Ask Your Question
1

why doesn't ssh_authorized_key support an array of keys?

asked 2014-02-07 07:46:37 -0500

PorkCharSui gravatar image

updated 2014-02-11 08:48:25 -0500

Hi,

I'm trying to use Puppet with Hiera to create admin accounts on our workstations and servers. I am however stuck on the sshauthorizedkey resource. All of us here, have several keys to access different systems, often even multiple keys for one system. How do I attach several keys to one admin. I'm using a define to create the user accounts and attach a key, but sshauthorizedkey doesn't accept an array of keys and I can't nest defines. How should I go about this? Here is what I've made so far ... (more)

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-02-07 08:57:53 -0500

doc75 gravatar image

updated 2014-02-07 12:07:51 -0500

You should use create_resources with a hash (cf. : http://docs.puppetlabs.com/references/latest/function.html#createresources )

Here is a sample of my hiera file:

yyy::ssh_pub_key:
  user1@machine3:
    type: ssh-rsa
    key: "AAAA..."
  user@machine:
    type: ssh-rsa
    key: "AAAA..."
  FirstName LastName <mail@domain.com>:
    type: ssh-rsa
    key: "AAAA..."
  user1@machine2:
    type: ssh-rsa
    key: "AAAA..."
  user1@machine1:
    type: ssh-rsa
    key: "AAAA..."

Then in the code I am doing something like that:

class yyy ( $ssh_pub_key ) {
  $others = { 'ensure'  => $ensure,
              'user'    => 'username',
              'require' => User['username'] } # not sure this require is needed indeed

  create_resources( 'ssh_authorized_key', $ssh_pub_key, $others)
}

Of course my example requires that you modify ... (more)

edit flag offensive delete link more

Comments

I do use the create_resource with a hash to get the user account. But every user account hash contains an array of keys.

PorkCharSui gravatar imagePorkCharSui ( 2014-02-07 09:45:36 -0500 )edit

Hi doc75, I kinda followed your advise and created a new yaml file for the keys and a new define for "ssh_authorized_key" and I've got it to work. thanks ...(more)

PorkCharSui gravatar imagePorkCharSui ( 2014-02-11 08:16:30 -0500 )edit
0

answered 2014-02-07 13:41:15 -0500

brutus777 gravatar image

Please take a look at brutus777/authorized_keys on puppet forge. It may be what you are looking for. It's based on hiera and it's trying to map keys on users and roles. Since it's my first puppet module, it needs some polishing but it is already usable. Or may be a starting point.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2014-02-07 07:46:37 -0500

Seen: 2,087 times

Last updated: Feb 11 '14