Project

General

Profile

Feature #6313

Update the puppetssh puppet_provider to allow ssh options

Added by Steven Bambling almost 7 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Puppet
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Allow additional SSH options to be called for additional functionality.

An example of this use would be creating a SSH tunnel from the puppet master to the puppet client and having the puppet client reach back though the tunnel to communicate with the puppet master.

This is useful for remote nodes that do not have a secure communication back to the puppet master or a puppet master in its facility.

Here is a snippet from the current code we use:

/usr/bin/ssh i ${sshkey} -R 8140:$puppetmaster:8140 $1 puppet agent --test 1>& 2>&-

Where:
$sshkey the key your connecting with ( current puppetssh_keyfile )
$puppetmaster FQDN of the puppet master
$1 == the node your connecting to

Note: the client node will need an entry set in DNS or /etc/hosts that points the $puppetmaster FQDN to 127.0.0.1 to force communication though the tunnel created from the master

Bonus: Update the documentation to recommend creating a separate ssh that limits the connection parameters, command and potentially source(from)

command="sudo puppet agent -t",no-pty,from="puppet.example.com"

History

#1 Updated by Dominic Cleal almost 7 years ago

  • Category set to Puppet

Also available in: Atom PDF