Salt/openssh-formula
0
0
Fork 0
mirror of https://github.com/saltstack-formulas/openssh-formula.git synced 2026-05-16 14:57:03 +02:00
Code Issues Activity

Fixed aliasing of host names

Browse Source
This commit is contained in:
Alexander Weidinger 2018-05-01 22:35:47 +02:00
parent 1a70a129d5
commit 66fd619a1a
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.rst
View File

@ -87,7 +87,7 @@ setup those functions through pillar::
mine_function: cmd.run mine_function: cmd.run
cmd: cat /etc/ssh/ssh_host_*_key.pub cmd: cat /etc/ssh/ssh_host_*_key.pub
python_shell: True python_shell: True
public_ssh_hostname: public_ssh_host_names:
mine_function: grains.get mine_function: grains.get
key: id key: id
@ -132,6 +132,16 @@ The state tries to fetch the SSH host keys via ``salt-ssh``. It calls the comman
salt_ssh: salt_ssh:
user: salt-master user: salt-master
It's possible to define aliases for certain hosts::
openssh:
known_hosts:
salt_ssh:
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
You can use a cronjob to populate a host key cache:: You can use a cronjob to populate a host key cache::
# crontab -e -u salt-master # crontab -e -u salt-master

7
_pillar/known_hosts_salt_ssh.sls
View File

@ -1,12 +1,13 @@
#!py #!py
import logging as log import logging
import os.path import os.path
import re import re
import subprocess import subprocess
cache = {} cache = {}
ssh_key_pattern = re.compile("^[^ ]+ (ssh-.+)$") ssh_key_pattern = re.compile("^[^ ]+ (ssh-.+)$")
log = logging.getLogger(__name__)
def config_dir(): def config_dir():
if '__master_opts__' in __opts__: if '__master_opts__' in __opts__:
@ -103,11 +104,11 @@ def host_keys(minion_id):
def run(): def run():
config = { config = {
'public_ssh_host_keys': {}, 'public_ssh_host_keys': {},
'public_ssh_hostname': {} 'public_ssh_host_names': {}
} }
for minion in minions().keys(): for minion in minions().keys():
config['public_ssh_hostname'][minion] = minion
config['public_ssh_host_keys'][minion] = host_keys(minion) config['public_ssh_host_keys'][minion] = host_keys(minion)
config['public_ssh_host_names'][minion] = minion
return {'openssh': {'known_hosts': {'salt_ssh': config}}} return {'openssh': {'known_hosts': {'salt_ssh': config}}}
# vim: ts=4:sw=4:syntax=python # vim: ts=4:sw=4:syntax=python

8
openssh/files/ssh_known_hosts
View File

@ -11,7 +11,8 @@
{#- The host names to use are to be found within the dict 'host_names'. #} {#- The host names to use are to be found within the dict 'host_names'. #}
{#- If there are none, the host is used directly. #} {#- If there are none, the host is used directly. #}
{%- set names = [host_names.get(host, host)] -%} {%- set names = host_names.get(host, host) -%}
{%- set names = [names] if names is string else names %}
{#- Extract the hostname from the FQDN and add it to the names. #} {#- Extract the hostname from the FQDN and add it to the names. #}
{%- if use_hostnames is iterable -%} {%- if use_hostnames is iterable -%}
@ -76,12 +77,13 @@
{% do host_keys.update({minion_id: minion_host_keys}) %} {% do host_keys.update({minion_id: minion_host_keys}) %}
{%- endif -%} {%- endif -%}
{%- endfor -%} {%- endfor -%}
{%- for minion_id, minion_host_name in salt['pillar.get']( {%- for minion_id, minion_host_names in salt['pillar.get'](
'openssh:known_hosts:salt_ssh:public_ssh_host_names', 'openssh:known_hosts:salt_ssh:public_ssh_host_names',
{} {}
).items() -%} ).items() -%}
{{ minion_host_names }}
{%- if salt["match.{}".format(tgt_type)](target, minion_id=minion_id) -%} {%- if salt["match.{}".format(tgt_type)](target, minion_id=minion_id) -%}
{% do host_names.update({minion_id: minion_host_name}) %} {% do host_names.update({minion_id: minion_host_names}) %}
{%- endif -%} {%- endif -%}
{%- endfor %} {%- endfor %}