Remove ssh paremeters for login and the user management from class ic…

…inga
voxpupuli · Dec 31, 2023 · b8fbd9f · b8fbd9f
1 parent ba69193
commit b8fbd9f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 88 deletions.
diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -38,7 +38,6 @@
 ) {
   class { 'icinga':
     ca              => false,
-    ssh_private_key => undef,
     ca_server       => $ca_server,
     this_zone       => $zone,
     zones           => {

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -12,15 +12,6 @@
 # @param zones
 #   All other zones.
 #
-# @param ssh_key_type
-#   SSH key type.
-#
-# @param ssh_private_key
-#   The private key to install.
-#
-# @param ssh_public_key
-#   The public key to install.
-#
 # @param ca_server
 #   The CA to send the certificate request to.
 #
@@ -50,9 +41,6 @@
   Boolean                              $ca,
   String                               $this_zone,
   Hash[String, Hash]                   $zones,
-  Enum['dsa','ecdsa','ed25519','rsa']  $ssh_key_type    = 'rsa',
-  Optional[Icinga::Secret]             $ssh_private_key = undef,
-  Optional[String]                     $ssh_public_key  = undef,
   Optional[Stdlib::Host]               $ca_server       = undef,
   Optional[Icinga::Secret]             $ticket_salt     = undef,
   Array[String]                        $extra_packages  = [],
@@ -127,54 +115,29 @@
   case $facts['kernel'] {
     'linux': {
       $icinga_user    = $icinga2::globals::user
-      $icinga_group   = $icinga2::globals::group
       $icinga_package = $icinga2::globals::package_name
-      $icinga_home    = $icinga2::globals::spool_dir
       $icinga_service = $icinga2::globals::service_name
 
-      if $ssh_public_key {
-        $icinga_shell = '/bin/bash'
-      } else {
-        $icinga_shell = '/bin/false'
-      }
-
       case $facts['os']['family'] {
         'redhat': {
           package { ['nagios-common', $icinga_package] + $extra_packages:
             ensure => installed,
-            before => User[$icinga_user],
           }
 
-          $icinga_user_groups = if $prepare_web {
-            ['nagios', 'icingaweb2']
-          } else {
-            ['nagios']
+          -> group { 'nagios':
+            members => [$icinga_user],
           }
         }
 
         'debian': {
           package { [$icinga_package] + $extra_packages:
             ensure => installed,
-            before => User['nagios'],
-          }
-
-          $icinga_user_groups = if $prepare_web {
-            ['icingaweb2']
-          } else {
-            undef
           }
         }
 
         'suse': {
           package { [$icinga_package] + $extra_packages:
             ensure => installed,
-            before => User['icinga'],
-          }
-
-          $icinga_user_groups = if $prepare_web {
-            ['icingaweb2']
-          } else {
-            undef
           }
         }
 
@@ -184,54 +147,20 @@
       }
 
       if $prepare_web {
+        Package['icinga2'] -> Exec['restarting icinga2'] -> Class['icinga2']
+
         group { 'icingaweb2':
-          system => true,
+          system  => true,
+          members => $icinga_user,
         }
 
-        Package['icinga2'] -> Exec['restarting icinga2'] -> Class['icinga2']
-
-        exec { 'restarting icinga2':
+        ~> exec { 'restarting icinga2':
           path        => $facts['path'],
           command     => "service ${icinga_service} restart",
           onlyif      => "service ${icinga_service} status",
           refreshonly => true,
-          subscribe   => User[$icinga_user],
         }
       }
-
-      user { $icinga_user:
-        ensure => present,
-        shell  => $icinga_shell,
-        groups => $icinga_user_groups,
-        before => Class['icinga2'],
-      }
-
-      if $ssh_public_key {
-        ssh_authorized_key { "${icinga_user}@${$facts['networking']['fqdn']}":
-          ensure => present,
-          user   => $icinga_user,
-          key    => $ssh_public_key,
-          type   => $ssh_key_type,
-        }
-      } # pubkey
-
-      if $ssh_private_key {
-        file {
-          default:
-            ensure => file,
-            owner  => $icinga_user,
-            group  => $icinga_group;
-          ["${icinga_home}/.ssh", "${icinga_home}/.ssh/controlmasters"]:
-            ensure => directory,
-            mode   => '0700';
-          "${icinga_home}/.ssh/id_${ssh_key_type}":
-            mode      => '0600',
-            show_diff => false,
-            content   => unwrap($ssh_private_key);
-          "${icinga_home}/.ssh/config":
-            content => "Host *\n  StrictHostKeyChecking no\n  ControlPath ${icinga_home}/.ssh/controlmasters/%r@%h:%p.socket\n  ControlMaster auto\n  ControlPersist 5m";
-        }
-      } # privkey
     } # Linux
 
     'windows': {
@@ -243,7 +172,7 @@
     }
 
     default: {
-      fail("'Your operatingssystem ${::facts[os][name]} is not supported'")
+      fail("'Your operatingssystem ${facts[os][name]} is not supported'")
     }
   } # kernel
 

diff --git a/manifests/worker.pp b/manifests/worker.pp
@@ -49,17 +49,16 @@
   $_workers = $workers.reduce({}) |$memo, $worker| { $memo + { $worker[0] => { parent => $zone } + $worker[1] } }
 
   class { 'icinga':
-    ca              => false,
-    ssh_private_key => undef,
-    ca_server       => $ca_server,
-    this_zone       => $zone,
-    zones           => {
+    ca            => false,
+    ca_server     => $ca_server,
+    this_zone     => $zone,
+    zones         => {
       'ZoneName'   => { 'endpoints' => { 'NodeName' => {} } + $colocation_endpoints, 'parent' => $parent_zone, },
       $parent_zone => { 'endpoints' => $parent_endpoints, },
     } + $_workers,
-    logging_type    => $logging_type,
-    logging_level   => $logging_level,
-    prepare_web     => $run_web,
+    logging_type  => $logging_type,
+    logging_level => $logging_level,
+    prepare_web   => $run_web,
   }
 
   include icinga2::feature::checker