managed auth keys
PROD-17856
Change-Id: I8cf9c85ceab25a5a9be4f92de08242045aa2373f
diff --git a/metadata/service/backup/client.yml b/metadata/service/backup/client.yml
new file mode 100644
index 0000000..cf27ab2
--- /dev/null
+++ b/metadata/service/backup/client.yml
@@ -0,0 +1,4 @@
+applications:
+- zookeeper
+classes:
+- service.zookeeper.support
diff --git a/metadata/service/backup/server.yml b/metadata/service/backup/server.yml
new file mode 100644
index 0000000..cf27ab2
--- /dev/null
+++ b/metadata/service/backup/server.yml
@@ -0,0 +1,4 @@
+applications:
+- zookeeper
+classes:
+- service.zookeeper.support
diff --git a/zookeeper/backup.sls b/zookeeper/backup.sls
index f6342f8..d7bf32a 100644
--- a/zookeeper/backup.sls
+++ b/zookeeper/backup.sls
@@ -126,47 +126,15 @@
- user: zookeeper_user
- pkg: zookeeper_backup_server_packages
-{%- for key_name, key in backup.server.key.iteritems() %}
-
-{%- if key.get('enabled', False) %}
-
-{%- set clients = [] %}
-{%- if backup.restrict_clients %}
- {%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
- {%- if node_grains.get('zookeeper', {}).get('backup', {}).get('client') %}
- {%- set client = node_grains.get('zookeeper').get('backup').get('client') %}
- {%- if client.get('addresses') and client.get('addresses', []) is iterable %}
- {%- for address in client.addresses %}
- {%- do clients.append(address|string) %}
- {%- endfor %}
- {%- endif %}
- {%- endif %}
- {%- endfor %}
-{%- endif %}
-
-zookeeper_key_{{ key.key }}:
- ssh_auth.present:
+{{ backup.backup_dir }}/.ssh/authorized_keys:
+ file.managed:
- user: zookeeper
- - name: {{ key.key }}
- - options:
- - no-pty
-{%- if clients %}
- - from="{{ clients|join(',') }}"
-{%- endif %}
+ - group: zookeeper
+ - template: jinja
+ - source: salt://zookeeper/files/backup/authorized_keys
- require:
- file: {{ backup.backup_dir }}/full
-{%- else %}
-
-zookeeper_key_{{ key.key }}:
- ssh_auth.absent:
- - user: zookeeper
- - name: {{ key.key }}
-
-{%- endif %}
-
-{%- endfor %}
-
zookeeper_server_script:
file.managed:
- name: /usr/local/bin/zookeeper-backup-runner.sh
diff --git a/zookeeper/files/backup/authorized_keys b/zookeeper/files/backup/authorized_keys
new file mode 100644
index 0000000..1ac9e49
--- /dev/null
+++ b/zookeeper/files/backup/authorized_keys
@@ -0,0 +1,19 @@
+{%- from "zookeeper/map.jinja" import backup with context %}
+{%- for key_name, key in backup.server.key.iteritems() %}
+{%- if key.get('enabled', False) %}
+{%- set clients = [] %}
+{%- if backup.restrict_clients %}
+ {%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
+ {%- if node_grains.get('zookeeper', {}).get('backup', {}).get('client') %}
+ {%- set client = node_grains.get('zookeeper').get('backup').get('client') %}
+ {%- if client.get('addresses') and client.get('addresses', []) is iterable %}
+ {%- for address in client.addresses %}
+ {%- do clients.append(address|string) %}
+ {%- endfor %}
+ {%- endif %}
+ {%- endif %}
+ {%- endfor %}
+{%- endif %}
+no-pty{%- if clients %},from="{{ clients|join(',') }}"{%- endif %} {{ key.key }}
+{%- endif %}
+{%- endfor %}