From 9fc6a0baf38651d2e1673e6deb47153fe9348b75 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 17 Jul 2008 18:17:52 +0000 Subject: added exporting and collecting of ssh keys Taken from David Schmitts ssh module: http://git.black.co.at/?p=module-ssh git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1877 d66ca3ae-40d7-4aa7-90d4-87d79ca94279 --- manifests/client.pp | 28 ++++++++++++++++++++++++++++ manifests/init.pp | 18 ++++++++++++++++-- plugins/facter/sshkeys.rb | 44 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 manifests/client.pp create mode 100644 plugins/facter/sshkeys.rb diff --git a/manifests/client.pp b/manifests/client.pp new file mode 100644 index 0000000..f0b05c5 --- /dev/null +++ b/manifests/client.pp @@ -0,0 +1,28 @@ +# manifests/client.pp + +class sshd::client { + case $operatingsystem { + debian: { include sshd::client::debian } + default: { include sshd::client::base } + } +} + +class sshd::client::base { + package {'openssh-clients': + ensure => installed, + } + + # this is needed because the gid might have changed + file { '/etc/ssh/ssh_known_hosts': + mode => 0644, owner => root, group => 0; + } + + # Now collect all server keys + Sshkey <<||>> +} + +class sshd::client::debian inherits sshd::client::base { + Package['openssh-clients']{ + name => 'openssh-client', + } +} diff --git a/manifests/init.pp b/manifests/init.pp index aa0ebfc..3b20efb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -14,7 +14,7 @@ # Deploy authorized_keys file with the define # sshd::deploy_auth_key # -# shdd-config: +# sshd-config: # # The configuration of the sshd is rather strict and # might not fit all needs. However there are a bunch @@ -45,6 +45,8 @@ # class sshd { + include sshd::client + case $operatingsystem { gentoo: { include sshd::gentoo } redhat: { include sshd::redhat } @@ -94,7 +96,19 @@ class sshd::base { ensure => running, hasstatus => true, require => File[sshd_config], - } + } + # Now add the key, if we've got one + case $sshrsakey_key { + '': { info("no sshrsakey on $fqdn") } + default: { + @@sshkey{"$hostname.$domain": + type => ssh-rsa, + key => $sshrsakey_key, + ensure => present, + require => Package["openssh-client"], + } + } + } } class sshd::linux inherits sshd::base { diff --git a/plugins/facter/sshkeys.rb b/plugins/facter/sshkeys.rb new file mode 100644 index 0000000..abf838c --- /dev/null +++ b/plugins/facter/sshkeys.rb @@ -0,0 +1,44 @@ +["/etc/ssh","/usr/local/etc/ssh","/etc","/usr/local/etc"].each { |dir| + {"SSHDSAKey_key" => "ssh_host_dsa_key.pub", + "SSHRSAKey_key" => "ssh_host_rsa_key.pub"}.each { |name,file| + Facter.add(name ) do + setcode do + value = nil + filepath = File.join(dir,file) + if FileTest.file?(filepath) + regex = %r{^(\S+) (\S+) (\S+)$} + begin + line = File.open(filepath).read.chomp + if match = regex.match(line) + value = match[2] + end + rescue + value = nil + end + end + value + end # end of proc + end # end of add + } # end of hash each + {"SSHDSAKey_comment" => "ssh_host_dsa_key.pub", + "SSHRSAKey_comment" => "ssh_host_rsa_key.pub"}.each { |name,file| + Facter.add(name ) do + setcode do + value = nil + filepath = File.join(dir,file) + if FileTest.file?(filepath) + regex = %r{^(\S+) (\S+) (\S+)$} + begin + line = File.open(filepath).read.chomp + if match = regex.match(line) + value = match[3] + end + rescue + value = nil + end + end + value + end # end of proc + end # end of add + } # end of hash each +} # end of dir each -- cgit v1.2.3