Merge pull request #133 from luitzifa/multiple-key-support
add support for multiple private and public keys
This commit is contained in:
commit
a4c1e98a55
|
@ -57,6 +57,10 @@ users:
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
privkey: PRIVATEKEY
|
privkey: PRIVATEKEY
|
||||||
pubkey: PUBLICKEY
|
pubkey: PUBLICKEY
|
||||||
|
# you can provide multiple keys, the keyname is taken as filename
|
||||||
|
# make sure your public keys suffix is .pub
|
||||||
|
foobar: PRIVATEKEY
|
||||||
|
foobar.pub: PUBLICKEY
|
||||||
# ... or you can pull them from a different pillar,
|
# ... or you can pull them from a different pillar,
|
||||||
# for example one called "ssh_keys":
|
# for example one called "ssh_keys":
|
||||||
ssh_keys_pillar:
|
ssh_keys_pillar:
|
||||||
|
|
|
@ -175,35 +175,35 @@ user_keydir_{{ name }}:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if 'ssh_keys' in user %}
|
{% if 'ssh_keys' in user %}
|
||||||
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
|
{% for _key in user.ssh_keys.keys() %}
|
||||||
users_user_{{ name }}_private_key:
|
{% if _key == 'privkey' %}
|
||||||
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}
|
||||||
|
{% elif _key == 'pubkey' %}
|
||||||
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}
|
||||||
|
{% else %}
|
||||||
|
{% set key_name = _key %}
|
||||||
|
{% endif %}
|
||||||
|
users_{{ name }}_{{ key_name }}_key:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: {{ home }}/.ssh/{{ key_type }}
|
- name: {{ home }}/.ssh/{{ key_name }}
|
||||||
- user: {{ name }}
|
|
||||||
- group: {{ user_group }}
|
|
||||||
- mode: 600
|
|
||||||
- show_diff: False
|
|
||||||
- contents_pillar: users:{{ name }}:ssh_keys:privkey
|
|
||||||
- require:
|
|
||||||
- user: users_{{ name }}_user
|
|
||||||
{% for group in user.get('groups', []) %}
|
|
||||||
- group: users_{{ name }}_{{ group }}_group
|
|
||||||
{% endfor %}
|
|
||||||
users_user_{{ name }}_public_key:
|
|
||||||
file.managed:
|
|
||||||
- name: {{ home }}/.ssh/{{ key_type }}.pub
|
|
||||||
- user: {{ name }}
|
- user: {{ name }}
|
||||||
- group: {{ user_group }}
|
- group: {{ user_group }}
|
||||||
|
{% if key_name.endswith(".pub") %}
|
||||||
- mode: 644
|
- mode: 644
|
||||||
|
{% else %}
|
||||||
|
- mode: 600
|
||||||
|
{% endif %}
|
||||||
- show_diff: False
|
- show_diff: False
|
||||||
- contents_pillar: users:{{ name }}:ssh_keys:pubkey
|
- contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
|
||||||
- require:
|
- require:
|
||||||
- user: users_{{ name }}_user
|
- user: users_{{ name }}_user
|
||||||
{% for group in user.get('groups', []) %}
|
{% for group in user.get('groups', []) %}
|
||||||
- group: users_{{ name }}_{{ group }}_group
|
- group: users_{{ name }}_{{ group }}_group
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
|
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
|
||||||
users_authorized_keys_{{ name }}:
|
users_authorized_keys_{{ name }}:
|
||||||
file.managed:
|
file.managed:
|
||||||
|
|
Loading…
Reference in New Issue