdHAtwNW9w2MHv4t+5cweRu7W3HFJbBuzlBGonSnhOH94zYoACKJiuGEAXE1q0ErJh3FpOCm7I5LGmnSvKXjG9EpBRk2PyuJyHl ldap-prod
--- a/files/root/dot_ssh/README
+++ b/files/root/dot_ssh/README
+To generate the known_hosts file:
+
+  touch known_hosts
+  ssh-keyscan -H code.stanford.edu >> known_hosts
--- a/files/root/dot_ssh/known_hosts
+++ b/files/root/dot_ssh/known_hosts
+|1|JjMPKMwRK1uyOyA/H6RUcTjJ31c=|rNBhWeOfbkpOuO+PwJ5vilPmd/4= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuHbVpbvy3RpHCgUoLa9XZBzZaJau3JAj+id6Dx2rVN7VywJAdGcUV8lKI5WjWpZa20HjD8iIGnFxxSp3utu7jyW0gtP7rCRHih5T0jZ9vw7hMSmlJiUvtClYA+kSxcWqJ1k68SxEKzQw7EAjBjhxqnMHEhDnQtpHzo7ZuBZD6DhF60kZ3mnidq+agG4i8sJ9ANTUYEoNPtnIiScNCILr8s2grZuVT/1I54k35NRe7fK31gxvo/keffyFMCPKJQUnfJ+5ey9vKVrB9Ln3uDe2nOJe9/GqOn43VppD5P9UXqZE6PfBTtgNKNCj7HXg27q2l9NJkx1Ax5qbZcbeUo5sD
+|1|CaxLMLJBlKNkvAZZOAVu5wwJySo=|oWRYbCluczOiBDUD7VU7L1aPJ2I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAxdhqQITdGMk9BezSPrmi0djPOYiWYKdob67z28M0AjQ7xTdYPKyIVIB4qUXOo/MXI6c2C+s434lT6Cjpohwvs=
+|1|+zwy0wB2HS3es6O0hs2yNZ7j3I0=|KsFvFjEnpxexhIAOkUQdnVhTrbM= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIo4NxXKSuh7Ndm84oIruKBaXPnAk2Nj/4tmUqm05mzj
--- a/files/root/ldap-to-git.sh
+++ b/files/root/ldap-to-git.sh
+#!/bin/bash
+
+/usr/sbin/ldap-push-config-to-git -c /etc/ldap-git-config/config -v
--- a/manifests/config/git_config.pp
+++ b/manifests/config/git_config.pp
+class su_ldap::config::git_config (
+  $ensure       = 'present',
+  $env          = undef,
+  $ldap_role    = undef,
+  $ssh_key      = '/etc/ldap-git-config/git-cn-config-sshkey.private',
+){
+
+  if ($env == 'prod') {
+    $suffix = 'prod'
+  } else {
+    $suffix = 'nonprod'
+  }
+
+  if (!$ldap_role) {
+    fail("missing required parameter 'ldap_role'")
+  }
+
+  if (!$env) {
+    fail("missing required parameter 'env'")
+  }
+
+  if (!$ssh_key) {
+    fail("missing required parameter 'ssh_key'")
+  }
+ 
+  # Setup GIT URL
+  $git_url = "git@code.stanford.edu:authnz/ldap-${ldap_role}-config/${env}.git"
+
+  ## 1. Setup the configuration directory
+  if ($ensure == 'present') {
+    file { '/etc/ldap-git-config':
+      ensure => directory,
+    }
+  } else {
+    file { '/etc/ldap-git-config':
+      ensure => absent,
+    }
+  }
+
+  ## 2. Create configuration file
+  file { '/etc/ldap-git-config/config':
+    ensure  => $ensure,
+    content => template('su_ldap/etc/ldap-git-config/config.erb'),
+    require => File['/etc/ldap-git-config'],
+  }
+
+  ## 3. Install Keys
+  # Get the ssh private key needed to read/write to the
+  # Git repository.
+  $wallet_name = "service/its-idg/git-cn-config-sshkey/ldap-${suffix}"
+  base::wallet { $wallet_name:
+    ensure  => $ensure,
+    path    => '/etc/ldap-git-config/git-cn-config-sshkey.private',
+    type    => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600',
+    require => File['/etc/ldap-git-config'],
+  }
+
+  # Install the public key as well.
+  file { '/etc/ldap-git-config/git-cn-config-sshkey.public':
+    ensure => $ensure,
+    source => "puppet:///modules/su_ldap/etc/ldap-git-config/git-cn-config-sshkey-${suffix}.public",
+    require => File['/etc/ldap-git-config'],
+  }
+
+  ## 4. Install the necessary package
+  package { 'stanford-ldap-git-config':
+    ensure => $ensure
+  }
+
+  ## 5. Use a Puppet-managed known_hosts file. This file will need to be
+  ##    regenerated whenever code.stanford.edu changes its ssh-key.
+  file { '/root/.ssh/known_hosts':
+    ensure => $ensure,
+    source => 'puppet:///modules/su_ldap/root/dot_ssh/known_hosts',
+  }
+
+  ## Command to Run
+  file { '/root/ldap-to-git.sh':
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    source => 'puppet:///modules/su_ldap/root/ldap-to-git.sh',
+  }
+
+}
+
+
--- a/templates/etc/ldap-git-config/config.erb
+++ b/templates/etc/ldap-git-config/config.erb
+git_url: <%= @git_url %>
+ssh_key: <%= @ssh_key %>