feat: sign ssh host keys
- manage python script/venv to sign ssh host certificates - add approle_id to puppetmaster eyaml files - add class to sign ssh-rsa host keys - add facts to check if the current principals match the desired principals
This commit is contained in:
@@ -37,6 +37,14 @@ profiles::helpers::certmanager::vault_config:
|
||||
output_path: '/tmp/certmanager'
|
||||
role_id: "%{lookup('certmanager::role_id')}"
|
||||
|
||||
profiles::helpers::sshsignhost::vault_config:
|
||||
addr: 'https://vault.service.consul:8200'
|
||||
mount_point: 'ssh-host-signer'
|
||||
approle_path: 'approle'
|
||||
role_name: 'hostrole'
|
||||
output_path: '/tmp/sshsignhost'
|
||||
role_id: "%{lookup('sshsignhost::role_id')}"
|
||||
|
||||
profiles::puppet::server::agent_server: 'puppet.query.consul'
|
||||
profiles::puppet::server::report_server: 'puppet.query.consul'
|
||||
profiles::puppet::server::ca_server: 'puppetca.query.consul'
|
||||
|
||||
Reference in New Issue
Block a user