Edit: use ansible
I just started using puppet a few days ago and so far I'm really liking it. Except it's in Ruby and not Python. If puppet was written in python I would have just hacked up a new derived class. Oh well…
So my problem is that I want to distribute new id_rsa
and id_rsa.pub
files to my servers but I also want to be DRY. So therefore when I copy the id files over it should be possible to extract the public key and put it in authorized_keys.
This should have been significantly easier but here's how I did it.
cd /etc/puppet
mkdir bin
Make a new file: bin/extract_key
#!/bin/bash
cut -d' ' -f2 $1| tr -d "\r\n\t "
chmod +x bin/extract_key
# /etc/puppet/manifests/nodes.pp
node 'mail.burgundywall.com' {
class { 'user-sshkey':
user => 'kneufeld',
type => 'rsa',
}
}
# /etc/puppet/modules/user-sshkey/manifests/init.pp
class user-sshkey($user,$type) {
# out with old
file { "/home/$user/.ssh/id_dsa": ensure=>absent }
file { "/home/$user/.ssh/id_dsa.pub": ensure=>absent }
# in with the new
file { "/home/$user/.ssh/id_$type":
ensure => present,
source => "puppet:///modules/user-sshkey/$user/id_$type",
owner => $user,
group => $user,
mode => 0600,
}
file { "/home/$user/.ssh/id_$type.pub":
ensure => present,
source => "puppet:///modules/user-sshkey/$user/id_$type.pub",
owner => $user,
group => $user,
mode => 0644,
}
# install the new key
ssh_authorized_key { "$user-auth-key":
ensure => present,
user => $user,
type => "ssh-$type",
key => generate( "/etc/puppet/bin/extract_key", "/etc/puppet/modules/user-sshkey/files/$user/id_$type.pub" ),
require => [File["/home/$user/.ssh/id_$type.pub"]],
}
}
Put id_rsa
and id_rsa.pub
in /etc/puppet/modules/user-sshkey/files/$user/
The magic line is key => generate(...)
. This is telling puppet to run our extract_key executable against our public keyfile and print just the key portion of the file as a whitespace trimmed string. That string is then assigned to key
and Bob's your uncle.
The correct solution would be to a) derive a class, or b) send a patch upstream that adds the following:
extract => "/etc/puppet/modules/user-sshkey/files/$user/id_$type.pub"