commit 03352fa0c2c8ede2cf17d2f831e5289d54876a19
author Simon Pasquier <spasquier@mirantis.com> Thu Jan 12 17:32:16 2017 +0100
committer Simon Pasquier <spasquier@mirantis.com> Fri Jan 20 16:11:58 2017 +0100
tree c65decda7727cc4c4d4ff60a1e97efbe15191855
parent b88a9c021be208e0fff057848e0ec6765c1734ed

Move authorized key for root to an optional class

This avoids hardcoding the root public key into the openssh.server
class.

openssh/server/single.yml

diff --git a/openssh/server/single.yml b/openssh/server/single.yml
index 24e6829..6ce0209 100644
--- a/openssh/server/single.yml
+++ b/openssh/server/single.yml
@@ -1,25 +1,2 @@
 classes:
 - service.openssh.server
-parameters:
-  linux:
-    system:
-      user:
-        root:
-          enabled: true
-          name: root
-          home: /root
-  openssh:
-    server:
-      permit_root_login: true
-      user:
-        root:
-          enabled: true
-          user: ${linux:system:user:root}
-          public_keys:
-          - ${public_keys:user}
-          - ${public_keys:admin}
-  public_keys:
-    user:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
-    admin:
-      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ

openssh/server/team/lab.yml

diff --git a/openssh/server/team/lab.yml b/openssh/server/team/lab.yml
new file mode 100644
index 0000000..7ede7c0
--- /dev/null
+++ b/openssh/server/team/lab.yml
@@ -0,0 +1,25 @@
+parameters:
+  _param:
+    # This is the public key associated to the default private key setup in
+    # openssh.client.lab
+    cluster_public_key: >-
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEvr+tWAJ62wROllpSZeaSPxxnVY3R65sfUW8wM6L8tr1knJOTQLoBikmcjISb3ekyPlwubTypGoxb7al06FiNwfr3KDkytflKRGTyMKYgchighuFCfBuePd13cjf1l19TYU7u7a+VuCVWi7pmhDGUkMi24s23OroQb7D14XX17v46wLrqJQi2nrXzN/DWXcn/ycq8IZ7ZFgN/uYlbpfAKX8PCvImbDDO8+BgndAy4MPz8cWOWsnfGMVNePhvhazVcijLvx8Vu2Iuvg7CoJiSGjTe7YTms44/WpnFkHreyK8cwsw4wzls4BApu6UU2jIAsAMZh9zux/Rtni71dcNfF
+  linux:
+    system:
+      user:
+        root:
+          enabled: true
+          name: root
+          home: /root
+  openssh:
+    server:
+      permit_root_login: true
+      user:
+        root:
+          enabled: true
+          user: ${linux:system:user:root}
+          public_keys:
+          - ${public_keys:root}
+  public_keys:
+    root:
+      key: ${_param:cluster_public_key}