chef - [chef] Creating authorized

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Creating authorized_keys for LDAP users.

From: Douglas Garstang < >
To:
Subject: [chef] Creating authorized_keys for LDAP users.
Date: Mon, 26 Jan 2015 14:29:53 -0800

I'm having trouble setting up users authorized keys. A cookbook that runs earlier in the runlist sets up LDAP. However, due to reasons I don't understand, none of that user information is available during the chef run. I previously posted about this once before. As a result, I can't simply create files and directories and use 'owner' and 'group.

I came up with the below idea. I'm iterating over the ssh keys in a data bag and then for each user running a command as this user. That makes PAM do all the home directory setup for me. I create the ~/.ssh directory in a similar fashion, as the user. All works ok. However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file.

include_recipe "slice-ldap"
bag = data_bag("ssh-keys")
for item in bag do
user = data_bag_item('ssh-keys', item)
user_name = user['id']
ssh_keys = user['ssh_keys']
execute "create_home_#{user_name}" do
    command "su - #{user_name} -c \"ls\""
    creates "/home/#{user_name}"
    notifies :run, "execute[create_ssh_dir_#{user_name}]", :immediately
end
execute "create_ssh_dir_#{user_name}" do
    command "su - #{user_name} -c \"mkdir /home/#{user_name}/.ssh\""
    notifies :run, "execute[install_public_rsa_#{user_name}]", :immediately
    creates "/home/#{user_name}/.ssh"
end
ssh_keys.each_with_index do |k, index|
    log "k = #{k}"
    execute "install_public_rsa_#{user_name}" do
      command "su - #{user_name} -c \"echo '#{k}' >> /home/#{user_name}/.ssh/authorized_keys\""
      action :nothing
    end
end
end

However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file. The loop at the end does this, but chef also gives me this warning:

==> default: [2015-01-26T22:23:47+00:00] WARN: Previous execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'
==> default: [2015-01-26T22:23:47+00:00] WARN: Current execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'

Apart from the warning, only the last ssh keys is being added to the authorized_keys file. Even though I'm using echo and >>, the last one is not there. The log statement shows each key, so I know the loop is iterating over both. What gives?

Doug

[chef] Creating authorized_keys for LDAP users., Douglas Garstang, 01/26/2015
- [chef] Re: Creating authorized_keys for LDAP users., Morgan Blackthorne, 01/26/2015
  - [chef] Re: Re: Creating authorized_keys for LDAP users., Douglas Garstang, 01/26/2015
- [chef] Re: Creating authorized_keys for LDAP users., David Petzel, 01/26/2015
- [chef] Re: Creating authorized_keys for LDAP users., Mark Harrison, 01/26/2015
- [chef] Re: Creating authorized_keys for LDAP users., Lamont Granquist, 01/26/2015
  - [chef] Re: Re: Creating authorized_keys for LDAP users., Douglas Garstang, 01/26/2015
    - [chef] Re: Re: Re: Creating authorized_keys for LDAP users., David Petzel, 01/26/2015
      - [chef] Re: Re: Re: Re: Creating authorized_keys for LDAP users., Douglas Garstang, 01/26/2015
    - [chef] Re: Re: Re: Creating authorized_keys for LDAP users., Noah Kantrowitz, 01/26/2015
      - [chef] Re: Re: Re: Re: Creating authorized_keys for LDAP users., Douglas Garstang, 01/26/2015