1

How do I adjust the "User" line in a ~/.ssh/config file using ERB template files in Puppet so that it contains the correct username that matches the account name?

class accounts_global::tharold {
account { 'tharold':
    ensure => present,
    }
file { "/home/tharold/.ssh/config" :
    require => Account['tharold'],
    owner   => 'tharold',
    group   => 'tharold',
    mode    => '0600',
    content => template('accounts_global/user_ssh_config.erb'),
    }
}

Content of the user_ssh_config.erb file looks like:

Host ssh.example.com
Port 22
User tharold
IdentityFile ~/.ssh/ssh-key

The question is, what should the <%= something =%> look like to replace "User tharold" in the template file with the account name of the user? This ERB config file is going to be used for multiple users, so I need to parameterize that part of the file.

Trying to use <%= @name %> ends up putting "accounts_global::tharold" in the file.

tgharold
  • 609
  • 8
  • 19

2 Answers2

5

You need to change your class to a define, as per the below to make it re-usable for other users:

define accounts_global::account () {

  account { $name:
    ensure => present,
  }

  file { "/home/${name}/.ssh/config" :
    require => Account[$name],
    owner   => $name,
    group   => $name,
    mode    => '0600',
    content => template('accounts_global/user_ssh_config.erb'),
  }
}

Use this for your ~/.ssh/config ERB template:

Host ssh.example.com
Port 22
User <%= @name %>
IdentityFile ~/.ssh/ssh-key

Then add this to your Puppet manifest:

accounts_global::account { 'tharold': }

Incidentally, you shouldn't need to pass the User parameter in your SSH configuration unless the remote username is different - by default, SSH tries to connect using the current username.

Craig Watson
  • 9,575
  • 3
  • 32
  • 47
0
class accounts_global::tharold {
    account { 'tharold':
        ensure => present,
    }

    $ssh_user = 'tharold'
    file { "/home/tharold/.ssh/config" :
       require => Account['tharold'],
       owner   => 'tharold',
       group   => 'tharold',
       mode    => '0600',
       content => template('accounts_global/user_ssh_config.erb'),
    }
}

Then your template looks like

Host ssh.example.com
Port 22
User <%= ssh_user %>
IdentityFile ~/.ssh/ssh-key
Mike
  • 22,310
  • 7
  • 56
  • 79
  • You should strictly-speaking use `scope.lookupvar` to get scoped variables within ERB templates - technically the `$ssh_user` variable here is `$accounts_global::tharold::ssh_user`. Templates used within `define` resources don't need this as they automatically use top-scope for local variables. – Craig Watson Sep 16 '14 at 15:14