User Tools

Site Tools


technical_notes:public:puppet-cookbook

Parent

Puppet - Cookbook

SSH

Manage authorizated key for User SSH connection

I use a module accounts I get on the net.

accounts::user {"user":
  uid         => 1002,
  realname    => 'My User',
  pass        => 'XXXXXXX',
  sshkeytype  => "ssh-rsa",
  sshkey      => "XXXXXXX"
}
define accounts::user ($uid,$realname,$pass,$sshkeytype,$sshkey) {
 
  # Create the user
  user { $title:
    ensure            =>  'present',
    uid               =>  $uid,
    gid               =>  $title,
    shell             =>  '/bin/bash',
    home              =>  "/home/${title}",
    comment           =>  $realname,
    password          =>  $pass,
    managehome        =>  true,
    require           =>  Group[$title],
  }
 
  # Create a matching group
  group { $title:
    gid               => $uid,
  }
 
  # Ensure the home directory exists with the right permissions
  file { "${homepath}/${title}":
    ensure            =>  directory,
    owner             =>  $title,
    group             =>  $title,
    mode              =>  '0750',
    require           =>  [ User[$title], Group[$title] ],
  }
 
  # Ensure the .ssh directory exists with the right permissions
  file { "${homepath}/${title}/.ssh":
    ensure            =>  directory,
    owner             =>  $title,
    group             =>  $title,
    mode              =>  '0700',
    require           =>  File["${homepath}/${title}"],
  }
 
  # Add user's SSH key
  if ($sshkey != '') {
    ssh_authorized_key {$title:
      ensure          => present,
      name            => $title,
      user            => $title,
      type            => $sshkeytype,
      key             => $sshkey,
    }
  }
}

Disable Host checking for Ssh connection (and git)

When you are using git, you have to manage the host verification. I don't find easy way to do it. The best solution I found was to desactivate the Host verification on Ssh Client.

I use the module saz/ssh.

class { 'ssh':
  storeconfigs_enabled => false,
  client_options => {
    'Host *' => {
      'StrictHostKeyChecking' => 'no',
    },
  }
}

Register a ssh key (id_rsa) on an user

Git

Using git client

technical_notes/public/puppet-cookbook.txt · Last modified: 2014/10/01 13:46 by Fabien Arcellier