I'm planning to implement the possibility to add multiple ssh keys per user.
For a single key, I used:
if ($sshkey) {
ssh_authorized_key { $resourcename:
ensure => 'present',
type => 'ssh-rsa',
key => '$sshkey',
user => $title,
require => User[$title],
}
}
For multiple keys, i thought that this might work:
if ($sshkeyarray != []) {
$sshkeyarray.each |String $singlesshkey| {
ssh_authorized_key { $resourcename:
ensure => 'present',
type => 'ssh-rsa',
key => '$singlesshkey',
user => $title,
require => User[$title],
}
}
}
But the resourcename can only be used once, so I want to give names like "resourcename_1" for the first ssh key and "resourcename_n" for the n-th key.
How can I do this? Can i get the position of the singlesshkey from the array and add it to the resourdcename?
As described in the docs here you can do this:
$sshkeyarray.each |$index, String $singlesshkey| {
ssh_authorized_key { "${resourcename}_${index}":
ensure => 'present',
type => 'ssh-rsa',
key => $singlesshkey,
user => $title,
require => User[$title],
}
}
Notice that there's no need to test for an empty array either. Looping over an empty array causes nothing to happen anyway.
Related
I am creating a class which creates a ssh keys pair for users.
In Hiera it looks like this:
ssh::default_user_keys::entries:
root:
privkey: ENC[PKCS7,MIIH/QYJKoZIhvcNAQcDoIIH7jCCB+oCAQAx...]
pubkey: BiQYJKoZIhvcNAQcDoIIBejCCAXYC...
user1:
privkey: ENC[PKCS7,MIIH/Bf0mv0aa7JRbEWWONfVMJBOX2I7x...]
keydir: /srv/data/user1/.ssh
user2:
privkey: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAx...]
keytype: id_ecdsa
If some values are not specified in Hiera, they must be picked up from default values in the manifest.
So my question is how to write the manifest correctly?
This is my pseudo code I try to make working:
class ssh::default_user_keys_refact (
Hash $entries = lookup('ssh::default_user_keys_refact::entries', "merge" => 'hash'),
) {
$entries.each |String $user, Hash $item = {} | {
set_default { $item:
privkey => undef,
pubkey => undef,
keydir => "/home/${user}/.ssh",
keytype => id_rsa,
comment => undef,
}
$sshpriv = $item[privkey]
file { "${keydir}/$[keytype}":
ensure => file,
owner => $user,
mode => '0600',
content => $sshpriv,
}
}
}
Do you have ideas how to make this pseudo code working? Or in other words, how to set up default values for nested hiera hash in puppet manifest?
puppet versions is 6.
Thank you in advance.
Or in other words, how to set up default values for nested hiera hash in puppet manifest?
The fact that the hashes for which you want to provide defaults are nested inside others in the Hiera data isn't much relevant, because at the point of use they have been plucked out. With that being the case, you can accomplish this fairly easily by leveraging Puppet (not Hiera) hash merging. It might look something like this:
$entries.each |String $user, Hash $props| {
# Merge with default values
$full_props = {
'keydir' => "/home/${user}/.ssh",
'keytype' => 'id_rsa'
} + $props
file { "${full_props['keydir']}/${full_props['keytype']}":
ensure => 'file',
owner => $user,
mode => '0600',
content => $full_props['privkey'],
}
}
That's by no means the only way, but it's clean and clear, and it scales reasonably well.
I've got a puppet hash type data structure like this to store ssh keys:
class users::sshkeys {
$user1 = {
user1 => {
key => 'AAAAAA',
type => 'ssh-rsa'
}
}
$user2 = {
user2 => {
key => 'BBBBBB',
type => 'ed25519'
}
}
}
I can access a key like this:
$users::sshkeys::user1['user1']['key']
I would like to access a key dynamically (e.g. in a loop), like this:
$users = ['user1', 'user2']
$users.each |$user| {
$users::sshkeys::$user[$user]['key']
}
I found a solution to access a dynamic class/variable like this:
$mydynamicvar = getvar("users::sshkeys::${user1}")
notify{"$mydynamicvar":}
This seems to return a String, so that I can't access the hashkeys inside:
notify{"$mydynamicuser[$user]['key']":}
Any Ideas?
Ah, got it :) Putting all hashes into one variable (here: $all_users) and summarizing them into groups works like this:
$sysadmins = {
user1 => $all_users['user1'],
user2 => $all_users['user2']
}
Thanks for pointing me to the right direction #MattSchuchard
With a big hash even receiving ssh key and key type in a loop works:
$users = ['user1', 'user2']
$users.each |$user| {
profiles::users::sshkeys { $user:
user => $user,
group => 'sftpusers',
ssh_authorized_key => $users::sshkeys::all_keys::all_users[$user]['key'],
ssh_authorized_key_type => $users::sshkeys::all_keys::all_users[$user]['type'],
shell => $shell,
}
}
My input is a log from IIS server with cookies included. I want my output (elasticsearch) to have a field like this:
"cookies": {
"cookie_name": "cookie_value"
}
Also for some cookies I want their values to be replaced with some other values from a dictionary.
Basically, I think the following filter config solves my problem:
kv {
source => "cookie"
target => "cookies"
trim => ";"
include_keys => [ "cookie_name1","cookie_name2" ]
}
translate {
field => "cookies.cookie_name1"
destination => "cookies.cookie_name1"
dictionary_path => "/etc/logstash/dict.yaml"
override => "true"
fallback => "%{cookies.cookie_name1}"
}
The problem is that I don't know if it’s the right way to do this, and whether it will work at all (especially the cookies.cookie_name part).
The correct way to do this is:
kv {
source => "cookie"
target => "cookies"
field_split => ";+"
include_keys => [ "cookie_name1","cookie_name2" ]
}
translate {
field => "[cookies][cookie_name1]"
destination => "[cookies][cookie_name1]"
dictionary_path => "/etc/logstash/dict.yaml"
override => "true"
fallback => "%{[cookies][cookie_name1]}"
}
https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references
https://www.elastic.co/guide/en/logstash/7.4/plugins-filters-kv.html
https://www.elastic.co/guide/en/logstash/7.4/plugins-filters-translate.html
Running Puppet 3.8
I have two defines:
define desktop::vinstall () {
package { $title:
ensure => installed,
allow_virtual => true,
configfiles => keep,
}
}
and
define desktop::vinstallwseeds () {
package { $title:
ensure => installed,
allow_virtual => true,
configfiles => keep,
require => File["/var/cache/debconf/pkg-${title}.seeds"],
responsefile => "/var/cache/debconf/pkg-${title}.seeds",
}
file { "/var/cache/debconf/pkg-${title}.seeds":
source => "puppet:///modules/desktop/pkg-${title}.seeds",
ensure => present,
}
}
Would like to turn these into one define statement with an optional boolean argument, something like:
define desktop::vinstallopt ( $queryresponse = 'false', ) {
package { $title:
ensure => installed,
allow_virtual => true,
configfiles => keep,
if $queryresponse == 'true' {
require => File["/var/cache/debconf/pkg-${title}.seeds"],
responsefile => "/var/cache/debconf/pkg-${title}.seeds",
}
}
file { "/var/cache/debconf/pkg-${title}.seeds":
source => "puppet:///modules/desktop/pkg-${title}.seeds",
ensure => present,
}
}
and then instantiate it with statements like this one in init.pp:
#desktop::vinstallopt { 'gdebi': queryresponse => 'false', }
But doing so gives an error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with argument error ArgumentError: Invalid resource type desktop::vinstallopt at /etc/puppet/modules/desktop/manifests/init.pp:40 on node machine.prvt.net
where line 40 has the syntax above. I'm a newbie with puppet, so my apologies if this turns out the be a simple syntax question. I've tried to find a way to make this work from the PuppetLabs documentation and from other puppet users, so far without luck.
You are trying to embed an if block inside a resource declaration. Alas, this is not possible. The block must be global or in a regular block (e.g., class body, define body, lambda body).
In this case, you want to "amend" the package resource, so to speak. I like to use the following construct for this purpose:
package { $title:
ensure => installed,
allow_virtual => true,
configfiles => keep,
}
if $queryresponse {
Package[$title] {
require => File["/var/cache/debconf/pkg-${title}.seeds"],
responsefile => "/var/cache/debconf/pkg-${title}.seeds",
}
}
Please note that this override syntax is only allowed in this scope because the require and responsefile attributes don't have any value assigned originally.
If I try to use create_resources like shown in http://docs.puppetlabs.com/references/latest/function.html#createresources:
class foobar
{
$myusers = {
'nick' => { uid => '1330',
group => allstaff,
groups => ['developers', 'operations', 'release'], },
'dan' => { uid => '1308',
group => allstaff,
groups => ['developers', 'prosvc', 'release'], }
}
create_resources(user, $myusers)
}
I get this error:
Error: undefined method `symbolizehash!' for Puppet::Util:Module
How do I get this working!?
The code that you've presented isn't a direct copy of the code from the source.
group => allstaff,
^ that should actually be:
gid => allstaff,
The thing is, 'group' isn't a valid parameter of the 'User' resource.
Ahh, nevermind; an old module I was using defined #create_resources on it's own..