Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mk

Conflicts:
	platform.rb

3 files changed, 25 insertions, 0 deletions

diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 90dd2d0e..d2b13822 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,5 +1,6 @@
 class site_sshd {
   $ssh = hiera_hash('ssh')
+  $hosts = hiera_hash('hosts')
 
   ##
   ## SETUP AUTHORIZED KEYS
@@ -12,6 +13,14 @@ class site_sshd {
   }
 
   ##
+  ## SETUP KNOWN HOSTS
+  ##
+
+  class { 'site_sshd::known_hosts':
+    hosts => $hosts
+  }
+
+  ##
   ## OPTIONAL MOSH SUPPORT
   ##
 
diff --git a/puppet/modules/site_sshd/manifests/known_hosts.pp b/puppet/modules/site_sshd/manifests/known_hosts.pp
new file mode 100644
index 00000000..290ffd0b
--- /dev/null
+++ b/puppet/modules/site_sshd/manifests/known_hosts.pp
@@ -0,0 +1,11 @@
+class site_sshd::known_hosts ($hosts) {
+  # these owner and permissions seem odd to me, but it is what is defined
+  # in modules/sshd/manifests/client/base.pp, so we are going to stick with it.
+  file { '/etc/ssh/ssh_known_hosts':
+    ensure  => present,
+    owner   => root,
+    group   => 0,
+    mode    => '0644',
+    content => template('site_sshd/ssh_known_hosts.erb');
+  }
+}
diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
new file mode 100644
index 00000000..c5a71378
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
@@ -0,0 +1,5 @@
+# This file is generated by Puppet
+
+<% hosts.sort.each do |name, hash| -%>
+<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% end -%>