From 5c729410824c817325e3d495aac932feda7574b9 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Dec 2010 16:22:24 +0100 Subject: Add a function to create ssh keys on the fly This allows you to use content of ssh keys within your manifests and generate them automatically if they don't exist yet. --- lib/puppet/parser/functions/ssh_keygen.rb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 lib/puppet/parser/functions/ssh_keygen.rb (limited to 'lib/puppet/parser/functions/ssh_keygen.rb') diff --git a/lib/puppet/parser/functions/ssh_keygen.rb b/lib/puppet/parser/functions/ssh_keygen.rb new file mode 100644 index 0000000..18b006a --- /dev/null +++ b/lib/puppet/parser/functions/ssh_keygen.rb @@ -0,0 +1,23 @@ +Puppet::Parser::Functions::newfunction(:ssh_keygen, :type => :rvalue, :doc => + "Returns an array containing the ssh private and public (in this order) key + for a certain private key path. + It will generate the keypair if both do not exist. It will also generate + the directory hierarchy if required. + It accepts only fully qualified paths, everything else will fail.") do |args| + raise Puppet::ParseError, "Wrong number of arguments" unless args.to_a.length == 1 + private_key_path = args + raise Puppet::ParseError, "Only fully qualified paths are accepted" unless private_key_path =~ /^\/.+/ + public_key_path = "#{private_key_path}.pub" + raise Puppet::ParseError, "Either only the private or only the public key exists" if File.exists?(private_key_path) ^ File.exists?(public_key_path) + [private_key_path,public_key_path].each do |path| + raise Puppet::ParseError, "#{path} is a directory" if File.directory?(path) + end + + dir = File.dirname(private_key_path) + Puppet::Util.recmkdir(dir,0700) unless File.directory?(dir) + unless [private_key_path,public_key_path].all?{|path| File.exists?(path) } + output = Puppet::Util.execute(['/usr/bin/ssh-keygen','-t', 'rsa', '-b', '4096', '-f', private_key_path, '-P', '', '-q']) + raise Puppet::ParseError, "Something went wrong during key generation! Output: #{output}" unless output.empty? + end + [File.read(private_key_path),File.read(public_key_path)] +end -- cgit v1.2.3 From 584cee72362cf5b2d822164ef6569fe4671eabf6 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Dec 2010 17:15:36 +0100 Subject: made error mesage a bit more verbose --- lib/puppet/parser/functions/ssh_keygen.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/puppet/parser/functions/ssh_keygen.rb') diff --git a/lib/puppet/parser/functions/ssh_keygen.rb b/lib/puppet/parser/functions/ssh_keygen.rb index 18b006a..24efe62 100644 --- a/lib/puppet/parser/functions/ssh_keygen.rb +++ b/lib/puppet/parser/functions/ssh_keygen.rb @@ -6,7 +6,7 @@ Puppet::Parser::Functions::newfunction(:ssh_keygen, :type => :rvalue, :doc => It accepts only fully qualified paths, everything else will fail.") do |args| raise Puppet::ParseError, "Wrong number of arguments" unless args.to_a.length == 1 private_key_path = args - raise Puppet::ParseError, "Only fully qualified paths are accepted" unless private_key_path =~ /^\/.+/ + raise Puppet::ParseError, "Only fully qualified paths are accepted (#{private_key_path})" unless private_key_path =~ /^\/.+/ public_key_path = "#{private_key_path}.pub" raise Puppet::ParseError, "Either only the private or only the public key exists" if File.exists?(private_key_path) ^ File.exists?(public_key_path) [private_key_path,public_key_path].each do |path| -- cgit v1.2.3 From fa3d9e165404a5ed686d152002e5f7fd21b21e30 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 16 Dec 2010 17:33:04 +0100 Subject: do some trickery as arguments from puppet are passed as an array --- lib/puppet/parser/functions/ssh_keygen.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/puppet/parser/functions/ssh_keygen.rb') diff --git a/lib/puppet/parser/functions/ssh_keygen.rb b/lib/puppet/parser/functions/ssh_keygen.rb index 24efe62..09b3d3b 100644 --- a/lib/puppet/parser/functions/ssh_keygen.rb +++ b/lib/puppet/parser/functions/ssh_keygen.rb @@ -5,7 +5,7 @@ Puppet::Parser::Functions::newfunction(:ssh_keygen, :type => :rvalue, :doc => the directory hierarchy if required. It accepts only fully qualified paths, everything else will fail.") do |args| raise Puppet::ParseError, "Wrong number of arguments" unless args.to_a.length == 1 - private_key_path = args + private_key_path = args.to_a[0] raise Puppet::ParseError, "Only fully qualified paths are accepted (#{private_key_path})" unless private_key_path =~ /^\/.+/ public_key_path = "#{private_key_path}.pub" raise Puppet::ParseError, "Either only the private or only the public key exists" if File.exists?(private_key_path) ^ File.exists?(public_key_path) -- cgit v1.2.3