Saltstack Official OpenSSH Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

ssh_known_hosts 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455
  1. {#
  2. # vi:syntax=jinja
  3. #}
  4. {#- Generates one known_hosts entry per given key #}
  5. {%- macro known_host_entry(host, host_names, keys) %}
  6. {#- Get IPv4 and IPv6 addresses from the DNS #}
  7. {%- set ip4 = salt['dig.A'](host) -%}
  8. {%- set ip6 = salt['dig.AAAA'](host) -%}
  9. {#- The host names to use are to be found within the dict 'host_names'. #}
  10. {#- If there are none, the host is used directly. #}
  11. {%- set names = [host_names.get(host, host)] -%}
  12. {#- Append IP addresses and aliases (if they are not already present) #}
  13. {%- for ip in (ip4 + ip6)|sort -%}
  14. {%- do names.append(ip) -%}
  15. {%- for alias in aliases_ips.get(ip, []) -%}
  16. {%- if alias not in names -%}
  17. {%- do names.append(alias) -%}
  18. {%- endif -%}
  19. {%- endfor -%}
  20. {%- endfor -%}
  21. {#- Write one line per key; join the names together #}
  22. {%- for line in keys.split('\n') -%}
  23. {%- if line -%}
  24. {{ ','.join(names) }} {{ line }}
  25. {% endif -%}
  26. {%- endfor -%}
  27. {%- endmacro -%}
  28. {#- Pre-fetch pillar data #}
  29. {%- set target = salt['pillar.get']('openssh:known_hosts:target', '*') -%}
  30. {%- set expr_form = salt['pillar.get']('openssh:known_hosts:expr_form', 'glob') -%}
  31. {%- set keys_function = salt['pillar.get']('openssh:known_hosts:mine_keys_function', 'public_ssh_host_keys') -%}
  32. {%- set hostname_function = salt['pillar.get']('openssh:known_hosts:mine_hostname_function', 'public_ssh_hostname') -%}
  33. {#- Lookup IP of all aliases so that when we have a matching IP, we inject the alias name
  34. in the SSH known_hosts entry -#}
  35. {%- set aliases = salt['pillar.get']('openssh:known_hosts:aliases', []) -%}
  36. {%- set aliases_ips = {} -%}
  37. {%- for alias in aliases -%}
  38. {%- for ip in salt['dig.A'](alias) + salt['dig.AAAA'](alias) -%}
  39. {%- do aliases_ips.setdefault(ip, []).append(alias) -%}
  40. {%- endfor -%}
  41. {%- endfor -%}
  42. {#- Loop over targetted minions -#}
  43. {%- set host_keys = salt['mine.get'](target, keys_function, expr_form=expr_form) -%}
  44. {%- set host_names = salt['mine.get'](target, hostname_function, expr_form=expr_form) -%}
  45. {%- for host, keys in host_keys|dictsort -%}
  46. {{ known_host_entry(host, host_names, keys) }}
  47. {%- endfor -%}