feat: sign ssh host keys

- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
This commit is contained in:
2024-05-26 14:57:34 +10:00
parent cc7165055d
commit b468f67103
11 changed files with 288 additions and 0 deletions
@@ -0,0 +1,10 @@
# frozen_string_literal: true
# lib/facter/sshd_host_cert_exists.rb
require 'puppet'
Facter.add('sshd_host_cert_exists') do
setcode do
File.exist?('/etc/ssh/ssh_host_rsa_key-cert.pem')
end
end
@@ -0,0 +1,15 @@
# frozen_string_literal: true
# lib/facter/sshd_host_principals.rb
require 'puppet'
Facter.add('sshd_host_principals') do
setcode do
principals_file = '/etc/ssh/host_principals'
if File.exist?(principals_file)
File.read(principals_file).split("\n")
else
[]
end
end
end