Having an issue with appending ssh keys to the known_hosts file on systems. I have multiple modules that need to use ssh into remote servers without being prompted for a password, and therefore multiple places that I need to manage/add to a known_hosts file for. If I simply put a copy of known_hosts in the files/ directory of the module, and push it out, any other modules that did the same are going to find the file replaced. How can I manage this better? If I use append_if_no_such_line, then I have to paste the key into the manifest, which is ugly. It would be nice if append_if_no_such_line could somehow take a source or template parameter. Doug -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi> I have multiple modules that need to use ssh into remote servers > without being prompted for a password, and therefore multiple places > that I need to manage/add to a known_hosts file for. If I simply put a > copy of known_hosts in the files/ directory of the module, and push it > out, any other modules that did the same are going to find the file > replaced. How can I manage this better?how about the sshkey type? http://docs.reductivelabs.com/references/stable/type.html#sshkey cheers pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Oh, yes, right... duh... thanks. Definitely better than append_if_no_such_line() which dumps the key to the log. On Fri, Mar 12, 2010 at 9:54 AM, Peter Meier <peter.meier@immerda.ch> wrote:> Hi > >> I have multiple modules that need to use ssh into remote servers >> without being prompted for a password, and therefore multiple places >> that I need to manage/add to a known_hosts file for. If I simply put a >> copy of known_hosts in the files/ directory of the module, and push it >> out, any other modules that did the same are going to find the file >> replaced. How can I manage this better? > > how about the sshkey type? > http://docs.reductivelabs.com/references/stable/type.html#sshkey > > cheers pete > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garstang@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, Mar 12, 2010 at 10:47 AM, Douglas Garstang <doug.garstang@gmail.com> wrote:> Oh, yes, right... duh... thanks. > > Definitely better than append_if_no_such_line() which dumps the key to the log. > > On Fri, Mar 12, 2010 at 9:54 AM, Peter Meier <peter.meier@immerda.ch> wrote: >> Hi >> >>> I have multiple modules that need to use ssh into remote servers >>> without being prompted for a password, and therefore multiple places >>> that I need to manage/add to a known_hosts file for. If I simply put a >>> copy of known_hosts in the files/ directory of the module, and push it >>> out, any other modules that did the same are going to find the file >>> replaced. How can I manage this better? >> >> how about the sshkey type? >> http://docs.reductivelabs.com/references/stable/type.html#sshkeyWHat about known_hosts??? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang wrote:>>> http://docs.reductivelabs.com/references/stable/type.html#sshkey > > WHat about known_hosts???For /etc/ssh/ssh_known_hosts, using exported resources is quite handy: http://reductivelabs.com/trac/puppet/wiki/ExportedResources Something like: # Collect ssh keys and add them to /etc/ssh/ssh_known_hosts case $sshrsakey { '''': { alert("No sshrsakey found for $fqdn") } default: { @@sshkey { $fqdn: alias => [$hostname, $ipaddress], key => $sshrsakey, type => rsa, } } } Sshkey <<||>> Note that until http://projects.reductivelabs.com/issues/2014 is fixed, you might also want to use a file resource to make the known hosts file readable by non-root users: file { "/etc/ssh/ssh_known_hosts": mode => 644, } -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!
Am Saturday 13 March 2010 schrieb mir Todd Zullinger:> # Collect ssh keys and add them to /etc/ssh/ssh_known_hosts > case $sshrsakey { > '''': { alert("No sshrsakey found for $fqdn") } > default: { > @@sshkey { $fqdn:^^> alias => [$hostname, $ipaddress], > key => $sshrsakey, > type => rsa, > } > } > } > Sshkey <<||>>^^^^^^^ Can you explain me this syntax? Regards Oli
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi>> # Collect ssh keys and add them to /etc/ssh/ssh_known_hosts >> case $sshrsakey { >> '''': { alert("No sshrsakey found for $fqdn") } >> default: { >> @@sshkey { $fqdn: > ^^exporting resources>> alias => [$hostname, $ipaddress], >> key => $sshrsakey, >> type => rsa, >> } >> } >> } >> Sshkey <<||>> > ^^^^^^^collecting exported resources. You find more about that here: http://projects.reductivelabs.com/projects/puppet/wiki/Exported_Resources It es very powerful if you want to distribute "configurations" related to one host to another host. cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuc2tEACgkQbwltcAfKi38htQCeMZt6xHgmFInl996wmGHf4RaU b98AnjLcAdNFguzK+Wq1/Fp9ttBqLfjz =rRjz -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Am Sunday 14 March 2010 schrieb mir Peter Meier:> collecting exported resources. > > You find more about that here: > http://projects.reductivelabs.com/projects/puppet/wiki/Exported_Resourc > es > > > It es very powerful if you want to distribute "configurations" related > to one host to another host.Cool stuff, thanks for your explanations. Regards Oli