I ran into it before, and ended up just making my own version of an
ssh authorized key in a define rather than try to figure it out;
although I think it is just improperly parsing the key file.
I don't know what kind of lazy that makes me.
It's not very pretty or thouroughly tested, and no guarantees it will
work properly for what you want; but it's been doing what I want.
##$user is the name of the user who should have this key.
##$key is the literal string of the key itself
##$type should be something like "ssh-rsa"
##$remotehost is the host the key is valid from, I believe "" makes it
valid for any host.
##$command is for use with forced commands associated with the key; I
have used it with
## command => "pfexec /path/to/script", havent really tried anything
fancier than that.
##
define sshauth ($user, $key, $type, $remotehost, $command = "false") {
Exec {
path => ["/bin","/sbin","/usr/bin","/usr/sbin","/usr/
local/bin","/usr/local/sbin"],
}
$keyname=$name
if $command == "false" {
exec { "insertkey$keyname":
command => "su - $user -c 'mkdir -p ~/.ssh ;
chmod 700 ~/.ssh ; cat ~/.ssh/authorized_keys | grep -v \"$user@
$remotehost\" > ~/.ssh/authorized_keys.n ; mv ~/.ssh/authorized_keys.n
~/.ssh/authorized_keys ; echo \"$type $key $u...@$remotehost
\" >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh/authorized_keys'",
unless => "su - $user -c 'cat ~/.ssh/
authorized_keys | grep \"$type $key $u...@$remotehost\"'| grep -v
SunOS",
}
} else {
exec { "insertkey$keyname":
command => "su - $user -c 'mkdir -p ~/.ssh ;
chmod 700 ~/.ssh ; cat ~/.ssh/authorized_keys | grep -v \"$user@
$remotehost\" > ~/.ssh/authorized_keys.n ; mv ~/.ssh/authorized_keys.n
~/.ssh/authorized_keys ; echo \"command=\\\"$command\\\" $type $key
$u...@$remotehost
\" >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh/authorized_keys'",
unless => "su - $user -c 'cat ~/.ssh/
authorized_keys | grep \"command=\\\"$command\\\" $type $key $user@
$remotehost\"'| grep -v SunOS",
}
}
}
On Sep 4, 7:28 am, Martin Englund <[email protected]> wrote:
> I'm running puppet 0.24.8 on OpenSolaris 2009.06 and it is updating
> all ssh_authorized_key:s on every run:
>
> Fri Sep 04 04:55:57 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
> common/default-accounts/webpush/ssh_authorized_key[webp...@akula]/
> target (notice): target changed '/export/home/webpush/.ssh/
> authorized_keys' to '/export/home/webpush/.ssh/authorized_keys'
>
> and then 30 minutes later:
>
> Fri Sep 04 05:26:21 -0700 2009 //Node[blogs-dev.sfbay.sun.com]/s11/
> common/default-accounts/webpush/ssh_authorized_key[webp...@akula]/
> target (notice): target changed '/export/home/webpush/.ssh/
> authorized_keys' to '/export/home/webpush/.ssh/authorized_keys'
>
> The same class runs just fine on Solaris 10...
>
> Has someone else run in to this? Or can give me some hints on what is
> messed up?
>
> cheers,
> /Martin
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
