Defined Type: ssh::server::ca_signed_hostkey
- Defined in:
- modules/ssh/manifests/server/ca_signed_hostkey.pp
Summary
file parameters to get a signed hostkeyOverview
SPDX-License-Identifier: Apache-2.0
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'modules/ssh/manifests/server/ca_signed_hostkey.pp', line 5
define ssh::server::ca_signed_hostkey (
Array[Stdlib::Host] $hosts,
Ssh::KeyType $type,
Wmflib::Ensure $ensure = present,
) {
if $ensure == 'present' {
$all_certs = $::facts['ssh_ca_host_certificate']
if $all_certs and $all_certs[$title] {
$signed_cert_data = $all_certs[$title]
$signed_cert_needs_regeneration = (
$signed_cert_data['principals'].sort != $hosts.sort
or $signed_cert_data['lifetime_remaining_seconds'] < 86400 * 14
)
} else {
$signed_cert_needs_regeneration = true
}
$pubkey = "${::facts['ssh'][$type]['type']} ${::facts['ssh'][$type]['key']}\n"
$signed_cert_content = $signed_cert_needs_regeneration ? {
true => ssh::ssh_sign_host_certificate($pubkey, $hosts),
default => undef,
}
} else {
$signed_cert_content = undef
}
file { $title:
ensure => stdlib::ensure($ensure, 'file'),
owner => 'root',
group => 'root',
mode => '0444',
show_diff => false,
replace => $signed_cert_content != undef,
content => $signed_cert_content,
}
}
|