88 lines
3.1 KiB
Ruby
88 lines
3.1 KiB
Ruby
#
|
|
# Cookbook Name:: ssh_known_hosts
|
|
# Recipe:: default
|
|
#
|
|
# Author:: Scott M. Likens (<scott@likens.us>)
|
|
# Author:: Joshua Timberman (<joshua@opscode.com>)
|
|
# Author:: Seth Vargo (<sethvargo@gmail.com>)
|
|
#
|
|
# Copyright 2009, Adapp, Inc.
|
|
# Copyright 2011-2013, Opscode, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
if node['ssh_known_hosts']['use_data_bag_cache']
|
|
# Load hosts from the ssh known hosts cacher (if the data bag exists)
|
|
unless Chef::DataBag.list.key?(node['ssh_known_hosts']['cacher']['data_bag'])
|
|
fail 'use_data_bag_cache is set but the configured data bag was not found'
|
|
end
|
|
|
|
hosts = data_bag_item(
|
|
node['ssh_known_hosts']['cacher']['data_bag'],
|
|
node['ssh_known_hosts']['cacher']['data_bag_item']
|
|
)['keys']
|
|
Chef::Log.info "hosts data bag: #{hosts.inspect}"
|
|
else
|
|
# Gather a list of all nodes, warning if using Chef Solo
|
|
if Chef::Config[:solo]
|
|
Chef::Log.warn 'ssh_known_hosts requires Chef search - Chef Solo does not support search!'
|
|
|
|
# On Chef Solo, we still want the current node to be in the ssh_known_hosts
|
|
hosts = [node]
|
|
else
|
|
hosts = partial_search(:node, "keys_ssh:* NOT name:#{node.name}",
|
|
:keys => {
|
|
'hostname' => [ 'hostname' ],
|
|
'fqdn' => [ 'fqdn' ],
|
|
'ipaddress' => [ 'ipaddress' ],
|
|
'host_rsa_public' => [ 'keys', 'ssh', 'host_rsa_public' ],
|
|
'host_dsa_public' => [ 'keys', 'ssh', 'host_dsa_public' ]
|
|
}
|
|
).collect do |host|
|
|
{
|
|
'fqdn' => host['fqdn'] || host['ipaddress'] || host['hostname'],
|
|
'key' => host['host_rsa_public'] || host['host_dsa_public']
|
|
}
|
|
end
|
|
end
|
|
end
|
|
|
|
# Add the data from the data_bag to the list of nodes.
|
|
# We need to rescue in case the data_bag doesn't exist.
|
|
if Chef::DataBag.list.key?('ssh_known_hosts')
|
|
begin
|
|
hosts += data_bag('ssh_known_hosts').collect do |item|
|
|
entry = data_bag_item('ssh_known_hosts', item)
|
|
{
|
|
'fqdn' => entry['fqdn'] || entry['ipaddress'] || entry['hostname'],
|
|
'key' => entry['rsa'] || entry['dsa']
|
|
}
|
|
end
|
|
rescue
|
|
Chef::Log.info "Could not load data bag 'ssh_known_hosts'"
|
|
end
|
|
end
|
|
|
|
# Loop over the hosts and add 'em
|
|
hosts.each do |host|
|
|
unless host['key'].nil?
|
|
# The key was specified, so use it
|
|
ssh_known_hosts_entry host['fqdn'] do
|
|
key host['key']
|
|
end
|
|
else
|
|
# No key specified, so have known_host perform a DNS lookup
|
|
ssh_known_hosts_entry host['fqdn']
|
|
end
|
|
end
|