Maarten Thibaut

mthibaut

9,859 downloads

9,321 latest version

1.9 quality score

Version information

  • 1.0.2 (latest)
  • 1.0.1
  • 1.0.0
released Nov 28th 2012

Start using this module

Documentation

mthibaut/mutual_trust — version 1.0.2 Nov 28th 2012

#Class: mutual_trust

Provides a defined type named "mutual_trust::ssh" which enables mutual trust between users on different systems.

All uses of mutual_trust::ssh with the same tag will result in trust to every other usage of mutual_trust::ssh with that same tag!

For this module to work, you must enable storeconfigs on the puppetmaster server. For instance, you can put this in /etc/puppet/puppet.conf:

[master]
    storeconfigs = true

##Parameters

  • tag

Optional (defaults to $name).

The tag used to collect resources. All nodes declared with the same tag will trust each other.

  • user

Optional (defaults to root).

The user for whom to collect public ssh keys.

  • homedir

Optional (defaults to a guess such as /root or /home/$user)

The home directory for the user. This is only used to guess the sshdir parameter.

  • sshdir

Optional (defaults to $homedir/.ssh)

The ssh directory containing the authorized_keys file.

##Examples

include mutual_trust
node /foo/ {
    mutual_trust::ssh {"web":}
}
node /bar/ {
    mutual_trust::ssh {"web":}
    mutual_trust::ssh {"db":}
}
node /baz/ {
    mutual_trust::ssh {"db":
        user => oracle
    }
}

As a result, root@foo and root@bar will be able to login to each other.

root@bar can also login to oracle@baz and vice versa.

oracle@baz cannot login directly to root@foo, but can do so anyway while logged into root@bar.

##Authors

Maarten Thibaut (mthibaut@cisco.com)

##Copyright

Copyright 2012 Maarten Thibaut. Distributed under the Apache License, Version 2.0.