modules/filterserver/manifests/init.pp - Issue 4865011998523392: Change ssh keys to ecdsa

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/filterserver/manifests/init.pp

Issue 4865011998523392: Change ssh keys to ecdsa (Closed)

Patch Set: Created Nov. 18, 2013, 4:17 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 class filterserver {	1 class filterserver {

2 class {'nginx':	2 class {'nginx':

3 worker_processes => 2,	3 worker_processes => 2,

4 worker_connections => 4000,	4 worker_connections => 4000,

5 ssl_session_cache => off,	5 ssl_session_cache => off,

6 }	6 }

7	7

8 class {'statsclient':	8 class {'statsclient':

9 log_path => '/var/log/nginx/access_log_easylist_downloads.1.gz',	9 log_path => '/var/log/nginx/access_log_easylist_downloads.1.gz',

10 }	10 }

(...skipping 84 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
95 content => 'filtermaster.adblockplus.org ',	95 content => 'filtermaster.adblockplus.org ',

96 order => 1,	96 order => 1,

97 }	97 }

98	98

99 concat::fragment {'filtermaster_hostkey':	99 concat::fragment {'filtermaster_hostkey':

100 target => '/home/rsync/.ssh/known_hosts',	100 target => '/home/rsync/.ssh/known_hosts',

101 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.pub',	101 source => 'puppet:///modules/private/filtermaster.adblockplus.org_ssh.pub',

102 order => 2,	102 order => 2,

103 }	103 }

104	104

105 file {'/home/rsync/.ssh/id_rsa':	105 file {'/home/rsync/.ssh/id_ecdsa':
	Wladimir Palant 2013/11/18 17:36:23 Actually, this change should be reverted - for ide Actually, this change should be reverted - for identifying the client SSH uses whatever key is there. And we already have an RSA key on all clients.
106 ensure => file,	106 ensure => file,

107 require => [	107 require => [

108 File['/home/rsync/.ssh'],	108 File['/home/rsync/.ssh'],

109 User['rsync']	109 User['rsync']

110 ],	110 ],

111 owner => rsync,	111 owner => rsync,

112 mode => 0400,	112 mode => 0400,

113 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g'	113 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g'

114 }	114 }

115	115

116 file {'/home/rsync/.ssh/id_rsa.pub':	116 file {'/home/rsync/.ssh/id_ecdsa.pub':

117 ensure => file,	117 ensure => file,

118 require => [	118 require => [

119 File['/home/rsync/.ssh'],	119 File['/home/rsync/.ssh'],

120 User['rsync']	120 User['rsync']

121 ],	121 ],

122 owner => rsync,	122 owner => rsync,

123 mode => 0400,	123 mode => 0400,

124 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g.pub'	124 source => 'puppet:///modules/private/rsync@easylist-downloads.adblockplus.or g.pub'

125 }	125 }

126	126

127 cron {'mirror':	127 cron {'mirror':

128 ensure => present,	128 ensure => present,

129 require => [	129 require => [

130 File['/home/rsync/.ssh/known_hosts'],	130 File['/home/rsync/.ssh/known_hosts'],

131 File['/home/rsync/.ssh/id_rsa'],	131 File['/home/rsync/.ssh/id_ecdsa'],

132 User['rsync']	132 User['rsync']

133 ],	133 ],

134 command => 'rsync -e ssh -ltprz --delete rsync@filtermaster.adblockplus.org: . /var/www/easylist/',	134 command => 'rsync -e "ssh -o CheckHostIP=no" -ltprz --delete rsync@filtermas ter.adblockplus.org:. /var/www/easylist/',
	Felix Dahlke 2013/11/18 16:29:22 This seems unrelated, but I guess this is what we This seems unrelated, but I guess this is what we need for the cron mails to stop?
135 environment => ['MAILTO=admins@adblockplus.org,root'],	135 environment => ['MAILTO=admins@adblockplus.org,root'],

136 user => rsync,	136 user => rsync,

137 hour => '*',	137 hour => '*',

138 minute => '2-52/10'	138 minute => '2-52/10'

139 }	139 }

140 }	140 }

OLD	NEW

« no previous file with comments | « modules/filtermaster/manifests/init.pp ('k') | modules/private-stub/files/filtermaster.adblockplus.org_ssh.key » ('j') | no next file with comments »