On Thu, Aug 30, 2012 at 11:40 AM, Calvin Walton <calvin.wal...@kepstin.ca> wrote: > On Thu, 2012-08-30 at 09:42 -0400, Eric Shamow wrote: >> On Thursday, August 30, 2012 at 9:41 AM, Sandra Schlichting wrote: >> >> > Hi, >> > >> > I would like to write a class that can copy /root/.ssh/id_dsa from node A >> > to node B. >> > >> > >> > The puppet master can login to node B without passphrase and append a key >> > >> > cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' >> > >> > So the question is how to copy /root/.ssh/id_dsa.pub from node A to the >> > puppet master and then push it to node B? > >> On the run so no time to write up a quick example - but take a look at >> exported resources. There's a design patterns page -- >> >> http://docs.puppetlabs.com/guides/exported_resources.html >> >> These are designed to do what you're looking for. > > Exported resources can do most of what you want, but there's still one > key problem that they don't solve: Getting the ssh public key > (/root/.ssh/id_rsa.pub or whatever) from the node to the puppet master. > > The only solution that I've seen for this so far is to write a custom > fact which would read the key from root/.ssh/id_rsa.pub and store it in > a variable like $root_ssh_id_rsa_pub or something - but that requires > that you run puppet twice! First to generate the key, then second to > read the key from the fact and publish the exported resource. > > Does anyone have any better ideas? > > I currently have a really nasty hack with a generator script that runs > on the puppet master, which works, but is a bit fragile - and will fail > if I ever want to scale to multiple puppet masters. It looks like this: > https://gist.github.com/3531206
Here is the script we use to do the same. I am not proud of all the locking stuff. Not sure if it is necessary or not, but it works. Just set $hostkeydir and $userkeydir for your environment, and it will manage ssh host keys. It will also do user keys, but I didn't put examples of that in the gist. git://gist.github.com/3534504.git -- Chad M. Huneycutt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.