Provides 2 LWRPs to manage system-wide and per-user ssh_config
and known_host
files.
Include the ssh
cookbook via Berkshelf or Librarian.
cookbook "ssh"
Or add the following line to your cookbook's metadata.rb
.
depends "ssh"
When using SSH with Chef deployments, it's crucial to not get any prompts for input. Adding entries to known_hosts
files and better managing your per-connection configuration can help with this.
An important thing to note is that if you create a user during a chef run, be sure to reload OHAI data so that the new user will be in the node data. For instance:
ohai "reload_passwd" do
plugin "passwd"
end
The ssh cookbook bypasses this need somewhat by using ohai classes directly to discover your users' ssh paths. However some of your cookbooks may not be as generous.
Action | Description | Default |
---|---|---|
add | Adds an entry for the given host to a `known_hosts` file | Yes |
remove | Removes entries for a host from a `known_hosts` file |
Attribute | Description | Default Value |
---|---|---|
host | Name attribute: the FQDN for a host to add to a `known_hosts` file | nil |
hashed | A Boolean indicating if SSH is configured to use a hashed `known_hosts` file. | true |
key | A full line to add to the file, instead of performing a lookup for the host. | nil |
user | A username to add the `known_hosts` entry for. If unspecified, the known_host will be added system-wide. Note: if specified, the user must already exist. | nil |
path | A full path to a known_hosts file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user. | nil |
ssh_known_hosts "github.com" do
hashed true
user 'webapp'
end
Action | Description | Default |
---|---|---|
add | Adds an entry for the given host to a `ssh_config` file | Yes |
remove | Removes entries for a host from a `ssh_config` file |
Attribute | Description | Default Value |
---|---|---|
host | Name attribute: the string to match when connecting to a host. This can be an IP, FQDN (github.com), or contain wildcards (*.prod.corp) | nil |
options | A hash containing the key-values to write for the host in | true |
user | A username to add the `ssh_config` entry for. If unspecified, the entry will be added system-wide. Note: if specified, the user must already exist. | nil |
path | A full path to a ssh config file. If used with the `user` attribute, this will take precedence over the path to a user's file, but the file will be created (if necessary) as that user. | nil |
ssh_config "github.com" do
options 'User' => 'git', 'IdentityFile' => '/var/apps/github_deploy_key'
user 'webapp'
end