Puppet Class: psick::openssh::hostkeys

Defined in:
manifests/openssh/hostkeys.pp

Summary

Manage ssh hostkeys sharing and known hosts on a node

Overview

This class can collect the ssh keys of each host and manage the knownhosts files

Examples:

include psick::openssh::hostkeys

Parameters:

  • hostkey_export (Boolean) (defaults to: false)
  • hostkey_collect (Boolean) (defaults to: false)
  • hostkey_aliases (Array) (defaults to: flatten([$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']]))
  • knownhosts_manage (Boolean) (defaults to: false)
  • knownhosts_ensure (Psick::Ensure) (defaults to: 'present')
  • knownhosts_path (Stdlib::Absolutepath) (defaults to: '/etc/ssh/ssh_known_hosts')
  • knownhosts_source (Optional[String]) (defaults to: undef)
  • knownhosts_template (Optional[String]) (defaults to: undef)
  • manage (Boolean) (defaults to: $psick::manage)
  • auto_prereq (Boolean) (defaults to: $psick::auto_prereq)
  • noop_manage (Boolean) (defaults to: $psick::noop_manage)
  • noop_value (Boolean) (defaults to: $psick::noop_value) 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'manifests/openssh/hostkeys.pp', line 7

class psick::openssh::hostkeys (

  Boolean $hostkey_export                = false,
  Boolean $hostkey_collect               = false,
  Array $hostkey_aliases                 = flatten([$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']]),

  Boolean $knownhosts_manage             = false,
  Psick::Ensure $knownhosts_ensure       = 'present',
  Stdlib::Absolutepath $knownhosts_path  = '/etc/ssh/ssh_known_hosts',
  Optional[String] $knownhosts_source    = undef,
  Optional[String] $knownhosts_template  = undef,

  Boolean         $manage                = $psick::manage,
  Boolean         $auto_prereq           = $psick::auto_prereq,
  Boolean         $noop_manage           = $psick::noop_manage,
  Boolean         $noop_value            = $psick::noop_value,

) {
  # We declare resources only if $manage = true
  if $manage {
    if $noop_manage {
      noop($noop_value)
    }

    if $hostkey_export {
      if getvar('facts.ssh.dsa.key') {
        @@sshkey { "${facts['networking']['fqdn']}_dsa":
          host_aliases => $hostkey_aliases,
          type         => dsa,
          key          => getvar('facts.ssh.dsa.key'),
        }
      }
      if getvar('facts.ssh.rsa.key') {
        @@sshkey { "${facts['networking']['fqdn']}_rsa":
          host_aliases => $hostkey_aliases,
          type         => rsa,
          key          => getvar('facts.ssh.rsa.key'),
        }
      }
      if getvar('facts.ssh.ecdsa.key') {
        @@sshkey { "${facts['networking']['fqdn']}_ecdsa":
          host_aliases => $hostkey_aliases,
          type         => 'ecdsa-sha2-nistp256',
          key          => getvar('facts.ssh.ecdsa.key'),
        }
      }
    }

    if $hostkey_collect {
      Sshkey <<| |>> {
        ensure => present,
      }
    }

    if $knownhosts_manage {
      file { $knownhosts_path:
        ensure  => $knownhosts_ensure,
        source  => $knownhosts_source,
        content => psick::template($knownhosts_template),
      }
    }
  }
}