nickola / chef-ssh-keys Goto Github PK

View Code? Open in Web Editor NEW

52.0 5.0 36.0 275 KB

Cookbook "ssh-keys" for Chef, creates "authorized_keys" in user "~/.ssh" directory from a data bag

HTML 2.19% Ruby 97.81%

chef ssh

chef-ssh-keys's Introduction

Description

Creates authorized_keys in user ~/.ssh directory from a data bag (encrypted data bag supported).

Attributes

Expects node[:ssh_keys] to be an hash containing the user name as key and data bag user name as value. Also, users can be defined by groups (see usage examples below).

See attributes/default.rb for additional attributes default values.

Usage

Node configuration example to create authorized_keys for user root from data bag user user1:

{
  "ssh_keys": {
    "root": "user1"
  },
  "run_list": [
    "recipe[ssh-keys]"
  ]
}

Node configuration example to create authorized_keys for user root from data bag user user1 and user2:

{
  "ssh_keys": {
    "root": ["user1", "user2"]
  },
  "run_list": [
    "recipe[ssh-keys]"
  ]
}

Node configuration example to create authorized_keys for user root from users of group admin:

{
  "ssh_keys": {
    "root": {"groups": "admin"}
  },
  "run_list": [
    "recipe[ssh-keys]"
  ]
}

Node configuration example to create authorized_keys for user root from data bag user user1 and user2, and from users of groups admin and operator:

{
  "ssh_keys": {
    "root": {"users": ["user1", "user2"], "groups": ["admin", "operator"]}
  },
  "run_list": [
    "recipe[ssh-keys]"
  ]
}

Use knife to create a data bag for users:

knife data bag create users

User data bag example (compatible with Chef users cookbook):

knife data bag users user1
{
  "id": "user1",
  "ssh_keys": "ssh-rsa AAAAB3Nz...yhCw== user1"
}

knife data bag users user2
{
  "id": "user2",
  "ssh_keys": "ssh-rsa AAAAB3Nz...5D8F== user2"
}

Cookbook URLs

Chef Supermarket: https://supermarket.chef.io/cookbooks/ssh-keys
GitHub: https://github.com/nickola/chef-ssh-keys
Author: http://www.nickola.ru

chef-ssh-keys's People

Contributors

Stargazers

Watchers

chef-ssh-keys's Issues

Error when doing knife cookbook site install ssh-keys

eloy@dellta:/srv/repo/chlor-chef-repo$ knife cookbook site install ssh-keys
Installing ssh-keys to /srv/repo/chlor-chef-repo/cookbooks
Checking out the master branch.
Pristine copy branch (chef-vendor-ssh-keys) exists, switching to it.
Downloading ssh-keys from the cookbooks site at version 1.0.0 to /srv/repo/chlor-chef-repo/cookbooks/ssh-keys.tar.gz
Cookbook saved: /srv/repo/chlor-chef-repo/cookbooks/ssh-keys.tar.gz
Removing pre-existing version.
Uncompressing ssh-keys version 1.0.0.
removing downloaded tarball
1 files updated, committing changes
ERROR: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '128'
---- Begin output of git add ssh-keys ----
STDOUT:
STDERR: fatal: Not a git repository: /Users/Nickola/Development/.chef/.git/modules/site-cookbooks/ssh-keys
---- End output of git add ssh-keys ----
Ran git add ssh-keys returned 128

`line.start_with?("ssh")` is not a good test...

... since valid keys can begin with "ssh", or "ecdsa", or "ed25519" - and likely more types in the future.

Additionally, why be selective at all - de-duplicating is fair enough, but if the user has additional entries or comments in their existing file, why not simply maintain these and add any new keys if they don't already exist?

All the best,

Stuart

Cannot upload using Berkshelf / Missing metadata.rb 'name'

The metadata.rb file does not have a name attribute; this causes Berskshelf/Riley to crash when uploading.

Even though they are aware of this issue with several cookbooks, I suggest adding the attribute.

symlinked authorized_keys file

On some servers the file .ssh/authorized_keys is a symlink

As it is a symlink, the recipe fails to update the file. It cannot create a new file .ssh/authorized_keys

Feature request for symlinked files: truncate the file and add the keys.

git tags

please push git tags to github... it helps to understand "where i am" from local checkout:

➔ git describe --tags
fatal: No names found, cannot describe anything.

chef client logs might leak keys

With the current implementation, the keys will be written to chef client logs. Consider using the "sensitive" option of the template resource to suppress logging while writing keys to files. (https://docs.chef.io/resource_template.html)

If users home directory does not exist, fails to create necessary directory structure and errors out.

If users home directory does not exist, recipe fails to create necessary directory structure and errors out.

I ran into an issue where a users home directory was manually removed. This failed the chef run as the needed directory structure was not present. This presented itself as an issue because of this currently open chef bug. CHEF-2409

Adding recursive true to the directory call will solve this issue and prevent a chef run from failing.

Release on supermarket

Hi,

Can you release your cookbook on the supermarket, since Chef12, the cookbook currently on it could not be run because name isn't present in metadata.rb. I see you already fixed it but not on the supermarket.

Regards,

nickola / chef-ssh-keys Goto Github PK

chef-ssh-keys's Introduction

Description

Attributes

Usage

Cookbook URLs

chef-ssh-keys's People

Contributors

Stargazers

Watchers

Forkers

chef-ssh-keys's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs