Saltstack Official OpenSSH Formula

gather_host_keys.sls 1.1KB

123456789101112131415161718192021222324252627282930313233343536
  1. {%- set minions = salt.slsutil.renderer(opts['config_dir'] + '/roster') %}
  2. {%- set cache_dir = opts['cachedir'] + '/../master/known_hosts_salt_ssh' %}
  3. {%- set cmd = "cat /etc/ssh/ssh_host_*_key.pub 2>/dev/null" %}
  4. {{ cache_dir }}:
  5. file.directory:
  6. - makedirs: True
  7. {%- for minion_id in minions %}
  8. {%- set salt_ssh_cmd = "salt-ssh --out=json --static '{}' cmd.run_all '{}'".format(minion_id, cmd) %}
  9. {%- set result = salt['cmd.run_all'](salt_ssh_cmd,
  10. python_shell=True,
  11. runas=salt['pillar.get']('openssh:known_hosts:salt_ssh:user', 'salt-master')
  12. )
  13. %}
  14. {%- set pubkeys = False %}
  15. {%- if result['retcode'] == 0 %}
  16. {%- load_json as inner_result %}
  17. {{ result['stdout'] }}
  18. {%- endload %}
  19. {%- set pubkeys = inner_result[minion_id]['stdout'].splitlines() | sort | join("\n") %}
  20. {%- else %}
  21. {%- do salt.log.error("{} failed: {}".format(salt_ssh_cmd, result)) %}
  22. {%- endif %}
  23. {%- if pubkeys %}
  24. {{ cache_dir }}/{{ minion_id }}.pub:
  25. file.managed:
  26. - contents: |
  27. {{ pubkeys | indent(8) }}
  28. - require:
  29. - file: {{ cache_dir }}
  30. {%- endif %}
  31. {%- endfor %}