Shane Poage
9 年之前
+ 3
- 0
pillar.example
查看文件
| @@ -51,6 +51,9 @@ users: | |||
| # with the given keys | |||
| ssh_auth_file: | |||
| - PUBLICKEY | |||
| # ... or you can pull them from a different pillar similar to ssh_keys_pillar | |||
| ssh_auth_pillar: | |||
| id_rsa: "ssh_keys" | |||
| # If you prefer to keep public keys as files rather | |||
| # than inline in pillar, this works. | |||
| ssh_auth_sources: | |||
+ 8
- 1
users/init.sls
查看文件
| @@ -159,17 +159,24 @@ users_user_{{ name }}_public_key: | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'ssh_auth_file' in user %} | |||
| {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} | |||
| users_authorized_keys_{{ name }}: | |||
| file.managed: | |||
| - name: {{ home }}/.ssh/authorized_keys | |||
| - user: {{ name }} | |||
| - group: {{ name }} | |||
| - mode: 600 | |||
| {% if 'ssh_auth_file' in user %} | |||
| - contents: | | |||
| {% for auth in user.ssh_auth_file -%} | |||
| {{ auth }} | |||
| {% endfor -%} | |||
| {% else %} | |||
| - contents: | | |||
| {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} | |||
| {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} | |||
| {%- endfor %} | |||
| {% endif %} | |||
| {% endif %} | |||
| {% if 'ssh_auth' in user %} | |||
Loading…