Giter Site home page Giter Site logo

chef-ssh's Introduction

Chef SSH

Description

Provides 3 LWRPs to manage system-wide and per-user ssh_config and known_host files.

Setup

Include the ssh cookbook via Berkshelf or Librarian.

cookbook "ssh"

Or add the following line to your cookbook's metadata.rb.

depends "ssh"

Usage

When using SSH with Chef deployments, it's crucial to not get any prompts for input. Adding entries to known_hosts files and better managing your per-connection configuration can help with this.

An important thing to note is that if you create a user during a chef run, be sure to reload OHAI data so that the new user will be in the node data. For instance:

ohai "reload_passwd" do
    plugin "passwd"
end

The ssh cookbook bypasses this need somewhat by using ohai classes directly to discover your users' ssh paths. However some of your cookbooks may not be as generous.

Resources and Providers

known_hosts

Actions

ActionDescriptionDefault
add Adds an entry for the given host to a `known_hosts` file Yes
remove Removes entries for a host from a `known_hosts` file  

Attributes

AttributeDescriptionDefault Value
host Name attribute: the FQDN for a host to add to a `known_hosts` file nil
port The host's SSH port 22
hashed A Boolean indicating if SSH is configured to use a hashed `known_hosts` file. true
key A full line to add to the file, instead of performing a lookup for the host. nil
user A username to add the `known_hosts` entry for. If unspecified, the known_host will be added system-wide. Note: if specified, the user must already exist. nil
path A full path to a known_hosts file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user. nil

Example

ssh_known_hosts "github.com" do
  hashed true
  user 'webapp'
end

config

Actions

ActionDescriptionDefault
add Adds an entry for the given host to a `ssh_config` file Yes
remove Removes entries for a host from a `ssh_config` file  

Attributes

AttributeDescriptionDefault Value
host Name attribute: the string to match when connecting to a host. This can be an IP, FQDN (github.com), or contain wildcards (*.prod.corp) nil
options A hash containing the key-values to write for the host in true
user A username to add the `ssh_config` entry for. If unspecified, the entry will be added system-wide. Note: if specified, the user must already exist. nil
path A full path to a ssh config file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user. nil

Example

ssh_config "github.com" do
  options 'User' => 'git', 'IdentityFile' => '/var/apps/github_deploy_key'
  user 'webapp'
end

authorized_keys

The authorized_keys LWRP is considered Beta due to the lack of tests for this resource. Use at your own risk, and feel free to submit a PR for adding more tests.

Also of important note, typically when SSH keys are generated, the resulting file will have the type, key, and a comment. The typical comment is just the username@host. This is NOT part of the key. When setting your attributes, please be sure to set only the key in the key field. See the example if you are still uncertain.

Actions

<\tr> <\tr>
ActionDescriptionDefault
add Adds an entry to the given user's authorized_keys file Yes
remove Removes an entry from the given user's authorized_keys file  
modify Updates an existing entry to the user's authorized_keys file, but only if the indicated `key` is present  

* please note that there is no name attribute for this resource. The name you assign is not used in the provider

Attributes

AttributeDescriptionDefault Value
type A string representing the type of key. Options include `ssh-rsa, ssh-dss, ssh-ed25519` and others ssh-rsa
options A hash containing the key-value pairs for options. Binary options such as `no-port-forwarding` should have a value of `nil` {}
user The user for which this key should be added none - __REQUIRED__
comment a comment to add to this entry (generally the `useranme@host` is added as a comment, but this is not required) ''
key the actual key none - __REQUIRED__

Example

ssh_authorized_keys "for remote access" do
  options { 'cert-authority' => nil, :command => '/usr/bin/startup' }
  user 'admin'
  key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDzB76TOkrDRaevO3I1qzosRXliAuYdjcMejHwwL5v2hRqTrBePlMW6nqz8/JgLTzHn/KxzkrKLb0GlpPDrJ1KByWGYZsfydUfv7n1+5ogoA7UW7dUc4DoQtGPuy4Xe0enr88VfALlT11aWKAw8K/I39zWiPvJNX3Mks0f3/3smjLaQEnDWWWiawp5YgzJmyzsqZFZrrFCUgv7AP1EjZofWUcRvYEEjMhKsK+G2H2VCN7MpH0cJ97E0bKNQjHBrwGyMLQZUOndGakCuOuTLpikOXSpUUz5LwqCiRIj6iUtWevwk+AYLZwxPYQpCxFceVFDhPDaJQ85vweSq+HEg7hRujq9jO7vM9LIgjqg7fwQ2Ql6zO9NjXv2UalzBi0H2AbKT1V/PpNufPgolyb/dK7Jqpqu7Ytggctl2fGyLe8yVaC9gD+/BBeCl82LZI142kdXmf4WYcZgOgcRgGJrbSZjeMzX6zZpiD1AG3T7xyEn2twmC/TqptmQEAG2BBzGum+S6pU0rnOt2UJngRnviK2vptAWtRlSlsopySOXv+VbqUXhRjHRT/+2nq5Q4BWcjsZaaoo1uWh2glATRnGK995A1zJ3gWrBA+IaC6stKzjSG0KPwLjzHfPKbWjDX76D/qdo0qBN5hBiHDRfmiNqpNYS9NHACDZNVPBS5N1d5BUkyKw=='
  type 'ssh-rsa'
  comment '[email protected]'
end

chef-ssh's People

Contributors

aki77 avatar analogj avatar atward avatar btisdall avatar chazzly avatar clockwerx avatar figadore avatar javierav avatar joelwurtz avatar jwreagor avatar markolson avatar pierrerambaud avatar rampire avatar scottatron avatar sliim avatar stissot avatar tejaycar avatar tomduckering avatar vincentgijsen avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

zehnergroup joelwurtz vincentgijsen rud5g miketheman alex-slynko eanrollings scottatron needle-cookbooks dldinternet bscott nikushi semitaho styletag-user kampfschlaefer btisdall cotap tikalk-cookbooks jgoldschrafe rampire lightspeedretail gswallow tejaycar brianhahn11 j27lee jwreagor fasher john-coleman imagemetrics ravenb mohitsethi ralphm jmahowald scalp42 clockwerx blairham jochenseeber rongshen-daqri sbdevaws vinyar chazzly suthsc tecnocratica taylormonacelli dquiles iheartchef markjeee julienlevasseur florian-asche ecodev creativemarket

chef-ssh's Issues

Build 0.7.0

  • Update Changelog
  • Fix Markdown so it works on the Opscode site
  • Update Version
  • Yay!

Cannot find a resource for only_if on centos version 6.4 

Recipe: apps::storm�[0m
  * ssh_known_hosts[files.htw.com.au] action add�[0m[2013-10-15T12:40:12+10:00] INFO: Processing ssh_known_hosts[files.htw.com.au] action add (apps::storm line 149)
# files.htw.com.au SSH-2.0-OpenSSH_5.3
�[0m
================================================================================�[0m
�[31mError executing action `add` on resource 'ssh_known_hosts[files.htw.com.au]'�[0m
================================================================================�[0m

�[0m
NameError�[0m
---------�[0m
Cannot find a resource for only_if on centos version 6.4�[0m

�[0m
Cookbook Trace:�[0m
---------------�[0m
/tmp/chef/cookbooks/ssh/providers/known_hosts.rb:22:in `block (2 levels) in class_from_file'
/tmp/chef/cookbooks/ssh/providers/known_hosts.rb:21:in `block in class_from_file'�[0m

�[0m
Resource Declaration:�[0m
---------------------�[0m
# In /tmp/chef/site-cookbooks/apps/recipes/storm.rb

149: ssh_known_hosts node['backup']['host'] do
150:   hashed false
151: end
152: 
�[0m

�[0m
Compiled Resource:�[0m
------------------�[0m
# Declared in /tmp/chef/site-cookbooks/apps/recipes/storm.rb:149:in `from_file'

ssh_known_hosts("files.htw.com.au") do
  action :add
  retries 0
  retry_delay 2
  cookbook_name :apps
  recipe_name "storm"
  host "files.htw.com.au"
end
�[0m

�[0m


[2013-10-15T12:40:12+10:00] DEBUG: Re-raising exception: NameError - ssh_known_hosts[files.htw.com.au] (apps::storm line 149) had an error: NameError: Cannot find a resource for only_if on centos version 6.4
/opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_platform_map.rb:126:in `get'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource.rb:761:in `resource_for_platform'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource.rb:778:in `resource_for_node'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/dsl/recipe.rb:55:in `method_missing'
  /tmp/chef/cookbooks/ssh/providers/known_hosts.rb:22:in `block (2 levels) in class_from_file'
  /opt/chef/embedded/lib/ruby/1.9.1/logger.rb:371:in `add'
  /opt/chef/embedded/lib/ruby/1.9.1/logger.rb:399:in `debug'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-log-1.6.0/lib/mixlib/log.rb:113:in `block in debug'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-log-1.6.0/lib/mixlib/log.rb:113:in `each'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/mixlib-log-1.6.0/lib/mixlib/log.rb:113:in `debug'
  /tmp/chef/cookbooks/ssh/providers/known_hosts.rb:21:in `block in class_from_file'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/provider/lwrp_base.rb:138:in `instance_eval'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/provider/lwrp_base.rb:138:in `block in action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/provider.rb:118:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource.rb:606:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/runner.rb:50:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/runner.rb:82:in `block (2 levels) in converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/runner.rb:82:in `each'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/runner.rb:82:in `block in converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection.rb:94:in `block in execute_each_resource'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/resource_collection.rb:92:in `execute_each_resource'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/runner.rb:81:in `converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/client.rb:404:in `converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/client.rb:469:in `do_run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/client.rb:200:in `run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/application.rb:190:in `run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/application/solo.rb:239:in `block in run_application'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/application/solo.rb:231:in `loop'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/application/solo.rb:231:in `run_application'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/lib/chef/application.rb:73:in `run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.4.4/bin/chef-solo:25:in `<top (required)>'
  /usr/bin/chef-solo:23:in `load'
  /usr/bin/chef-solo:23:in `<main>'

Running ssh cookbook on RHEL occurs error

Running ssh cookbook on RHEL OS occurs error because there is no ssh package in yum.

  * yum_package[ssh] action install
    * No version specified, and no candidate version available for ssh
    ================================================================================
    Error executing action `install` on resource 'yum_package[ssh]'
    ================================================================================

    Chef::Exceptions::Package
    -------------------------
    No version specified, and no candidate version available for ssh

    Resource Declaration:
    ---------------------
    # In /home/ec2-user/chef-solo/cookbooks-2/ssh/recipes/default.rb

      5: package 'ssh' do
      6:   action :install
      7: end

    Compiled Resource:
    ------------------
    # Declared in /home/ec2-user/chef-solo/cookbooks-2/ssh/recipes/default.rb:5:in `from_file'

    yum_package("ssh") do
      action [:install]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      package_name "ssh"
      timeout 900
      flush_cache {:before=>false, :after=>false}
      declared_type :package
      cookbook_name :ssh
      recipe_name "default"
    end

I think there is no need to install ssh package because running chef itself guarantees ssh is installed on the system already.

resource.name is used for Host instead of resource.host

hey,

i'm working with version 0.10.2 and for the lwrp ssh_config it seems to use the name attribute for the Host instead of using the host attribute.

example:

ssh_config 'github config for user root' do
  host 'github.com'
  options(
    'HostName' => 'github.com',
    'User' => 'git',
    'IdentityFile' => '/root/.ssh/id_rsa_github'
  )
end

creates the following:

$ cat /root/.ssh/config
# Created by Chef for tm-infrastructure-chef

Host github config for user root
  HostName github.com
  User git
  IdentityFile /root/.ssh/id_rsa_github

known_host port format fails for some linux distributions

Amazon linux new AMI 2017.09 breaks when using hashed entries with alternate ports, or rather ignores them. As far as I've found the []:port# isn't needed and the known_host file works fine on the few linux distros I've checked without them. The fix that worked for me was to simply strip out the added syntax returned from the call to ssh-keyscan for non-standard ports. This also makes matching easier basically just an added conditional with regex and all was fine:

if new_resource.port == 22
new_resource.key keyscan.stdout.strip
else
new_resource.key keyscan.stdout.strip.sub(/[(.)].+(ssh.)/, '\1 \2')
end

ssh_known_hosts create duplicate entries

Hello, I'm using version 0.10.16, but I got duplicate entries in known_hosts file.
I call functions like this:

ssh_known_hosts "github.com" do
hashed false
path '/var/lib/jenkins/.ssh/known_hosts'
end

I ran the cookbook 3 times using kitchen converge, and I found 3 set of records in /var/lib/jenkins/.ssh/known_hosts file.

I found on stackoverflow saying this issue has been fixed long time ago, I'm not sure why I'm still seeing it. Could you help me?

Thanks

TypeError: no implicit conversion of Symbol into Integer when empty line is present in the authorized_keys file

I don't know how the empty line got in to the authorized_keys file (maybe this is another bug in this cookbook), but when the first line is empty and we try to maintain the key which already exists (nothing should change) we get an exception.

Removing a line by hand works.

Cookbook version:

name             'ssh'
maintainer       'Tejay Cardon'
maintainer_email '[email protected]'
license          'Apache 2.0'
description      'LWRPs for managing SSH known_hosts and config files'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version          '0.10.24'
issues_url 'https://github.com/markolson/chef-ssh/issues'
source_url 'https://github.com/markolson/chef-ssh'

supports 'ubuntu'
supports 'rhel'

Stacktrace:

  * ssh_authorized_keys[remote server access for Xxxx - 201909] action add
    
    ================================================================================
    Error executing action `add` on resource 'ssh_authorized_keys[remote server access for Xxxx - 201909]'
    ================================================================================
    
    TypeError
    ---------
    no implicit conversion of Symbol into Integer
    
    Cookbook Trace:
    ---------------
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:25:in `[]'
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:25:in `block (2 levels) in class_from_file'
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:25:in `each'
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:25:in `find'
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:25:in `block in class_from_file'
    /etc/chef/local-mode-cache/cache/cookbooks/ssh/providers/authorized_keys.rb:13:in `block in class_from_file'
    
    Resource Declaration:
    ---------------------
    # In /etc/chef/local-mode-cache/cache/cookbooks/lmcrm/recipes/user.rb
    
     76: ssh_authorized_keys "remote server access for Xxxx - 201909" do
     77: 	user 'xxx'
     78: 	key 'AAAAB3NzaC1yc2EAAAABJQAAAQEA4ntKq2j33CIKgoqNpd1aYPWVs3sR1yNV/G8kdpV1VNs7oAJqkVugEX7cbSlP8UEdYDfIvu0yEzwL850eoze03SY0ZCELfPeh9mR/zqd1i0a8cK7BQrUpruerCtEy8mXEtSh9DqcjTSpDqeuJC9eHJHbMkSR9OEOkCh4GPVNUUho0tSvzPBN07ewP4cuRe2Fx0xLtuVWllPFGELE48MW+l5hYLcfV5gIegQzgoYtjAX2XrSs8/gpQsp0IcVjPCC4wj9tLhLkTfs8sJR4mpFwZIbHide2fAyb7xKkdDU7lkS+ZDVcbM41Cia5noTJoQIcqoLmnfjTCOxtCI19ahZJuZQ=='
     79: 	comment 'Xxxx'
     80: 
     81: end
     82: user 'zzzz' do
    
    Compiled Resource:
    ------------------
    # Declared in /etc/chef/local-mode-cache/cache/cookbooks/lmcrm/recipes/user.rb:76:in `from_file'
    
    ssh_authorized_keys("remote server access for Xxxx - 201909") do
      action [:add]
      default_guard_interpreter :default
      declared_type :ssh_authorized_keys
      cookbook_name "yyy"
      recipe_name "user"
      user "xxx"
      key "AAAAB3NzaC1yc2EAAAABJQAAAQEA4ntKq2j33CIKgoqNpd1aYPWVs3sR1yNV/G8kdpV1VNs7oAJqkVugEX7cbSlP8UEdYDfIvu0yEzwL850eoze03SY0ZCELfPeh9mR/zqd1i0a8cK7BQrUpruerCtEy8mXEtSh9DqcjTSpDqeuJC9eHJHbMkSR9OEOkCh4GPVNUUho0tSvzPBN07ewP4cuRe2Fx0xLtuVWllPFGELE48MW+l5hYLcfV5gIegQzgoYtjAX2XrSs8/gpQsp0IcVjPCC4wj9tLhLkTfs8sJR4mpFwZIbHide2fAyb7xKkdDU7lkS+ZDVcbM41Cia5noTJoQIcqoLmnfjTCOxtCI19ahZJuZQ=="
      comment "Xxxx"
    end
    
    System Info:
    ------------
    chef_version=13.0.118
    platform=debian
    platform_version=6.0.4
    ruby=ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux]
    program_name=chef-solo worker: ppid=28010;start=11:32:37;
    executable=/opt/chef/bin/chef-solo

Chef 13 fails while using lwrp ssh_authorized_keys

Hi,

I ahve been using this nice cookbook for a long time, now i started testing my cookbooks with chef 13 and found the following problem:

NameError
---------
uninitialized constant Chef::Resource::SshKnownHosts

       Cookbook Trace:
       ---------------
       /tmp/kitchen/cache/cookbooks/ssh/providers/authorized_keys.rb:83:in `load_current_resource'
       /tmp/kitchen/cache/cookbooks/ssh/providers/authorized_keys.rb:76:in `initialize'

Regards.

Multiple `IdentityFile` configs

We have an instance in which we would like to provide several SSH keys as IdentityFiles (specifically github deploy keys for multiple private dependencies), but as far as I know, this use-case is not supported.

Perhaps the logic here could be expanded to honor the case that the provided options might contain arrays for values:

ssh_config 'github.com' do
  options(User: 'git',
          IdentityFile: ['/path/to/key-one', '/path/to/key-two', ...],
          StrictHostKeyChecking: 'no')
end

In that instance, it may be understood that it's meant to have two instances of IdentityFile with each of the provided paths.

Feature Request: Key Generation and Authorized_Keys management

This is a really useful little cookbook but I am curious why is does not support the two other basic SSH features, generation of ssh public/private key pairs and adding keys to the authorized_keys file (and making sure it and its folders permissions are set correctly in the process). With those to features in place, this would be a near perfect little cookbook for SSH.

Cannot find resource on Ubuntu 12.10

NameError

Cannot find a resource for ssh_known_hosts on ubuntu version 12.10

Cookbook Trace:

/tmp/vagrant-chef/chef-solo-1/cookbooks/financeRails/recipes/default.rb:65:in `from_file'

Relevant File Content:

/tmp/vagrant-chef/chef-solo-1/cookbooks/financeRails/recipes/default.rb:

I am getting the above error. And the stack trace points to my recipe containing:
ssh_known_hosts "github.com" do
hashed true
user app[:deploy_user]
end

So I am not sure where to look to debug this issue.

ssh_config blocks should be prepended to /etc/ssh/ssh_config

Because new Host stanzas are placed by this cookbook at the end of the file, those cannot be used to override any defaults that are present in a Host * block at the beginning of /etc/ssh/ssh_config.

man ssh_config says "Since the first obtained value for each parameter is used, more host-specific declarations should be given near the beginning of the file, and general defaults at the end."

For example, if StrictHostKeyChecking ask is set in Host *, then it is impossible to turn it off with

ssh_config 'github.com' do
  options StrictHostKeyChecking: 'no'
end

I think that the ssh_config resource should add its blocks before entries that are already in the ssh_config file to make this override behavior possible.

Currently, to override defaults given in a Host * block, a workaround is required: first do

ssh_config '*' do
  action :remove
end

Newbies need Guidance on Persisting system updates between LWRPs

Although this should be better documented in the fundamental Chef documentation, the README.md here could mention the best tactics for accomplishing suitable synchronization of LWRPs in a recipe that needs to create new users and then create ssh configuration files for those new users.

Coming to Chef as a tyro, lacking a solid understanding of how Chef first accepts a specification for a change to system via a resource and then enqueues that specification for later execution, and with only a rudimentary understanding of how Chef's modularity is implemented, it can be a long trial and error process of getting a recipe for user creation, group assignment, sudo configuration, and ssh configuration to work in the presence of varying initial conditions. (The varying conditions include: total absence of anything in /etc/passwd, /etc/group, and /home for a particular user; presence of a partially constructed environment; presence of a malformed environment; and presence of a completely well-formed user environment.)

Currently, I have a manage-users recipe that seems to work for those use cases but I'm still just not sure how to program the LWRP statements so that I could definitely claim that their set could only execute with the particular execution order I intended.

The classic symptoms of out of order execution and of premature execution are exceptions thrown by Chef when the individual LWRPs find that entries in /etc/passwd are missing, that /home directories aren't in the filesystem to be the parent for subdirectories, and that various node attributes are nil. All these issues in temporal transitions resolve on subsequent chef runs. It would be far better to use notifications or ohai reloading or explicit coupling in the LWRPs to assure a particular order of execution and to flush queued changes to the actual target system.

Any advice on this?

default_or_user_path from ssh_config_helpers now not found 

==> vb-tt-dev: [2014-12-15T10:16:17-07:00] ERROR: ssh_known_hosts[bitbucket.org] (get-gitrepos::default line 54) had an error: NoMethodError: No resource or method named `default_or_user_path' for `Chef::Provider::SshKnownHosts ""'

@tejaycar did you just change something here with the PR merge?

Older version no longer available on supermarket?

Berkshelf::MissingLockfileCookbookVersion: Cookbook 'ssh' (0.10.5) not found in any of the sources! This can happen if the remote cookbook has been deleted or if the sources inside the Berksfile have changed. Please run berks update ssh to resolve to a valid version.

It seems as though versions older than 0.10.6 have been purged from supermarket. How come?

known_hosts ignores most attributes

Yikes, just saw that the host and port attributes are completely ignored by known_hosts when the key is provided. This will be a breaking change, but I think we should accept ONLY the key for key, and then concatenate everything as needed.

Not sure how that works with obfuscated keys....

ssh_authorized_keys rejects public key

A very useful cookbook. Not sure I am using the authorized_keys function correctly.

ssh_authorized_keys 'non-root authorized_keys' do
user user_name
key master_pub_key
type 'ssh-rsa'
end

fails with does not match regular expression [/^\S*$/]. The key contains:
ssh-rsa AAAAB3NzaC....7eqMQiiJAQ==. The invocation specifies type 'ssh-rsa'. Should the function process the key including ssh-rsa+space? I generated the pub key without the trailing comment (space + email) using ssh-keygen -y -f ~/.ssh/master.id_rsa > ~/.ssh/master.id_rsa.pub. I could not find options to strip the leading ssh-rsa .

Not sure you knew... The "Resources & Providers" section of the README is difficult to read in Chef Supermarket. I used Atom's markdown viewer.

SSH key not validated

If you accidentally include the keytype or comment in an ssh_authorized_key it will be allowed, but the comparison will fail and the key will be added time after time to the authorized_keys file.

Default value TrueClass is invalid for property hashed of resource ssh_known_hosts. 

  ssh
    git: https://github.com/markolson/chef-ssh.git
    revision: ca59ec5bf27ea9ed05d54a1d4304fd74b2ccc3f7

Deprecated features used!
  Default value TrueClass is invalid for property hashed of resource ssh_known_hosts. In Chef 13 this will become an error: Option hashed must be a kind of [TrueClass, FalseClass]!  You passed TrueClass.. at 1 location:
    - /tmp/chef/cookbooks/ssh/resources/known_hosts.rb:6:in `class_from_file'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.