I've got a puppet hash type data structure like this to store ssh keys:
class users::sshkeys {
$user1 = {
user1 => {
key => 'AAAAAA',
type => 'ssh-rsa'
}
}
$user2 = {
user2 => {
key => 'BBBBBB',
type => 'ed25519'
}
}
}
I can access a key like this:
$users::sshkeys::user1['user1']['key']
I would like to access a key dynamically (e.g. in a loop), like this:
$users = ['user1', 'user2']
$users.each |$user| {
$users::sshkeys::$user[$user]['key']
}
I found a solution to access a dynamic class/variable like this:
$mydynamicvar = getvar("users::sshkeys::${user1}")
notify{"$mydynamicvar":}
This seems to return a String, so that I can't access the hashkeys inside:
notify{"$mydynamicuser[$user]['key']":}
Any Ideas?
Ah, got it :) Putting all hashes into one variable (here: $all_users) and summarizing them into groups works like this:
$sysadmins = {
user1 => $all_users['user1'],
user2 => $all_users['user2']
}
Thanks for pointing me to the right direction #MattSchuchard
With a big hash even receiving ssh key and key type in a loop works:
$users = ['user1', 'user2']
$users.each |$user| {
profiles::users::sshkeys { $user:
user => $user,
group => 'sftpusers',
ssh_authorized_key => $users::sshkeys::all_keys::all_users[$user]['key'],
ssh_authorized_key_type => $users::sshkeys::all_keys::all_users[$user]['type'],
shell => $shell,
}
}
Related
I am creating a class which creates a ssh keys pair for users.
In Hiera it looks like this:
ssh::default_user_keys::entries:
root:
privkey: ENC[PKCS7,MIIH/QYJKoZIhvcNAQcDoIIH7jCCB+oCAQAx...]
pubkey: BiQYJKoZIhvcNAQcDoIIBejCCAXYC...
user1:
privkey: ENC[PKCS7,MIIH/Bf0mv0aa7JRbEWWONfVMJBOX2I7x...]
keydir: /srv/data/user1/.ssh
user2:
privkey: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAx...]
keytype: id_ecdsa
If some values are not specified in Hiera, they must be picked up from default values in the manifest.
So my question is how to write the manifest correctly?
This is my pseudo code I try to make working:
class ssh::default_user_keys_refact (
Hash $entries = lookup('ssh::default_user_keys_refact::entries', "merge" => 'hash'),
) {
$entries.each |String $user, Hash $item = {} | {
set_default { $item:
privkey => undef,
pubkey => undef,
keydir => "/home/${user}/.ssh",
keytype => id_rsa,
comment => undef,
}
$sshpriv = $item[privkey]
file { "${keydir}/$[keytype}":
ensure => file,
owner => $user,
mode => '0600',
content => $sshpriv,
}
}
}
Do you have ideas how to make this pseudo code working? Or in other words, how to set up default values for nested hiera hash in puppet manifest?
puppet versions is 6.
Thank you in advance.
Or in other words, how to set up default values for nested hiera hash in puppet manifest?
The fact that the hashes for which you want to provide defaults are nested inside others in the Hiera data isn't much relevant, because at the point of use they have been plucked out. With that being the case, you can accomplish this fairly easily by leveraging Puppet (not Hiera) hash merging. It might look something like this:
$entries.each |String $user, Hash $props| {
# Merge with default values
$full_props = {
'keydir' => "/home/${user}/.ssh",
'keytype' => 'id_rsa'
} + $props
file { "${full_props['keydir']}/${full_props['keytype']}":
ensure => 'file',
owner => $user,
mode => '0600',
content => $full_props['privkey'],
}
}
That's by no means the only way, but it's clean and clear, and it scales reasonably well.
I'm planning to implement the possibility to add multiple ssh keys per user.
For a single key, I used:
if ($sshkey) {
ssh_authorized_key { $resourcename:
ensure => 'present',
type => 'ssh-rsa',
key => '$sshkey',
user => $title,
require => User[$title],
}
}
For multiple keys, i thought that this might work:
if ($sshkeyarray != []) {
$sshkeyarray.each |String $singlesshkey| {
ssh_authorized_key { $resourcename:
ensure => 'present',
type => 'ssh-rsa',
key => '$singlesshkey',
user => $title,
require => User[$title],
}
}
}
But the resourcename can only be used once, so I want to give names like "resourcename_1" for the first ssh key and "resourcename_n" for the n-th key.
How can I do this? Can i get the position of the singlesshkey from the array and add it to the resourdcename?
As described in the docs here you can do this:
$sshkeyarray.each |$index, String $singlesshkey| {
ssh_authorized_key { "${resourcename}_${index}":
ensure => 'present',
type => 'ssh-rsa',
key => $singlesshkey,
user => $title,
require => User[$title],
}
}
Notice that there's no need to test for an empty array either. Looping over an empty array causes nothing to happen anyway.
I am new to puppet and I am trying to write a module to manage .bashrc file of 10 users. The following code is ok to manage the file of 1 user. However, I am unable to change the code to manage files for 10 users. I tried using defined types and variable with no luck. Can sombody please suggest me the right way to do this.
init.pp:
class profile (
$bashrc = $profile::params::bashrc,
$bashrc_host = $profile::params::bashrc_host,
) inherits profile::params {
anchor { 'profile::begin': } ->
class { '::profile::config': } ->
anchor { 'profile::end': }
}
config.pp:
class profile::config inherits profile {
file { $bashrc:
ensure => file,
source => "puppet:///$bashrc_host",
}
params.pp:
class profile::params {
$bashrc_host = "modules/profile/$fqdn_user1_bashrc"
}
case $::osfamily {
'RedHat': {
$bashrc = '/home/user1/.bashrc'
}
}
This is not at all a job for a class. As you noted yourself in your most recent comment, this calls for a define actually.
Please don't use verbs in the names of your defines. Instead of defineuser, just do
define profile::user($host_name) {
}
Off the top of my hat, I'm not aware of a good pattern to use module parameters in your defines. You can however use the following pattern:
class profile(
$default_shell = $profile::params::default_shell,
$default_prompt = $profile::params::default_prompt,
$users = {}
) inherits profile::params {
$defaults = { shell => $default_shell, prompt => $default_prompt }
create_resources('profile::user', $users, $defaults)
}
What happens is
values are taken from params, or hiera, or the invoking manifest
these values are gathered in the $defaults array
for any resource in the $users hash that has no shell or prompt, this default is used
If your aim of this module is to learn puppet then:
Add a param user to your class profile::params
class profile::params {
$bashrc_host = "modules/profile/$fqdn_user1_bashrc"
$user = 'user1',
}
case $::osfamily {
'RedHat': {
$bashrc = "/home/$user/.bashrc"
}
}
After this, you can use a combination of array or hiera and ensure_resource This still is not the most elegant solution, but baby steps.
If your intend is to actually manage the bashrc for various users, I would recommend using a pre existing module such as account
Trying to use hiera with puppet. And i'm wondering how could i move something like this to hiera:
Definition:
define apache::namevirtualhost {
$addr_port = $name
# Template uses: $addr_port
concat::fragment { "NameVirtualHost ${addr_port}":
target => $apache::ports_file,
content => template('apache/namevirtualhost.erb'),
}
}
Then in my super_node.pp:
apache::namevirtualhost { '*:80': }
How could i move '*:80' to hiera json file? Something like this (does not seem to work):
{
"apache::namevirtualhost" : "*:80"
}
Same question if i include definitions multiple times, how could i move configuration to hiera:
vagrant::box { 'dev.local':
sshport => '2223',
ip => '10.69.69.101'
}
vagrant::box { 'it.local':
sshport => '2224',
ip => '10.69.69.102'
}
Simply use the hiera function in your manifests, so in your super_node.pp:
$namevirtualhost = hiera("apache::namevirtualhost")
apache::namevirtualhost { $namevirtualhost : }
Same for your boxes:
vagrant::box { 'dev.local':
sshport => hiera("dev_local_sshport"),
ip => hiera("dev_local_ip"),
}
First you should ensure that hiera database is properly configured by typing
hiera "apache::namevirtualhost"
From command_line
I am trying to write a manifest that iterates through an array to create and maintain application users.
The list of users is passed to the manifest from init.pp in the following fashion:
$app_users = [ at1,et1,at2,et2 ]
The users.pp manifest then reads the array to create the users:
define appuser {
user { $name:
ensure => 'present',
comment => "Application User - $name",
gid => 'app',
home => "/apps/$app/$name",
shell => '/usr/bin/bash',
}
}
appuser { $app_users: }
This solution worked very well with another module I wrote, but in this case the home directory path includes a variable, that depends on the user name.
Adding the following if statement inside the resource issues an error:
if $name =~ /^(et|ep)/ {
$app = "echos"
notice('app is $app')
}
Syntax error at 'if'; expected '}' at .../users.pp:9
I read somewhere that you cannot place an if statement inside a resource...
In that case, what are my options? I'm experiencing a coding block...
We're using puppet master version 2.7.19 (Puppet Enterprise 2.7.0).
it sounds like it is only a syntax error, you should add your if statement within the definitions, sth like
define appuser {
if $name =~ /^(et|ep)/ {
$app = "echos"
notice('app is $app')
}
user { $name:
ensure => 'present',
comment => "Application User - $name",
gid => 'app',
home => "/apps/$app/$name",
shell => '/usr/bin/bash',
}
}
I would prefer case than if statement in this case, e.g.,
define appuser {
user { $name:
ensure => 'present',
comment => "Application User - $name",
gid => 'app',
home => $name ? {
'/^(et|ep)/' => "/apps/echos/$name",
default => "/apps/$app/$name",},
shell => '/usr/bin/bash',
}
}