On 11/28/2012 09:19 PM, Matt Zagrabelny wrote:
> Whatever is generating your node manifest (on the master) could also
> perform either:
>
> 1) scp ssh keys from the node to master
> or
> 2) run ssh-keygen on master
>
> Unless you are using the "default" node, this should work.
OK I've found elegant way to do it. Basicly this is what I do:
class ssh::server {
...
...
if generate('/etc/puppet/modules/ssh/scripts/generate_host_keys.sh',
$keys_dir) {
include ssh::server::keys
}
...
...
}
class ssh::server::keys {
file { '/etc/ssh/ssh_host_dsa_key':
...
...
file { '/etc/ssh/ssh_host_rsa_key':
...
...
}
And generate script looks like this:
#!/bin/bash
# check arg0: dir for keys
[ -z "$1" ] && echo "Please specify directory for key generation" && exit 1
KEYSDIR="$1"
# set umask
umask 0022
# create directory tree if it does not exist
[ ! -d "$KEYSDIR" ] && mkdir -p $KEYSDIR
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
chmod -R 640 $KEYSDIR/*
exit 0
do_rsa1/do_rsa/do_dsa are bash functions that I got from
/etc/init.d/sshd on CentOS 6... And it works like a charm! First puppet
run, keys are generated, and put into "private" section under fqdn's
dir, and propagated to client, and that's it. After reinstallation of
the client, files are already in private, so they won't be regenerated.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
