feat: sign ssh host keys
- manage python script/venv to sign ssh host certificates - add approle_id to puppetmaster eyaml files - add class to sign ssh-rsa host keys - add facts to check if the current principals match the desired principals
This commit is contained in:
@@ -0,0 +1,10 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/sshd_host_cert_exists.rb
|
||||
require 'puppet'
|
||||
|
||||
Facter.add('sshd_host_cert_exists') do
|
||||
setcode do
|
||||
File.exist?('/etc/ssh/ssh_host_rsa_key-cert.pem')
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,15 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# lib/facter/sshd_host_principals.rb
|
||||
require 'puppet'
|
||||
|
||||
Facter.add('sshd_host_principals') do
|
||||
setcode do
|
||||
principals_file = '/etc/ssh/host_principals'
|
||||
if File.exist?(principals_file)
|
||||
File.read(principals_file).split("\n")
|
||||
else
|
||||
[]
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user