[chef] Creating authorized_keys for LDAP users.


Chronological Thread 
  • From: Douglas Garstang < >
  • To:
  • Subject: [chef] Creating authorized_keys for LDAP users.
  • Date: Mon, 26 Jan 2015 14:29:53 -0800

I'm having trouble setting up users authorized keys. A cookbook that runs earlier in the runlist sets up LDAP. However, due to reasons I don't understand, none of that user information is available during the chef run. I previously posted about this once before. As a result, I can't simply create files and directories and use 'owner' and 'group.

I came up with the below idea. I'm iterating over the ssh keys in a data bag and then for each user running a command as this user. That makes PAM do all the home directory setup for me. I create the ~/.ssh directory in a similar fashion, as the user. All works ok. However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file.

include_recipe "slice-ldap"
bag = data_bag("ssh-keys")
for item in bag do
  user = data_bag_item('ssh-keys', item)
  user_name = user['id']
  ssh_keys = user['ssh_keys']
  execute "create_home_#{user_name}" do
    command "su - #{user_name} -c \"ls\""
    creates "/home/#{user_name}"
    notifies :run, "execute[create_ssh_dir_#{user_name}]", :immediately
  end
  execute "create_ssh_dir_#{user_name}" do
    command "su - #{user_name} -c \"mkdir /home/#{user_name}/.ssh\""
    notifies :run, "execute[install_public_rsa_#{user_name}]", :immediately
    creates "/home/#{user_name}/.ssh"
  end
  ssh_keys.each_with_index do |k, index|
    log "k = #{k}"
    execute "install_public_rsa_#{user_name}" do
      command "su - #{user_name} -c \"echo '#{k}' >> /home/#{user_name}/.ssh/authorized_keys\""
      action :nothing
    end
  end
end


However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file. The loop at the end does this, but chef also gives me this warning:

==> default: [2015-01-26T22:23:47+00:00] WARN: Previous execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'
==> default: [2015-01-26T22:23:47+00:00] WARN: Current  execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'



Apart from the warning, only the last ssh keys is being added to the authorized_keys file. Even though I'm using echo and >>, the last one is not there. The log statement shows each key, so I know the loop is iterating over both. What gives?

Doug




Archive powered by MHonArc 2.6.16.

§