Here we go:
Part 1: Custom Fact (modules/users/lib/facter/user_home.rb)
require 'etc'
Etc.passwd { |user|
Facter.add("home_#{user.name}") do
setcode do
user.dir
end
end
}
When you are creating a user, you have access to the homedir. I use a define
that has default parameters of
$userhome = "/home/${title}",
$username = $title,
You can override the userhome value. The combination of resources I found to
work is as follows:
exec { "mkdir-${username}":
command => "/bin/mkdir -p ${homedirdir}",
unless => "test -d ${homedirdir}",
}
file { $userhome:
ensure => directory,
require => [
User[$username],
Exec["mkdir-${username}"],
]
}
file { "${userhome}/.ssh":
ensure => directory,
require => User[$username],
}
file { "${userhome}/.ssh/authorized_keys":
ensure => present,
require => File["${userhome}/.ssh"],
}
ssh_authorized_key { "${username}_rsa_key":
ensure => $ensure,
user => $username,
key => ".....",
type => 'ssh-rsa',
}
Now, for putting keys in other user homedirs - like a role account for
restricted ssh - using only the role account login and the user account login,
$home_fact = "home_${role_account_login}"
$homedir = inline_template("<%= scope.lookupvar('::${home_fact}') %>")
User[$role_account_login]->
File [ "${homedir}/.ssh/authorized_keys"] ->
ssh_authorized_key {
"${user_account_login}_rsa_key_for_${role_account_login}":
ensure => $ensure,
key => "....",
type => 'ssh-rsa',
user => $role_account_login,
}
The chaining was discovered thru some long and painful trial and error.
Also, there is the matter of the "options" parameter for ssh_authorized_key,
but I did not want to complicate this too much.
This should get you moving forward.
“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.” (Bill Waterson: Calvin &
Hobbes)
On Jan 29, 2014, at 11:04 PM, Andrew <[email protected]> wrote:
So ...
I am tasked with managing ssh keys for which I want to use puppet to do the
deployment.
I dont know ahead of time which users will using/assigned keys so, my question
is.
how to determine the homedir of any user? is there a variable present with this
info without resorting to an exec?
Not all users have /home/$USER homedirs, (eg apache=/var/www, puppet=/var/lib/puppet),
I need to create a .ssh dir in the users homedir and copy some private keys in there.
The authorized_keys type includes a user property, so the public key is easy.
kinda stumped ...
Any ideas?
Thanks in advance.
Regards,
Andrew
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1944e04e-e98c-4cb6-8e3f-e470c88ce6ad%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/26ebf32b-3cb0-4aca-877e-b5e16a3e5f99%40me.com.
For more options, visit https://groups.google.com/groups/opt_out.
