Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
class ssh_key_generator {
# This is the path to the key generator script *on the puppetmaster*
$ssh_rsa_key = '/path/to/ssh_key_generator.sh'
file { '/root/.ssh/id_rsa':
ensure => 'file',
content => generate($ssh_rsa_key, 'private', $clientcert),
owner => 'root',
mode => '0600',
}
@@ssh_authorized_key { "${clientcert}_root_id_rsa":
key => generate($ssh_rsa_key, 'public', $clientcert),
type => 'ssh-rsa',
user => 'root',
}
}
# On the nodes that need the public key, you realize the ssh_authorized_key exported resource
#!/bin/bash
if [ $# -ne 2 ]; then
echo "usage: $0 [public|private] key_name" >&2
exit 1
fi
KEYDIR=/var/lib/puppet/generators/ssh_rsa_key
MODE="$1"
KEYNAME="$2"
mkdir -p "${KEYDIR}" || exit 1
if ! [ -f "${KEYDIR}/${KEYNAME}" ]; then
ssh-keygen -t rsa -N '' -f "${KEYDIR}/${KEYNAME}" || exit 1
fi
case "$MODE" in
public)
awk '{ printf "%s", $2 }' < "${KEYDIR}/${KEYNAME}.pub" || exit 1
;;
private)
cat "${KEYDIR}/${KEYNAME}" || exit 1
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment