Manage ssh_known_hosts with puppet
I'm new to Puppet (open source version) and have a relatively straightforward question.
When I bring up a new host, I'd like the puppetmaster to add the new host's public rsa key to /etc/ssh/ssh_known_hosts, and so the updated ssh_known_hosts file will be available to be pulled down by puppet agents.
I've tried the sshkey
resource:
# /etc/puppet/modules/ssh/manifests/client.pp
sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
However, ssh_known_hosts does not appear to be modified on the puppetmaster, or agent for that matter. My manifest passes syntax validation when I run puppet parser validate client.pp
and running puppet agent --test
on the agent does not report any issues.
Do I have to have Stored Configs set up in order to use the sshkey resource? I like the features of Stored Configs, but it seems like overkill for what I need and seems to add lots of overhead. My other option is to spit the $sshrsakey
fact to a file
, but it will need to check for the existence of the public key so it doesn't get added more than once.
Yes, you need to have stored configs enabled.
On each host, you'll want to collect the keys into the stored configs database (note the @@
):
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
Then, you'll want to write them to the file on each host as well.
Sshkey <<| |>>