Puppet Class: puppet::server::bootstrap::ssh
- Inherits:
- puppet::params
- Defined in:
- manifests/server/bootstrap/ssh.pp
Summary
A short summary of the purpose of this classOverview
A description of what this class does
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'manifests/server/bootstrap/ssh.pp', line 7
class puppet::server::bootstrap::ssh inherits puppet::params {
include puppet::server::bootstrap::keys
include puppet::server::bootstrap::hiera
include puppet::server::bootstrap::globals
$ssh_keyscan_package = $facts['os']['family'] ? {
'Debian' => 'openssh-client',
default => 'openssh-clients',
}
package { $ssh_keyscan_package:
ensure => 'present',
}
file { '/root/.ssh':
ensure => 'directory',
mode => '0700';
}
# Update ~/.ssh/known_hosts if gitservers.txt exists
exec { 'ssh-keyscan -f gitservers.txt -t rsa >> /root/.ssh/known_hosts':
path => '/usr/bin:/bin',
onlyif => 'test -f gitservers.txt',
unless => 'grep -f gitservers.txt /root/.ssh/known_hosts',
require => [
Package[$ssh_keyscan_package],
File['/root/.ssh'],
],
}
$access_data = $puppet::server::bootstrap::globals::access_data
$ssh_access_config = $puppet::server::bootstrap::globals::ssh_access_config
$ssh_config = $puppet::server::bootstrap::globals::ssh_config
if $ssh_access_config[0] or $ssh_config[0] {
openssh::ssh_config { 'root':
ssh_config => $ssh_config + $ssh_access_config,
}
}
if $access_data[0] {
$access_data.each |$creds| {
$key_name = $creds['name']
$sshkey_type = $creds['sshkey_type'] ? { String => $creds['sshkey_type'], default => 'ed25519' }
openssh::priv_key { $key_name:
user_name => 'root',
key_prefix => $creds['key_prefix'],
sshkey_type => $sshkey_type,
key_data => $creds['key_data'],
}
}
}
}
|