Browse Source

Add pulling keys from other pillar.

Example pillar:

ssh_keys:
  id_rsa:
    privkey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY
      U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy
      B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+
      GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI
      -----END RSA PRIVATE KEY-----
    pubkey: |
      ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
lookup-fix-3
Alex Ciobica 9 years ago
parent
commit
031d6ce81f
2 changed files with 25 additions and 2 deletions
  1. +6
    -0
      pillar.example
  2. +19
    -2
      users/init.sls

+ 6
- 0
pillar.example View File

groups: groups:
- users - users
ssh_key_type: rsa ssh_key_type: rsa
# You can inline the private keys ...
ssh_keys: ssh_keys:
privkey: PRIVATEKEY privkey: PRIVATEKEY
pubkey: PUBLICKEY pubkey: PUBLICKEY
# ... or you can pull them from a different pillar,
# for example one called "ssh_keys":
ssh_keys_pillar:
id_rsa: "ssh_keys"
another_key_pair: "ssh_keys"
ssh_auth: ssh_auth:
- PUBLICKEY - PUBLICKEY
ssh_auth.absent: ssh_auth.absent:

+ 19
- 2
users/init.sls View File

{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if 'ssh_keys_pillar' in user %}
{% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %}
ssh_keys_files_{{ name }}_{{ key_name }}_pub:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}}.pub
- contents: |
{{ pillar[pillar_name][key_name]['pubkey'] }}
ssh_keys_files_{{ name }}_{{ key_name }}_priv:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}}
- contents: |
{{ pillar[pillar_name][key_name]['privkey'] | indent(8) }}
{% endfor %}
{% endif %}

{% if 'ssh_auth_sources' in user %} {% if 'ssh_auth_sources' in user %}
{% for pubkey_file in user['ssh_auth_sources'] %} {% for pubkey_file in user['ssh_auth_sources'] %}
ssh_auth_source_{{ name }}_{{ loop.index0 }}: ssh_auth_source_{{ name }}_{{ loop.index0 }}:
file.managed: file.managed:
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
- user: root - user: root
- group: {{ users.root_group }}
- group: {{ users.root_group }}
- mode: '0440' - mode: '0440'
{% if 'sudo_rules' in user or 'sudo_defaults' in user %} {% if 'sudo_rules' in user or 'sudo_defaults' in user %}
{% if 'sudo_rules' in user %} {% if 'sudo_rules' in user %}
cmd.run: cmd.run:
- name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }' - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'
- stateful: True - stateful: True
- shell: {{ users.visudo_shell }}
- shell: {{ users.visudo_shell }}
- env: - env:
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}" - rule: "{{ name }} {{ rule }}"

Loading…
Cancel
Save