Skip to content

Instantly share code, notes, and snippets.

@fnichol

fnichol/cluster_node_default.rb

Last active December 22, 2015 14:28
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fnichol/6485465 to your computer and use it in GitHub Desktop.
Save fnichol/6485465 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cluster_node_default.rb
##
# on each backend/non-routable cluster node
#
user_account "adminuser" do
ssh_keygen true
# other attributes perhaps?
end
# put the code in a ruby block so that it gets run in execution phase,
# after user is created
ruby_block "save adminuser's ssh key" do
block do
# caluculate path to the pub key
pub_key = ::File.join(Etc.getpwnam("adminuser").dir, ".ssh/id_dsa.pub")
# read the contents of the pub key into a node attribute
node.set["user"]["login_user_key"] = IO.read(pub_key)
end
end
# at the end of the chef run, node.save will persist the key
Raw
gateway_node_default.rb
##
# for the gateway/vpn node
#
# use search to return all nodes with node.user.login_user_key set
cluster_nodes = search(:node, "user_login_user_key:*")
# sort the nodes alphabetically so we get a deterministic ordering
# for keys (doesn't matter what the ordering is, just that it could be
# consistent)
authorized_ssh_keys = Array(cluster_nodes).
sort { |x, y| x.name <=> y.name }.
map { |cluster_node| cluster_node["user"]["login_user_key"] }
# create the user now that we have all the generated pub keys from nodes-of-interest
user_account "gatewayuser" do
ssh_keys authorized_ssh_keys
# other attributes perhaps?
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment