Fix ssh key error and also remove duplicates

We need specific key ids for keys, and if the key id changes, we need a way to delete old ones. We also need the file to be writable by at least the user so that puppet doesn't complain. Change-Id: I5718b80d844d5f95149d0e23d98960879955c43c
2014-04-29 08:24:21 -07:00 · 2014-04-29 08:24:21 -07:00 · ff3de251c9
parent ac74cc2a0b
commit ff3de251c9
1 changed files with 23 additions and 2 deletions
--- a/manifests/virtual/localuser.pp
+++ b/manifests/virtual/localuser.pp
@ -6,6 +6,8 @@ define user::virtual::localuser(
  $realname,
  $groups     = [ 'sudo', 'admin', ],
  $sshkeys    = '',
+  $key_id     = '',
+  $old_keys   = [],
  $shell      = '/bin/bash',
  $home       = "/home/${title}",
  $managehome = true
@ -36,12 +38,31 @@ define user::virtual::localuser(
    require => User[$title],
  }

-  ssh_authorized_key { "${title}_keys":
+  file { "${title}_keyfile":
+    ensure  => present,
+    mode    => '0600',
+    name    => "${home}/.ssh/authorized_keys",
+    require => File["${title}_sshdir"],
+  }
+
+  ssh_authorized_key { $key_id:
    ensure  => present,
    key     => $sshkeys,
    user    => $title,
    type    => 'ssh-rsa',
-    require => File["${title}_sshdir"],
+    require => File["${title}_keyfile"],
+  }
+
+  ssh_authorized_key { "${title}_keys":
+    ensure => absent,
+    user   => $title,
+  }
+
+  if ( $old_keys != [] ) {
+    ssh_authorized_key { $old_keys:
+      ensure => absent,
+      user   => $title,
+    }
  }
 }