Add pulling keys from other pillar.
Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
This commit is contained in:
parent
fffad7d07a
commit
031d6ce81f
@ -23,9 +23,15 @@ users:
|
||||
groups:
|
||||
- users
|
||||
ssh_key_type: rsa
|
||||
# You can inline the private keys ...
|
||||
ssh_keys:
|
||||
privkey: PRIVATEKEY
|
||||
pubkey: PUBLICKEY
|
||||
# ... or you can pull them from a different pillar,
|
||||
# for example one called "ssh_keys":
|
||||
ssh_keys_pillar:
|
||||
id_rsa: "ssh_keys"
|
||||
another_key_pair: "ssh_keys"
|
||||
ssh_auth:
|
||||
- PUBLICKEY
|
||||
ssh_auth.absent:
|
||||
|
@ -166,6 +166,23 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if 'ssh_keys_pillar' in user %}
|
||||
{% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %}
|
||||
ssh_keys_files_{{ name }}_{{ key_name }}_pub:
|
||||
file.managed:
|
||||
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
|
||||
}}.pub
|
||||
- contents: |
|
||||
{{ pillar[pillar_name][key_name]['pubkey'] }}
|
||||
ssh_keys_files_{{ name }}_{{ key_name }}_priv:
|
||||
file.managed:
|
||||
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
|
||||
}}
|
||||
- contents: |
|
||||
{{ pillar[pillar_name][key_name]['privkey'] | indent(8) }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if 'ssh_auth_sources' in user %}
|
||||
{% for pubkey_file in user['ssh_auth_sources'] %}
|
||||
ssh_auth_source_{{ name }}_{{ loop.index0 }}:
|
||||
@ -196,7 +213,7 @@ sudoer-{{ name }}:
|
||||
file.managed:
|
||||
- name: {{ users.sudoers_dir }}/{{ name }}
|
||||
- user: root
|
||||
- group: {{ users.root_group }}
|
||||
- group: {{ users.root_group }}
|
||||
- mode: '0440'
|
||||
{% if 'sudo_rules' in user or 'sudo_defaults' in user %}
|
||||
{% if 'sudo_rules' in user %}
|
||||
@ -205,7 +222,7 @@ sudoer-{{ name }}:
|
||||
cmd.run:
|
||||
- name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'
|
||||
- stateful: True
|
||||
- shell: {{ users.visudo_shell }}
|
||||
- shell: {{ users.visudo_shell }}
|
||||
- env:
|
||||
# Specify the rule via an env var to avoid shell quoting issues.
|
||||
- rule: "{{ name }} {{ rule }}"
|
||||
|
Loading…
Reference in New Issue
Block a user