From 0d82c620b8748afa9ae7964ce67eb1c252305cff Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 29 Apr 2014 08:24:21 -0700 Subject: [PATCH] Fix ssh key error and also remove duplicates We need specific key ids for keys, and if the key id changes, we need a way to delete old ones. We also need the file to be writable by at least the user so that puppet doesn't complain. Change-Id: I5718b80d844d5f95149d0e23d98960879955c43c --- modules/openstack_project/manifests/users.pp | 14 +++++++++++ modules/user/manifests/virtual/localuser.pp | 25 ++++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/modules/openstack_project/manifests/users.pp b/modules/openstack_project/manifests/users.pp index 0acd17962e..02cdc8772d 100644 --- a/modules/openstack_project/manifests/users.pp +++ b/modules/openstack_project/manifests/users.pp @@ -4,11 +4,13 @@ class openstack_project::users { @user::virtual::localuser { 'mordred': realname => 'Monty Taylor', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLsTZJ8hXTmzjKxYh/7V07mIy8xl2HL+9BaUlt6A6TMsL3LSvaVQNSgmXX5g0XfPWSCKmkZb1O28q49jQI2n7n7+sHkxn0dJDxj1N2oNrzNY7pDuPrdtCijczLFdievygXNhXNkQ2WIqHXDquN/jfLLJ9L0jxtxtsUMbiL2xxZEZcaf/K5MqyPhscpqiVNE1MjE4xgPbIbv8gCKtPpYIIrktOMb4JbV7rhOp5DcSP5gXtLhOF5fbBpZ+szqrTVUcBX0oTYr3iRfOje9WPsTZIk9vBfBtF416mCNxMSRc7KhSW727AnUu85hS0xiP0MRAf69KemG1OE1pW+LtDIAEYp', + key_id => 'mordred@camelot', } @user::virtual::localuser { 'corvus': realname => 'James E. Blair', sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAvKYcWK1T7e3PKSFiqb03EYktnoxVASpPoq2rJw2JvhsP0JfS+lKrPzpUQv7L4JCuQMsPNtZ8LnwVEft39k58Kh8XMebSfaqPYAZS5zCNvQUQIhP9myOevBZf4CDeG+gmssqRFcWEwIllfDuIzKBQGVbomR+Y5QuW0HczIbkoOYI6iyf2jB6xg+bmzR2HViofNrSa62CYmHS6dO04Z95J27w6jGWpEOTBjEQvnb9sdBc4EzaBVmxCpa2EilB1u0th7/DvuH0yP4T+X8G8UjW1gZCTOVw06fqlBCST4KjdWw1F/AuOCT7048klbf4H+mCTaEcPzzu3Fkv8ckMWtS/Z9Q==', + key_id => 'jeblair@operational-necessity', } @user::virtual::localuser { 'soren': @@ -19,6 +21,7 @@ class openstack_project::users { @user::virtual::localuser { 'smaffulli': realname => 'Stefano Maffulli', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/zAvXaOUXCAT6/B4sCMu/38d/PyOIg/tYsYFAMgfDUzuZwkjZWNGrTpp/HFrOAZISER5KmOg48DKPvm91AeZOHfAXHCP6x9/FcogP9rmc48ym1B5XyIc78QVQjgN6JMSlEZsl0GWzFhQsPDjXundflY07TZfSC1IhpG9UgzamEVFcRjmNztnBuvq2uYVGpdI+ghmqFw9kfvSXJvUbj/F7Pco5XyJBx2e+gofe+X/UNee75xgoU/FyE2a6dSSc4uP4oUBvxDNU3gIsUKrSCmV8NuVQvMB8C9gXYR+JqtcvUSS9DdUAA8StP65woVsvuU+lqb+HVAe71JotDfOBd6f', + key_id => 'stefano@mattone-E6420', } @user::virtual::localuser { 'linuxjedi': @@ -29,55 +32,66 @@ class openstack_project::users { @user::virtual::localuser { 'oubiwann': realname => 'Duncan McGreggor', sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAttca0Lahzo1rskWcCGwYh71ADmUsn/6RNBd7H7WVsX+QTacq90fpNghFNTen4I7tC1p0IemwHcCOb1noeXkjxl7W5r7l0OhiqMHp/u2ao0F3dINryuNEww2IHRhY6GwwGJ+slv+i4/FviUgqHZVzopUon/9VY0mu1wfu3vTRw0qXsvqr09Jiavt/8gJ0Fa5PsYkf7l0edFk0scTmGp3G4HY/ZvnbChfZMg6L/xcGPtK/GbLYg6PGtLVVnubXMtxD9GZYhwrY0i9Z2egcRI2W7IznM4OGFzYgA9HZqylPoWt4+ghzC5azUlbO2u6+8HigJVblAGHRWcznEf/ZDR3erw==', + key_id => 'oubiwann@rhosgobel', } @user::virtual::localuser { 'rockstar': realname => 'Paul Hummer', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDd4dPOAooCImpPulKIH82LqahC2wtQAZS/bFjNRpEILaYQMPCEpSMpjQmhcjdq+OBtsHMbqkSR+ZEoDrkhsI3Y6NVyTlGeFfwCPNNt2VeuJlKqRHUxxecp0IPWGSNl+YI5rjO5hTIZEo9T+hngX2b4k7aPm/naGcBVETMdYDZt9yhX37w5irRFdMfNDdSa3VfrhqV3Jjge/sXA5Tv35s0O6R55Ww5KfZRTpAMesHWkH9ch6xaHgexLNyCtekZQKNRLR5FCk1SYdcV+BJNlmiyjH4Ed+Oy/dFlGWPNARGwNgEWbInROEqXdWvQf+ZAfuwo32umVmmPhFrBxDYrFR1Gp', + key_id => 'rockstar@spackrace.local', } @user::virtual::localuser { 'clarkb': realname => 'Clark Boylan', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDlH6SNieyGDWNl4b9TM+zUgk+XTXRtqxyYxNh1p5e00u/ZrZPVrc7buPhnTHzEde0ABX0vgnZI2rC5Hf9cYY0aRgLHDuikQ4CQHPucslgZ5linjtWx5AuURp+oaJRCj00UZubJsatUx5vz+D4MGRLYmL+MErftYdI4sBbolATfLVwjrmxsd6KF1BZ0+9eEv2Xrk+yXN1A5RGPKBiuE6viDMZxrOuy7IW8+TQZW1LrsbTCAD1b+J5Nx0z/Hn3Rz71zEibdwM9xgu5vROu3p9kdaxu+Ndg/SvCCWlzoLQSeIAmcfGUlWg9IjEc3sQexX9BmUAsKQtu3aZFgq2V7aqtDN', + key_id => 'boylandcl@boylancl1', } @user::virtual::localuser { 'rlane': realname => 'Ryan Lane', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCdtI7H+fsgSrjrdG8aGVcrN0GFW3XqLVsLG4n7JW4qH2W//hqgdL7A7cNVQNPoB9I1jAqvnO2Ct6wrVSh84QU89Uufw412M3qNSNeiGgv2c2KdxP2XBrnsLYAaJRbgOWJX7nty1jpO0xwF503ky2W3OMUsCXMAbYmYNSod6gAdzf5Xgo/3+eXRh7NbV1eKPrzwWoMOYh9T0Mvmokon/GXV5PiAA2bIaQvCy4BH/BzWiQwRM7KtiEt5lHahY172aEu+dcWxciuxHqkYqlKhbU+x1fwZJ+MpXSj5KBU+L0yf3iKySob7g6DZDST/Ylcm4MMjpOy8/9Cc6Xgpx77E/Pvd', + key_id => 'laner@Free-Public-Wifi.local', } @user::virtual::localuser { 'fungi': realname => 'Jeremy Stanley', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC1uFP7IuJLWZD12BJEHhakphaLfwe/rkvRJVM/JfywKuCZSXJo2HpRLw1dM8HAOlXfyrYRZ+O374rluw9RoL2KVyxWPo2Lac6XTKR4yacIgV3Mnx/j04hdHuNDZsVmONG1FDq+11pXuObYx5Of+yHDDQK35/7wDGRDv93QYhEwh8nYaW3Dol3HtqF0e4pjkAgQhjhqUk6A/+A4CQHgomQV8XkAxEdf0O37OhHZRCgTxmdgDykEZT72t3YbCXdmtnEmqEP9FzFM/CXryQ8nf9IWcfaw70bFbSgWFs12u1EeV7a3mubdy6HfC2E/OfxQnRI59CoqWVMOY8jCuTv7FdsX', + key_id => 'fungi-openstack-2013', } @user::virtual::localuser { 'ttx': realname => 'Thierry Carrez', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDIF2INBeJdT3nT3+3yac+DGRQVN7wPv/GTb/OPDocQhfGMeQP7JwSURiv1nrXGbbjzuip7l7vRJs4u4NqXkUi0GFj1aLBpUm2Z1NFFDn4cuZ5KCYX6rjVrDYIpj4OlOyzt9YGONvvH/dB2GHw8kYbN50OalFWQCS0TVzj9SQbO47B/TPdtLnh116yEP5AXZZUGgl+q533/x8+nxAxJKA9iAk3mSswl67gXc4pRo84pjwpx+R/52ha6RfmLkoNAEOqtr5MGx5gyW+WXsoLJBl2bjcfzYoQI7gPWRIn+rtCnDFi762TS54zstXxR1ww+ppmqHk04l2oprNoI0wr00Fsl', + key_id => 'ttx@stardust', } @user::virtual::localuser { 'rbryant': realname => 'Russell Bryant', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDZVikFz5KoRg3gKdiSa3PQ0i2bN5+bUyc4lMMg6P+jEStVddwN+nAgpa3zJaokmNAOp+MjcGa7K1Zi4b9Fe2ufusTzSKdNVlRDiw0R4Lk0LwTIfkhLywKvgcAz8hkqWPUIgTMU4xIizh50KTL9Ttsu9ULop8t7urTpPE4TthHX4nz1Y9NwYLU0W8cWhzgRonBbqtGs/Lif0NC+TdWGkVyTaP3x1A48s0SMPcZKln1hDv7KbKdknG4XyS4jlr4qI+R+har7m2ED/PH93PSXi5QnT4U6laWRg03HTxpPKWq077u/tPW9wcbkgpBcYMmDKTo/NDPtoN+r/jkbdW7zKJHx', + key_id => 'russel@russelbryant.net', } @user::virtual::localuser { 'pabelanger': realname => 'Paul Belanger', sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAv0YOn34s5fMC/VTw6tn2Js/7jXqWzee9Kbf4NNJ+WiBZ7rtV0F2Jhz9OjfRdja7d8X3M01NFoufPJm5hpMEAvguxSoL0/lm44dcZ7QKT9tfmreAXIbc/2yBEMb7F+ljDldjDmR8Y6+UvTReRoO4lhvYgppH8E2Yo6g+UtS3710u5wqUwl0B5CZmT0j4FbQCMJp4KuscI6zFbuipVw8I10kXv6G/xaIWt/ZdIJRpFo9NVsDreUEeZoi6aRg2YisdzGFcJawy3OKgRh9WyZ7R+lPdvtTAqOnX6m6CS2I4LM3+xuTegiOEPzMCYY7UGx8nKNPQXzBEtGAegfQMwMP+MUQ==', + key_id => 'paul.belanger@polybeacon.com', } @user::virtual::localuser { 'mkiss': realname => 'Marton Kiss', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCb5qdaiKaRqBRgLW8Df+zD3C4a+gO/GFZYEDEd5nvk+LDGPuzi6s639DLqdfx6yvJ1sxxNUOOYhE/T7raDeS8m8fjk0hdVzARXraYDbckt6AELl7B16ZM4aEzjAPoSByizmfwIVkO1zP6kghyumV1kr5Nqx0hTd5/thIzgwdaGBY4I+5iqcWncuLyBCs34oTh/S+QFzjmMgoT86PrdLSsBIINx/4rb2Br2Sb6pRHmzbU+3evnytdlDFwDUPfdzoCaQEdXtjISC0xBdmnjEvHJYgmSkWMZGgRgomrA06Al9M9+2PR7x+burLVVsZf9keRoC7RYLAcryRbGMExC17skL', + key_id => 'marton.kiss@gmail.com', } @user::virtual::localuser { 'smarcet': realname => 'Sebastian Marcet', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDP5ce0Ywtbgi3LGMZWA5Zlv/EQ07F/gWnZOMN6TRfiCiiBNyf8ARtKgmYSINS8W537HJYBt3qTfa5xkZmpBrtE6x8OTfR5y1L+x/PrLTUkQhVDY19EixD9wDIrQIIjo2ZVq+zErXBRQuGmJ3Hl+OGw+wtvGS8f768kMnwhKUgyITjWV2tKr/q88J8mBOep48XUcRhidDWsOjgIDJQeY2lbsx1bbZ7necrJS17PHqxhUbWntyR/VKKbBbrNmf2bhtTRUSYoJuqabyGDTZ0J25A88Qt2IKELy6jsVTxHj9Y5D8oH57uB7GaNsNiU+CaOcVfwOenES9mcWOr1t5zNOdrp', + key_id => 'smarcet@gmail.com', } @user::virtual::localuser { 'zaro': realname => 'Khai Do', sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDJqB//ilMx7Y1tKzviAn/6yeXSRAi2VnaGN0/bfaa5Gciz+SWt8vAEAUE99fzuqeJ/ezjkuIXDFm/sjZr93y567a6sDT6CuhVUac1FZIhXRTs0J+pBOiENbwQ7RZxbkyNHQ0ndvtz3kBA1DF5D+MDkluBlIWb085Z31rFJmetsB2Zb8s1FKUjHVk/skyeKSj0qAK5KN3Wme6peWhYjwBiM0gUlxIsEZM6JLYdoPIbD5B8GYAktMN2FvJU9LgKGL93jLZ/vnMtoQIHHAG/85NdPURL1Zbi92Xlxbm4LkbcHnruBdmtPfSgaEupwJ+zFmK264OHD7QFt10ztPMbAFCFn', + key_id => 'khaido@khaido-HP-EliteBook-Folio-9470m', } } diff --git a/modules/user/manifests/virtual/localuser.pp b/modules/user/manifests/virtual/localuser.pp index 4c3550e1c2..77235ffc74 100644 --- a/modules/user/manifests/virtual/localuser.pp +++ b/modules/user/manifests/virtual/localuser.pp @@ -6,6 +6,8 @@ define user::virtual::localuser( $realname, $groups = [ 'sudo', 'admin', ], $sshkeys = '', + $key_id = '', + $old_keys = [], $shell = '/bin/bash', $home = "/home/${title}", $managehome = true @@ -36,12 +38,31 @@ define user::virtual::localuser( require => User[$title], } - ssh_authorized_key { "${title}_keys": + file { "${title}_keyfile": + ensure => present, + mode => '0600', + name => "${home}/.ssh/authorized_keys", + require => File["${title}_sshdir"], + } + + ssh_authorized_key { $key_id: ensure => present, key => $sshkeys, user => $title, type => 'ssh-rsa', - require => File["${title}_sshdir"], + require => File["${title}_keyfile"], + } + + ssh_authorized_key { "${title}_keys": + ensure => absent, + user => $title, + } + + if ( $old_keys != [] ) { + ssh_authorized_key { $old_keys: + ensure => absent, + user => $title, + } } }