Make manage_ssh_key generate a valid key instead of creating a 0 byte…

… invalid one.
SUNET · Oct 19, 2023 · 873e9a7 · 873e9a7
1 parent f809124
commit 873e9a7
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/manifests/dehydrated.pp b/manifests/dehydrated.pp
@@ -288,10 +288,17 @@
     undef   => $domain,
     default => $ssh_id,
   }
-  if $manage_ssh_key {
-    ensure_resource('sunet::snippets::secret_file', "${home}/.ssh/id_${_ssh_id}", {
+ if $manage_ssh_key {
+    $key_path = "${home}/.ssh/id_${_ssh_id}"
+    if lookup("${_ssh_id}_ssh_key", undef, undef, undef) { #Key is in secrets, write it to host
+      ensure_resource('sunet::snippets::secret_file', "$key_path", {
       hiera_key => "${_ssh_id}_ssh_key",
       })
+    }else{
+      if (!find_file($key_path)){
+        sunet::snippets::ssh_keygen{$key_path:} #This will not overwrite an existing key
+      }
+    }
   }
   if $single_domain {
     cron { "rsync_dehydrated_${domain}":