Managing ~/.ssh/config for users using puppet

puppettemplate

How do I adjust the "User" line in a ~/.ssh/config file using ERB template files in Puppet so that it contains the correct username that matches the account name?

class accounts_global::tharold {
account { 'tharold':
    ensure => present,
    }
file { "/home/tharold/.ssh/config" :
    require => Account['tharold'],
    owner   => 'tharold',
    group   => 'tharold',
    mode    => '0600',
    content => template('accounts_global/user_ssh_config.erb'),
    }
}

Content of the user_ssh_config.erb file looks like:

Host ssh.example.com
Port 22
User tharold
IdentityFile ~/.ssh/ssh-key

The question is, what should the <%= something =%> look like to replace "User tharold" in the template file with the account name of the user? This ERB config file is going to be used for multiple users, so I need to parameterize that part of the file.

Trying to use <%= @name %> ends up putting "accounts_global::tharold" in the file.

Best Answer

You need to change your class to a define, as per the below to make it re-usable for other users:

define accounts_global::account () {

  account { $name:
    ensure => present,
  }

  file { "/home/${name}/.ssh/config" :
    require => Account[$name],
    owner   => $name,
    group   => $name,
    mode    => '0600',
    content => template('accounts_global/user_ssh_config.erb'),
  }
}

Use this for your ~/.ssh/config ERB template:

Host ssh.example.com
Port 22
User <%= @name %>
IdentityFile ~/.ssh/ssh-key

Then add this to your Puppet manifest:

accounts_global::account { 'tharold': }

Incidentally, you shouldn't need to pass the User parameter in your SSH configuration unless the remote username is different - by default, SSH tries to connect using the current username.

Related Topic