Puppet Class: db2_profile::database::passwordless_root
- Defined in:
- manifests/database/passwordless_root.pp
Summary
The class enables passwordless root access between the nodes in the cluster.Overview
db2_profile::database::passwordless_root
It will enable ssh access for the root account based on the specified private and public keys.
For this to work, all of the nodes must be reachable on the network before this class is applied.
See the file “LICENSE” for the full license governing this code.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'manifests/database/passwordless_root.pp', line 21
class db2_profile::database::passwordless_root (
Array[String[1]] $nodes,
String[1] $private_key,
String[1] $public_key
) {
easy_type::debug_evaluation() # Show local variable on extended debug
unless defined(Package['openssh-clients']) {
package { 'openssh-clients':
ensure => 'present',
}
}
file { '/root/.ssh':
ensure => 'directory',
mode => '0700',
owner => 'root',
}
-> file { '/root/.ssh/id_rsa':
ensure => 'file',
content => $private_key,
mode => '0700',
owner => 'root',
}
$nodes.each |$node_name| {
exec { "authorize_node_${node_name}_for_root":
user => 'root',
command => "/usr/bin/ssh-keyscan ${node_name} >> ~/.ssh/known_hosts",
unless => "/bin/grep ${node_name} /root/.ssh/known_hosts",
returns => [0,1],
require => [
File['/root/.ssh/id_rsa'],
Package['openssh-clients'],
],
}
}
ssh_authorized_key { 'root':
ensure => present,
user => 'root',
type => 'ssh-rsa',
key => $public_key,
}
}
|