Last active
December 22, 2015 14:28
-
-
Save fnichol/6485465 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# on each backend/non-routable cluster node | |
# | |
user_account "adminuser" do | |
ssh_keygen true | |
# other attributes perhaps? | |
end | |
# put the code in a ruby block so that it gets run in execution phase, | |
# after user is created | |
ruby_block "save adminuser's ssh key" do | |
block do | |
# caluculate path to the pub key | |
pub_key = ::File.join(Etc.getpwnam("adminuser").dir, ".ssh/id_dsa.pub") | |
# read the contents of the pub key into a node attribute | |
node.set["user"]["login_user_key"] = IO.read(pub_key) | |
end | |
end | |
# at the end of the chef run, node.save will persist the key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# for the gateway/vpn node | |
# | |
# use search to return all nodes with node.user.login_user_key set | |
cluster_nodes = search(:node, "user_login_user_key:*") | |
# sort the nodes alphabetically so we get a deterministic ordering | |
# for keys (doesn't matter what the ordering is, just that it could be | |
# consistent) | |
authorized_ssh_keys = Array(cluster_nodes). | |
sort { |x, y| x.name <=> y.name }. | |
map { |cluster_node| cluster_node["user"]["login_user_key"] } | |
# create the user now that we have all the generated pub keys from nodes-of-interest | |
user_account "gatewayuser" do | |
ssh_keys authorized_ssh_keys | |
# other attributes perhaps? | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment