Manage ssh_known_hosts with puppet

Question

I'm new to Puppet (open source version) and have a relatively straightforward question.

When I bring up a new host, I'd like the puppetmaster to add the new host's public rsa key to /etc/ssh/ssh_known_hosts, and so the updated ssh_known_hosts file will be available to be pulled down by puppet agents.

I've tried the sshkey resource:

# /etc/puppet/modules/ssh/manifests/client.pp

sshkey { $hostname:
    ensure => present,
    type => "rsa",
    key  => $sshrsakey,
}

However, ssh_known_hosts does not appear to be modified on the puppetmaster, or agent for that matter. My manifest passes syntax validation when I run puppet parser validate client.pp and running puppet agent --test on the agent does not report any issues.

Do I have to have Stored Configs set up in order to use the sshkey resource? I like the features of Stored Configs, but it seems like overkill for what I need and seems to add lots of overhead. My other option is to spit the $sshrsakey fact to a file, but it will need to check for the existence of the public key so it doesn't get added more than once.

Jeff Ferland · Accepted Answer · 2012-05-22T15:03:06.920

8

Yes, you need to have stored configs enabled.

On each host, you'll want to collect the keys into the stored configs database (note the @@):

@@sshkey { $hostname:
    ensure => present,
    type => "rsa",
    key  => $sshrsakey,
}

Then, you'll want to write them to the file on each host as well.

Sshkey <<| |>>

edited May 22 '12 at 15:03

answered May 22 '12 at 14:55

Jeff Ferland

20,987

Manage ssh_known_hosts with puppet

1 Answers1