https://github.com/markolson/chef-ssh
Chef cookbook for managing some mildly-difficult-to-automate SSH configuration
https://github.com/markolson/chef-ssh
Last synced: about 1 year ago
JSON representation
Chef cookbook for managing some mildly-difficult-to-automate SSH configuration
- Host: GitHub
- URL: https://github.com/markolson/chef-ssh
- Owner: markolson
- Created: 2013-01-02T01:55:17.000Z (over 13 years ago)
- Default Branch: master
- Last Pushed: 2021-11-29T16:43:22.000Z (over 4 years ago)
- Last Synced: 2025-04-09T04:03:33.654Z (about 1 year ago)
- Language: Ruby
- Homepage:
- Size: 103 KB
- Stars: 39
- Watchers: 5
- Forks: 54
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
Awesome Lists containing this project
README
# Chef SSH
## Description
Provides 3 LWRPs to manage system-wide and per-user `ssh_config` and `known_host` files.
## Setup
Include the `ssh` cookbook via Berkshelf or Librarian.
cookbook "ssh"
Or add the following line to your cookbook's `metadata.rb`.
depends "ssh"
## Usage
When using SSH with Chef deployments, it's crucial to not get any prompts for input. Adding entries to `known_hosts` files and better managing your per-connection configuration can help with this.
An important thing to note is that if you create a user during a chef run, be sure to reload OHAI data so that the new user will be in the node data. For instance:
ohai "reload_passwd" do
plugin "passwd"
end
The ssh cookbook bypasses this need somewhat by using ohai classes directly to discover your users' ssh paths. However
some of your cookbooks may not be as generous.
## Resources and Providers
### known_hosts
#### Actions
ActionDescriptionDefault
add
Adds an entry for the given host to a `known_hosts` file
Yes
remove
Removes entries for a host from a `known_hosts` file
#### Attributes
AttributeDescriptionDefault Value
host
Name attribute: the FQDN for a host to add to a `known_hosts` file
nil
port
The host's SSH port
22
hashed
A Boolean indicating if SSH is configured to use a hashed `known_hosts` file.
true
key
A full line to add to the file, instead of performing a lookup for the host.
nil
user
A username to add the `known_hosts` entry for. If unspecified, the known_host will be added system-wide. Note: if specified, the user
must already exist.
nil
path
A full path to a known_hosts file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user.
nil
#### Example
ssh_known_hosts "github.com" do
hashed true
user 'webapp'
end
### config
#### Actions
ActionDescriptionDefault
add
Adds an entry for the given host to a `ssh_config` file
Yes
remove
Removes entries for a host from a `ssh_config` file
#### Attributes
AttributeDescriptionDefault Value
host
Name attribute: the string to match when connecting to a host. This can be an IP, FQDN (github.com), or contain wildcards (*.prod.corp)
nil
options
A hash containing the key-values to write for the host in
true
user
A username to add the `ssh_config` entry for. If unspecified, the entry will be added system-wide. Note: if specified, the user
must already exist.
nil
path
A full path to a ssh config file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user.
nil
#### Example
ssh_config "github.com" do
options 'User' => 'git', 'IdentityFile' => '/var/apps/github_deploy_key'
user 'webapp'
end
### authorized_keys
The authorized_keys LWRP is considered _Beta_ due to the lack of tests for this resource. Use at your own risk,
and feel free to submit a PR for adding more tests.
Also of important note, typically when SSH keys are generated, the resulting file will have the type, key, and a comment.
The typical comment is just the `username@host`. This is __NOT__ part of the key. When setting your attributes,
please be sure to set only the key in the `key` field. See the example if you are still uncertain.
#### Actions
ActionDescriptionDefault
add
Adds an entry to the given user's authorized_keys file
Yes
remove
Removes an entry from the given user's authorized_keys file
<\tr>
modify
Updates an existing entry to the user's authorized_keys file, but only if the indicated `key` is present
<\tr>
__* please note that there is no `name` attribute for this resource. The name you assign is not used in the provider__
#### Attributes
AttributeDescriptionDefault Value
type
A string representing the type of key. Options include `ssh-rsa, ssh-dss, ssh-ed25519` and others
ssh-rsa
options
A hash containing the key-value pairs for options. Binary options such as `no-port-forwarding` should have a value of `nil`
{}
user
The user for which this key should be added
none - __REQUIRED__
comment
a comment to add to this entry (generally the `useranme@host` is added as a comment, but this is not required)
''
key
the actual key
none - __REQUIRED__
#### Example
ssh_authorized_keys "for remote access" do
options { 'cert-authority' => nil, :command => '/usr/bin/startup' }
user 'admin'
key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDzB76TOkrDRaevO3I1qzosRXliAuYdjcMejHwwL5v2hRqTrBePlMW6nqz8/JgLTzHn/KxzkrKLb0GlpPDrJ1KByWGYZsfydUfv7n1+5ogoA7UW7dUc4DoQtGPuy4Xe0enr88VfALlT11aWKAw8K/I39zWiPvJNX3Mks0f3/3smjLaQEnDWWWiawp5YgzJmyzsqZFZrrFCUgv7AP1EjZofWUcRvYEEjMhKsK+G2H2VCN7MpH0cJ97E0bKNQjHBrwGyMLQZUOndGakCuOuTLpikOXSpUUz5LwqCiRIj6iUtWevwk+AYLZwxPYQpCxFceVFDhPDaJQ85vweSq+HEg7hRujq9jO7vM9LIgjqg7fwQ2Ql6zO9NjXv2UalzBi0H2AbKT1V/PpNufPgolyb/dK7Jqpqu7Ytggctl2fGyLe8yVaC9gD+/BBeCl82LZI142kdXmf4WYcZgOgcRgGJrbSZjeMzX6zZpiD1AG3T7xyEn2twmC/TqptmQEAG2BBzGum+S6pU0rnOt2UJngRnviK2vptAWtRlSlsopySOXv+VbqUXhRjHRT/+2nq5Q4BWcjsZaaoo1uWh2glATRnGK995A1zJ3gWrBA+IaC6stKzjSG0KPwLjzHfPKbWjDX76D/qdo0qBN5hBiHDRfmiNqpNYS9NHACDZNVPBS5N1d5BUkyKw=='
type 'ssh-rsa'
comment 'gdidy@coolman.com'
end