- Module description
- Setup - The basics of getting started with sshkeymgmt
- Usage
- Reference
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Acceptance tests
- Changelog
Sshkeymgmt module is for managing Unix groups and Unix users together with their ssh keys. The module is focused on deploying users in groups. Groups e. g. can be departemens or teams (e. g. system administrators) within your organisation. As a group can consist of one member as well the module is not limited to deploy users and ssh keys in groups.
Users used in ssh key groups which are not defined are simply ignored. A notification is printed to inform about that.
Please make sure to configure your ssh daemon accordingly to the location the ssh authorized_keys files will be located.
Sshkeymgmt adds, modifies or deletes Unix users and Unix groups on your systems. As it is run with super user privileges it can affect any user on your systems.
sshkeymgmt needs puppetlab stdlib and puppetlab concat to work.
The most basic setup you could achieve with this module looks something like this:
include '::sshkeymgmt'or
class { '::sshkeymgmt': }If there are no Unix users, no Unix groups or no ssh key groups the module will print a notification only.
Configuration for the class can be done either by Hiera or by writing the configuration directly into the class statement.
Configuration of users, groups and ssh key groups can be distributed over different Hiera files. You can for example have all Unix user and group definitions in your most common Hiera file. The ssh groups can be defined in the most recent Hiera file describing the node. Using Hiera reduces coding effort for class usage to
include '::sshkeymgmt'or
class { 'sshkeymgmt': }---
sshkeymgmt::groups:
test1:
gid: 5001
ensure: present
test2:
gid: 5002
ensure: present
test3:
gid: 5003
ensure: present
sshkeymgmt::users:
test1:
ensure: present
gid: 5001
uid: 5001
homedir: '/home/test1'
sshkeys:
- ssh-rsa AAAA ... Test1
- ssh-rsa AAAA ... Test5
test2:
ensure: present
gid: 5002
uid: 5002
homedir: '/home/test2'
sshkeys:
- ssh-rsa AAAA ... Test2
test3:
ensure: present
gid: 5002
uid: 5003
homedir: '/home/test3'
sshkeys:
- ssh-rsa AAAA ...Test3
test4:
ensure: present
gid: 5004
uid: 5004
homedir: '/home/test4'
sshkeys:
- ssh-rsa AAAA ... Test4The ssh keys and Unix users can be grouped by teams or departments or whatever groups you want to define.
---
sshkeymgmt::ssh_key_groups:
ops:
ssh_users:
- test1
- test2
dba:
ssh_users:
- test3
- test2The users, groups and ssh key groups can be defined in Puppet code as well.
$groups = {
'test1' => {
gid => 5001,
ensure => present
}
}
$users = {
'test1' => {
ensure => present,
gid => 5001,
uid => 5001,
homedir => '/home/test1',
sshkeys => ['ssh-rsa AAAA ... Test1', 'ssh-rsa AAAA ... Test5']
}
}
$sshkeygroups = {
'ssh1': => {
'ssh_users' => ['test1', 'test2']
}
}
class { '::sshkeymgmt':
users => $users,
groups => $groups,
ssh_key_groups => $sshkeygroups
}See REFERENCE.md
This module has been tested on several Unix platforms, and no issues have been identified. But this module does not care about the sshd configuration. Please make sure the ssh authorized_keys files are stored in the location the sshd is expecting.
For an extensive list of supported operating systems, see metadata.json
Contributions are welcome in any form, pull requests, and issues should be filed via GitHub.
Please add acceptance tests for your code as well. There's a script run_acceptance_tests.sh in the scripts folder which runs the tests for CentOS 7 and Ubuntu 18.04.
See CHANGELOG.md