Why not just template the authorized_keys file and write to it directly as root? You can always set the owner/group/mode/etc of the file to be what you'd normally expect, but there's no need to use an execute resource and output redirection to accomplish it.This is actually something on my to-do list, though I'll probably just use the standard cookbook and modify it to skip ldap users that aren't present on a given box.--~*~ StormeRider ~*~"Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner."(from Smallville Season 6x1: "Zod")
On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSSOn Mon, Jan 26, 2015 at 2:29 PM, Douglas Garstang < " target="_blank"> > wrote:I'm having trouble setting up users authorized keys. A cookbook that runs earlier in the runlist sets up LDAP. However, due to reasons I don't understand, none of that user information is available during the chef run. I previously posted about this once before. As a result, I can't simply create files and directories and use 'owner' and 'group.
I came up with the below idea. I'm iterating over the ssh keys in a data bag and then for each user running a command as this user. That makes PAM do all the home directory setup for me. I create the ~/.ssh directory in a similar fashion, as the user. All works ok. However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file.
include_recipe "slice-ldap"
bag = data_bag("ssh-keys")
for item in bag do
user = data_bag_item('ssh-keys', item)
user_name = user['id']
ssh_keys = user['ssh_keys']
execute "create_home_#{user_name}" do
command "su - #{user_name} -c \"ls\""
creates "/home/#{user_name}"
notifies :run, "execute[create_ssh_dir_#{user_name}]", :immediately
end
execute "create_ssh_dir_#{user_name}" do
command "su - #{user_name} -c \"mkdir /home/#{user_name}/.ssh\""
notifies :run, "execute[install_public_rsa_#{user_name}]", :immediately
creates "/home/#{user_name}/.ssh"
end
ssh_keys.each_with_index do |k, index|
log "k = #{k}"
execute "install_public_rsa_#{user_name}" do
command "su - #{user_name} -c \"echo '#{k}' >> /home/#{user_name}/.ssh/authorized_keys\""
action :nothing
end
end
end
However, I'm having an issue with adding the array of ssh_keys pulled from the data bag to the users authorized keys file. The loop at the end does this, but chef also gives me this warning:
==> default: [2015-01-26T22:23:47+00:00] WARN: Previous execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'
==> default: [2015-01-26T22:23:47+00:00] WARN: Current execute[install_public_rsa_doug]: /tmp/vagrant-chef-3/chef-solo-1/cookbooks/slice-ssh-keys/recipes/default.rb:38:in `block (2 levels) in from_file'Apart from the warning, only the last ssh keys is being added to the authorized_keys file. Even though I'm using echo and >>, the last one is not there. The log statement shows each key, so I know the loop is iterating over both. What gives?
Doug
Archive powered by MHonArc 2.6.16.