feat: sign ssh host keys

- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
This commit is contained in:
2024-05-26 14:57:34 +10:00
parent cc7165055d
commit b468f67103
11 changed files with 288 additions and 0 deletions
@@ -0,0 +1,10 @@
# frozen_string_literal: true
# lib/facter/sshd_host_cert_exists.rb
require 'puppet'
Facter.add('sshd_host_cert_exists') do
setcode do
File.exist?('/etc/ssh/ssh_host_rsa_key-cert.pem')
end
end