aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-29 01:08:23 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-29 01:21:03 +0200
commitb193066f246693155bebb579f4131f10375c86e5 (patch)
tree80d49e4276273076b62f7837ba9a0dd5c4bc0ab4
parent52cb490d9eacf81e1b77a54aeea506c2332effd2 (diff)
downloadPuppet-b193066f246693155bebb579f4131f10375c86e5.tar.gz
Puppet-b193066f246693155bebb579f4131f10375c86e5.tar.zst
Puppet-b193066f246693155bebb579f4131f10375c86e5.zip
Add root command for authorized keys
-rw-r--r--modules/base_installation/manifests/users.pp18
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index f893c51..aff19bb 100644
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -3,7 +3,8 @@ class base_installation::users (
3) inherits base_installation { 3) inherits base_installation {
4 ensure_packages('ruby-shadow') 4 ensure_packages('ruby-shadow')
5 user { 'root': 5 user { 'root':
6 password => '!' 6 password => '!',
7 purge_ssh_keys => ["/root/.ssh/authorized_keys"],
7 } 8 }
8 9
9 class { 'sudo': 10 class { 'sudo':
@@ -46,6 +47,21 @@ class base_installation::users (
46 type => $key[key_type], 47 type => $key[key_type],
47 key => $key[key], 48 key => $key[key],
48 } 49 }
50
51 if has_key($key, "root_command") {
52 ssh_authorized_key { "${user[username]}@${key[host]}:root":
53 name => "${user[username]}@${key[host]}:root",
54 user => "root",
55 options => [
56 "command=\"${key[root_command]}\"",
57 "no-port-forwarding",
58 "no-X11-forwarding",
59 "no-pty",
60 ],
61 type => $key[key_type],
62 key => $key[key],
63 }
64 }
49 } 65 }
50 } 66 }
51 } 67 }