Changed expr_form to tgt_type for deprecation reasons. (#122)
This commit is contained in:
parent
5e3368afcb
commit
e665450ed4
@ -57,7 +57,7 @@ so root login will be disabled.
|
||||
Manages the site-wide ssh_known_hosts file and fills it with the
|
||||
public SSH host keys of all minions. You can restrict the set of minions
|
||||
whose keys are listed by using the pillar data ``openssh:known_hosts:target``
|
||||
and ``openssh:known_hosts:expr_form`` (those fields map directly to the
|
||||
and ``openssh:known_hosts:tgt_type`` (those fields map directly to the
|
||||
corresponding attributes of the ``mine.get`` function).
|
||||
|
||||
The Salt mine is used to share the public SSH host keys, you must thus
|
||||
|
@ -16,7 +16,7 @@
|
||||
{#- Extract the hostname from the FQDN and add it to the names. #}
|
||||
{%- if use_hostnames is iterable -%}
|
||||
{%- for name in names | sort -%}
|
||||
{%- if salt["match.{}".format(hostnames_expr_form)](hostnames_target, minion_id=name) -%}
|
||||
{%- if salt["match.{}".format(hostnames_tgt_type)](hostnames_target, minion_id=name) -%}
|
||||
{%- set hostname = name.split('.')|first -%}
|
||||
{%- if hostname not in names -%}
|
||||
{%- do names.append(hostname) -%}
|
||||
@ -45,13 +45,13 @@
|
||||
|
||||
{#- Pre-fetch pillar data #}
|
||||
{%- set target = salt['pillar.get']('openssh:known_hosts:target', '*') -%}
|
||||
{%- set expr_form = salt['pillar.get']('openssh:known_hosts:expr_form', 'glob') -%}
|
||||
{%- set tgt_type = salt['pillar.get']('openssh:known_hosts:tgt_type', 'glob') -%}
|
||||
{%- set keys_function = salt['pillar.get']('openssh:known_hosts:mine_keys_function', 'public_ssh_host_keys') -%}
|
||||
{%- set hostname_function = salt['pillar.get']('openssh:known_hosts:mine_hostname_function', 'public_ssh_hostname') -%}
|
||||
{%- set use_hostnames = salt['pillar.get']('openssh:known_hosts:hostnames', False) -%}
|
||||
{%- set hostnames_target_default = '*' if grains['domain'] == '' else "*.{}".format(grains['domain']) -%}
|
||||
{%- set hostnames_target = salt['pillar.get']('openssh:known_hosts:hostnames:target', hostnames_target_default) -%}
|
||||
{%- set hostnames_expr_form = salt['pillar.get']('openssh:known_hosts:hostnames:expr_form', 'glob') -%}
|
||||
{%- set hostnames_tgt_type = salt['pillar.get']('openssh:known_hosts:hostnames:tgt_type', 'glob') -%}
|
||||
|
||||
{#- Lookup IP of all aliases so that when we have a matching IP, we inject the alias name
|
||||
in the SSH known_hosts entry -#}
|
||||
@ -64,8 +64,8 @@
|
||||
{%- endfor -%}
|
||||
|
||||
{#- Loop over targetted minions -#}
|
||||
{%- set host_keys = salt['mine.get'](target, keys_function, expr_form=expr_form) -%}
|
||||
{%- set host_names = salt['mine.get'](target, hostname_function, expr_form=expr_form) -%}
|
||||
{%- set host_keys = salt['mine.get'](target, keys_function, tgt_type=tgt_type) -%}
|
||||
{%- set host_names = salt['mine.get'](target, hostname_function, tgt_type=tgt_type) -%}
|
||||
{%- for host, keys in host_keys|dictsort -%}
|
||||
{{ known_host_entry(host, host_names, keys) }}
|
||||
{%- endfor -%}
|
||||
|
@ -286,7 +286,7 @@ openssh:
|
||||
# The next 2 settings restrict the set of minions that will be added in
|
||||
# the generated ssh_known_hosts files (the default is to match all minions)
|
||||
target: '*'
|
||||
expr_form: 'glob'
|
||||
tgt_type: 'glob'
|
||||
# Name of mining functions used to gather public keys and hostnames
|
||||
# (the default values are shown here)
|
||||
mine_keys_function: public_ssh_host_keys
|
||||
@ -304,7 +304,7 @@ openssh:
|
||||
# Restrict wich hosts you want to use via their hostname
|
||||
# (i.e. ssh user@host instead of ssh user@host.example.com)
|
||||
# target: '*' # Defaults to "*.{}".format(grains['domain']) with a fallback to '*'
|
||||
# expr_form: 'glob'
|
||||
# tgt_type: 'glob'
|
||||
# To activate the defaults you can just set an empty dict.
|
||||
#hostnames: {}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user