Add root command for authorized keys

author Ismaël Bouya <ismael.bouya@normalesup.org>

Wed, 28 Mar 2018 23:08:23 +0000 (01:08 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Wed, 28 Mar 2018 23:21:03 +0000 (01:21 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Wed, 28 Mar 2018 23:08:23 +0000 (01:08 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Wed, 28 Mar 2018 23:21:03 +0000 (01:21 +0200)
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp

index f893c51e379f78e13e69fa1d0f5b5e01ecdc2e67..aff19bb97eb143810918706147e68cba8858e979 100644 (file)
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -3,7 +3,8 @@ class base_installation::users (
  ) inherits base_installation {
    ensure_packages('ruby-shadow')
    user { 'root':
-    password => '!'
+    password       => '!',
+    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
    }
  
    class { 'sudo':
@@ -46,6 +47,21 @@ class base_installation::users (
            type => $key[key_type],
            key  => $key[key],
          }
+
+        if has_key($key, "root_command") {
+          ssh_authorized_key { "${user[username]}@${key[host]}:root":
+            name    => "${user[username]}@${key[host]}:root",
+            user    => "root",
+            options => [
+              "command=\"${key[root_command]}\"",
+              "no-port-forwarding",
+              "no-X11-forwarding",
+              "no-pty",
+            ],
+            type    => $key[key_type],
+            key     => $key[key],
+          }
+        }
        }
      }
    }
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Wed, 28 Mar 2018 23:08:23 +0000 (01:08 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Wed, 28 Mar 2018 23:21:03 +0000 (01:21 +0200)