Puppet Setup SSH Keys

Question: The Puppet master and Puppet agent nodes have been set up by the Nautilus DevOps team so they can perform testing. In Stratos DC all app servers have been configured as Puppet agent nodes. They want to setup a password less SSH connection between Puppet master and Puppet agent nodes and this task needs to be done using Puppet itself. Below are details about the task:

Create a Puppet programming file demo.pp under /etc/puppetlabs/code/environments/production/manifests directory on Puppet master node i.e on Jump Server. Define a class ssh_node1 for agent node 1 i.e App Server 1, ssh_node2 for agent node 2 i.e App Server 2, ssh_node3 for agent node3 i.e App Server 3. We already have a default ssh key under location /root/.ssh/ on Jump Server that needs to be added on all App Servers.

Configure a password less SSH connection from puppet master i.e jump host to all App Servers. However make sure the key is added to each app's sudo user (i.e tony for App Server 1)

Note: Create a single Puppet programming code demo.pp for above mentioned tasks.

Please Note :-  Perform the below commands based on your question  server,  user name & other details might differ . So please read task carefully before executing. All the Best 👍

Solution:  

1. Copy the public key form jump server i.e puppet server    

root@jump_host /#  cat  /root/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7418MjQPFfzRl/cbgn8Jv4Il/jkhqNeTvjMt26zglRu8yhuI26WJKAqThNNoybGgm/ek8Vm9rbS71RCAKhqrN8uvJyUP/tJ+03bX9Eacv3lWZhWoezwARbRreolYnNJ5Gl41VmOv9t7QMQv5voGZcAWig1VcZGh2h8ZBYcJQgoumMFpFM0QLplcxCPi50HOyqa7yd6wVDDE9Xhpo4yRvHvRLl4BefxZ0oijXsScM6qekyL0tg4zgFDgrn1RLBssMvagx2kDiL8xrOTxMU8lV1T6//9Lkrz7lUjyHA4yNPdE98nKkpO5nCoiCl1R6XaCI5CF0uYvw+eyAwwsRk3maN root@jump_host.stratos.xfusioncorp.com root@jump_host /#

2. Go through the folder mentioned in task and create puppet files  

root@jump_host /etc/puppetlabs/code/environments/production/manifests# vi demo.pp root@jump_host /etc/puppetlabs/code/environments/production/manifests# cat demo.pp $public_key =  'AAAAB3NzaC1yc2EAAAADAQABAAABAQC7418MjQPFfzRl/cbgn8Jv4Il/jkhqNeTvjMt26zglRu8yhuI26WJKAqThNNoybGgm/ek8Vm9rbS71RCAKhqrN8uvJyUP/tJ+03bX9Eacv3lWZhWoezwARbRreolYnNJ5Gl41VmOv9t7QMQv5voGZcAWig1VcZGh2h8ZBYcJQgoumMFpFM0QLplcxCPi50HOyqa7yd6wVDDE9Xhpo4yRvHvRLl4BefxZ0oijXsScM6qekyL0tg4zgFDgrn1RLBssMvagx2kDiL8xrOTxMU8lV1T6//9Lkrz7lUjyHA4yNPdE98nKkpO5nCoiCl1R6XaCI5CF0uYvw+eyAwwsRk3maN' class ssh_node1 {    ssh_authorized_key { 'tony@stapp01':      ensure => present,     user   => 'tony',      type   => 'ssh-rsa',      key    => $public_key,    }  }  class ssh_node2 {    ssh_authorized_key { 'steve@stapp02':      ensure => present,      user   => 'steve',      type   => 'ssh-rsa',      key    => $public_key,    }  }  class ssh_node3 {    ssh_authorized_key { 'banner@stapp03':      ensure => present,      user   => 'banner',      type   => 'ssh-rsa',      key    => $public_key,    }  }  node stapp01.stratos.xfusioncorp.com {    include ssh_node1  }  node stapp02.stratos.xfusioncorp.com {    include ssh_node2  }  node stapp03.stratos.xfusioncorp.com {    include ssh_node3  } root@jump_host /etc/puppetlabs/code/environments/production/manifests#

3. Validate the puppet files by below command.( refer Video below for clarity )   

root@jump_host /etc/puppetlabs/code/environments/production/manifests# puppet parser validate games.pp root@jump_host /etc/puppetlabs/code/environments/production/manifests#

4. Login on all  App server  (stapp01, stapp02, stapp03 ) & switch to root  user 

root@jump_host /# ssh tony@stapp01 The authenticity of host 'stapp01 (172.16.238.10)' can't be established. ECDSA key fingerprint is SHA256:w9cDRojDoclOxdu1W23Ns2HPyANPrDzhk9VfqtTDoJQ. ECDSA key fingerprint is MD5:a8:3b:55:35:c2:5c:56:76:c8:d0:78:13:7a:4d:8b:e1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'stapp01,172.16.238.10' (ECDSA) to the list of known hosts. tony@stapp01's password: [tony@stapp01 ~]$ sudo su - We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:     #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility. [sudo] password for tony: [root@stapp01 ~]#

5. Run Puppet agent to pull the configuration from puppet server

[root@stapp01 ~]# puppet agent -tv Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Caching catalog for stapp01.stratos.xfusioncorp.com Info: Applying configuration version '1625989684' Notice: /Stage[main]/Ssh_node1/Ssh_authorized_key[tony@stapp01]/ensure: created Notice: Applied catalog in 0.01 seconds [root@stapp01 ~]#

6. Validate the task by login on app server without password

root@jump_host /# ssh tony@stapp01 Last login: Sun Jul 11 07:49:26 2021 from jump_host.stratos.xfusioncorp.com [tony@stapp01 ~]$ logout Connection to stapp01 closed. root@jump_host /# root@jump_host /# ssh steve@stapp02 Last login: Sun Jul 11 07:51:26 2021 from jump_host.stratos.xfusioncorp.com [steve@stapp02 ~]$ logout Connection to stapp02 closed. root@jump_host /# root@jump_host /# ssh banner@stapp03 Last login: Sun Jul 11 07:51:58 2021 from jump_host.stratos.xfusioncorp.com [banner@stapp03 ~]$ logout Connection to stapp03 closed. root@jump_host /#

Please Note :- I have showed only for stapp01. 

You have to do this in all app server stapp01,stapp02, stapp03. 

7.  Click on Finish & Confirm to complete the task successful

Happy Learning!!!!

Apart from this if you need more clarity,  I have made a  tutorial video on this , 

please go through and share your comments. Like and share the knowledge