Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Parameterized keymaster_storage and home #1

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Parameterized keymaster_storage and home #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
21ce038
Allow keymaster_storage to be overridden upon declaration.
shermdog Jun 25, 2013
33fe043
Parameterized users home directory.
shermdog Jun 26, 2013
a03c6a5
Enable sending email after creating key
shermdog Jun 28, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions files/emailKey.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
#! /usr/bin/python
#
# emailKey.py
# Script to send user keys
# https://github.com/shermdog/puppet-sshkeys
# v1.0
# 6.28.13

# Params:
# filename (absolute path)
# emailaddress

import sys
import socket
import smtplib
from email import encoders
from email.mime.base import MIMEBase
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart


# Script defaults - You need to set these!
sender = '[email protected]'
server = 'smtp.server.com'
port = 465
user = 'username'
password = 'password'


def printUsage ():
print "Incorrect or invalid arguments."
print "Usage: emailKey.py <filename> <emailaddress>"
sys.exit(2) #Invalid sytax error code


# Start main program code
if len(sys.argv) != 3:
printUsage()

fileName = sys.argv[1]
address = sys.argv[2]

# Create the enclosing (outer) message
outer = MIMEMultipart()
outer['Subject'] = 'SSH Access Key Updated'
outer['From'] = sender
outer['To'] = address

# Text inside of the email
body = MIMEText("""Your SSH access key has been updated and is included in this message.

This key will be installed in the next 30 minutes. Your previous key will be removed.








"I am Vinz, Vinz Clortho, Keymaster of Gozer...Volguus Zildrohoar, Lord of the Seboullia. Are you the Gatekeeper?"
""")

outer.attach(body)

# Attach certificate
fp = open(fileName, 'rb')
# SES has some strict MIME types, this allows any extension
msg = MIMEBase('application', "pgp-encrypted")
msg.set_payload(fp.read())
fp.close()

# Encode the payload using Base64
encoders.encode_base64(msg)
msg.add_header('Content-Disposition', 'attachment', filename=fileName.rsplit('/',1)[1])
outer.attach(msg)

# Send email and cath errors
try:
s = smtplib.SMTP_SSL(server, port, timeout=1)
s.login(user,password)
s.sendmail(sender, address, outer.as_string())
s.quit()
print "Successfully sent email."
sys.exit() #Successful exit code 0
except Exception, e:
print "Unable to send email. Error: %s" % e
sys.exit(1) #Exit with error

# It's over!
2 changes: 2 additions & 0 deletions manifests/create_key.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
$length = 2048,
$maxdays = "",
$mindate = "",
$email = ""
) {
sshkeys::namecheck { "${title}-title": parm => "title", value => $title }

Expand All @@ -25,5 +26,6 @@
length => $_length,
maxdays => $maxdays,
mindate => $mindate,
email => $email
}
}
8 changes: 6 additions & 2 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
class sshkeys {
}
class sshkeys (
$keymaster_storage = $sshkeys::var::keymaster_storage,
$home = $sshkeys::var::home
)
inherits sshkeys::var {
}
4 changes: 2 additions & 2 deletions manifests/keymaster.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Keymaster host:
# Create key storage; create, regenerate, and remove key pairs
class sshkeys::keymaster {
include sshkeys::var
file { $sshkeys::var::keymaster_storage:

file { $sshkeys::keymaster_storage:
ensure => directory,
owner => puppet,
group => puppet,
Expand Down
8 changes: 4 additions & 4 deletions manifests/set_authorized_keys.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
$options = '',
$user
) {
include sshkeys::var

$_keyname = $keyname ? { '' => $title, default => $keyname }
$_home = $home ? { "" => "/home/${user}", default => $home }
$_home = $home ? { "" => "${sshkeys::home}/${user}", default => $home }
# on the keymaster:
$key_src_dir = "${sshkeys::var::keymaster_storage}/${_keyname}"
$key_src_file = "${key_src_dir}/key.pub"
$key_src_dir = "${sshkeys::keymaster_storage}/${_keyname}"
$key_src_file = "${key_src_dir}/${_keyname}.pub"
# on the server:
$key_tgt_file = "${_home}/.ssh/authorized_keys"

Expand Down
15 changes: 8 additions & 7 deletions manifests/set_client_key_pair.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,20 @@
$home = '',
$user
) {
include sshkeys::var


$_keyname = $keyname ? { '' => $title, default => $keyname }
$_home = $home ? { '' => "${sshkeys::home}/${user}", default => $home }
$key_src_file = "${sshkeys::keymaster_storage}/${_keyname}/${_keyname}" # on the keymaster
$key_tgt_file = "${_home}/.ssh/${filename}" # on the client

File {
owner => $user,
group => $group ? { '' => $user, default => $group },
mode => 600,
require => [ User[$user], File[$home]],
require => [ User[$user], File[$_home]],
}

$_keyname = $keyname ? { '' => $title, default => $keyname }
$_home = $home ? { '' => "/home/${user}", default => $home }
$key_src_file = "${sshkeys::var::keymaster_storage}/${_keyname}/key" # on the keymaster
$key_tgt_file = "${_home}/.ssh/${filename}" # on the client

$key_src_content_pub = file("${key_src_file}.pub", "/dev/null")
if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ {
$keytype = $1
Expand Down
26 changes: 22 additions & 4 deletions manifests/setup_key_master.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,20 @@
$keytype,
$length,
$maxdays,
$mindate
$mindate,
$email
) {
include sshkeys::var

Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
File {
owner => puppet,
group => puppet,
mode => 600,
}

$keydir = "${sshkeys::var::keymaster_storage}/${title}"
$keyfile = "${keydir}/key"
$keydir = "${sshkeys::keymaster_storage}/${title}"

$keyfile = "${keydir}/${title}"

file {
"$keydir":
Expand Down Expand Up @@ -83,5 +85,21 @@
require => File[$keydir],
before => File[$keyfile, "${keyfile}.pub"],
}

if $email {
# Command to email key to user
# Idea courtesy of http://www.warden.pl/2012/09/05/puppet-send-an-email-to-the-client-when-a-new-key-is-generated/
exec { "Notify user ${email}":
command => "/usr/bin/python /common/puppet/emailKey.py ${keyfile} ${email}",
timeout => 30,
tries => 3,
try_sleep => 10,
require => File[$keyfile],
subscribe => Exec["Create key $title: $keytype, $length bits"],
refreshonly => true
}
}
}
}

# I am Vinz, Vinz Clortho, Keymaster of Gozer...Volguus Zildrohoar, Lord of the Seboullia. Are you the Gatekeeper?
4 changes: 2 additions & 2 deletions manifests/var.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
class sshkeys::var(
class sshkeys::var {
$keymaster_storage = "/var/lib/puppet-sshkeys"
) {
$home = "/home"
}