Browse Source

ssh: add /root/.ssh/id_rsa(.pub) if ssh-key is set within pillar

Karsten Böddeker 7 years ago
parent
commit
f98571679f
2 changed files with 34 additions and 1 deletions
  1. 24 1
      ssh/init.sls
  2. 10 0
      zz_EXAMPLE_PILLAR/nodes/lnx02-pad.sls

+ 24 - 1
ssh/init.sls

@@ -24,7 +24,7 @@ ssh:
       - service: ssh
 
 
-# Create .ssh dir for user root and install authkeys
+# Create .ssh dir for user root
 /root/.ssh:
   file.directory:
     - user: root
@@ -42,3 +42,26 @@ ssh:
     - user: root
     - group: root
     - mode: 644
+    - require:
+      - file: /root/.ssh
+
+# Add SSH-Keys
+{% if 'root' in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ssh', []) %}
+/root/.ssh/id_rsa:
+  file.managed:
+    - contents_pillar: nodes:{{ grains['id'] }}:ssh:root:privkey
+    - user: root
+    - group: root
+    - mode: 600
+    - require:
+      - file: /root/.ssh
+
+/root/.ssh/id_rsa.pub:
+  file.managed:
+    - contents_pillar: nodes:{{ grains['id'] }}:ssh:root:pubkey
+    - user: root
+    - group: root
+    - mode: 644
+    - require:
+      - file: /root/.ssh
+{% endif %}

+ 10 - 0
zz_EXAMPLE_PILLAR/nodes/lnx02-pad.sls

@@ -79,3 +79,13 @@ lnx02.pad.in.ffho.net:
     cr02_eth1:
       desc: "cr02 internal trunk"
       bridge-vids: "1013 2000 2004 2006 3002"
+
+  ssh:
+    root:
+{% if grains['id'] == 'lnx02.pad.in.ffho.net' %}
+      privkey: |
+        -----BEGIN RSA PRIVATE KEY-----
+        ...
+        -----END RSA PRIVATE KEY-----
+{% endif %}
+      pubkey: ssh-rsa ABCD... root@lnx02.pad.in.ffho.net