Last active
October 13, 2023 18:39
-
-
Save justinstoller/6de2921a2736edcdcce04cf8c593800a to your computer and use it in GitHub Desktop.
This script, if given a host, will create or update a konwn_hosts file that r10k can use in PE 2023.3 or greater.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # These are the four pertinent lines from the script if folks would rather do it themselves: | |
| mkdir -p /opt/puppetlabs/server/data/puppetserver/.ssh | |
| touch /opt/puppetlabs/server/data/puppetserver/.ssh/known_hosts | |
| ssh-keyscan <additional ssh-keyscan args> <hostname> 2>/dev/null | grep -v '# ' >> /opt/puppetlabs/server/data/puppetserver/.ssh/known_hosts | |
| chown -R pe-puppet:pe-puppet /opt/puppetlabs/server/data/puppetserver/.ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Process params [13/899] | |
| if [[ "$1" == "-h" ]] || [[ $# -eq 0 ]]; then | |
| echo "$0 TRUSTED_HOST [ADDITIONAL SSH-KEYSCAN ARGS]" | |
| exit | |
| fi | |
| TRUSTED_HOST="$1" | |
| shift | |
| if [[ $# -gt 0 ]]; then | |
| echo "Will pass params '$@' to ssh-keyscan" | |
| fi | |
| if [[ -z "$TRUSTED_HOST" ]]; then | |
| echo "Must provide host to trust. eg, $0 github.com" | |
| exit 1 | |
| fi | |
| # Setup | |
| which ssh-keyscan &>/dev/null | |
| if [[ 0 -ne $? ]]; then | |
| echo "Could not find ssh-keyscan, this script requires the ssh package" | |
| exit 1 | |
| fi | |
| SSH_DIR="/opt/puppetlabs/server/data/puppetserver/.ssh" | |
| KNOWN_HOSTS_FILE="${SSH_DIR}/known_hosts" | |
| check_result() { | |
| if [[ 0 -ne $? ]]; then | |
| echo "The above step failed! Please review the script and system state." | |
| exit 1 | |
| fi | |
| } | |
| # The actual work | |
| echo "Ensuring ssh dir exists" | |
| mkdir -p $SSH_DIR | |
| check_result | |
| echo "" | |
| echo "Ensuring known_hosts file exists" | |
| touch $KNOWN_HOSTS_FILE | |
| check_result | |
| echo "" | |
| echo "Ensuring known_hosts file exists" | |
| touch $KNOWN_HOSTS_FILE | |
| check_result | |
| echo "" | |
| echo "Scanning $TRUSTED_HOST for public keys to trust" | |
| ssh-keyscan $@ "$TRUSTED_HOST" 2>/dev/null | grep -v '# ' >> $KNOWN_HOSTS_FILE | |
| if [[ 0 -ne $? ]]; then | |
| echo "'ssh-keyscan' failed! Is $TRUSTED_HOST reachable? Is SSH running on a non-standard port?" | |
| echo "Please review 'ssh-keyscan' operation" | |
| exit 1 | |
| fi | |
| echo "" | |
| echo "Ensuring Code Management can read the known_hosts file" | |
| chown -R pe-puppet:pe-puppet $SSH_DIR | |
| check_result | |
| echo "" | |
| echo "Updated known_hosts file, content is:" | |
| cat $KNOWN_HOSTS_FILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment